AntiVir - Dieses Programm wurde duch eine Gruppenrichtlinie geblockt.

Machiavelli · 01.06.2014, 21:20

Laut Logfile sind die Dateien nicht in die Quarantäne verschoben worden.

charly-UM · 01.06.2014, 21:42

Ich habe das Suchlauf-Protokoll gleich nach dem Suchlauf gemacht. Dort wird das Protokoll zu Ausgabe angeboten. Dann in die Quarantäne verschoben und den Verlauf angeschaut, da gibt es nur das gleiche Protokoll. Die beiden Bedrohung von heute sind in der Quarantäne.

Was muss ich nun tun !

Machiavelli · 02.06.2014, 15:32

Schritt 1: FRST Fix

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKU\S-1-5-21-2643817713-3400089558-1708297070-1003\...\MountPoints2: {36df8716-eb97-11dc-8dd3-806e6f6e6963} - H:\shelexec.exe INDEX.HTM
HKU\S-1-5-21-2643817713-3400089558-1708297070-1003\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-2643817713-3400089558-1708297070-1004\...\Run: [IhijUshe] => regsvr32.exe "C:\ProgramData\IhijUshe.dat"
HKU\S-1-5-21-2643817713-3400089558-1708297070-1004\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
AppInit_DLLs: C:\PROGRA~1\Amazon\Amazon1ButtonApp\\AmazonExtIE.dll => C:\PROGRA~1\Amazon\Amazon1ButtonApp\\AmazonExtIE.dll File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=a7a634d8-0b60-4b25-a212-e1d840fa20f7&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
URLSearchHook: HKLM - (No Name) - {b9b97401-98e1-4942-930d-c36652dab7f2} -  No File
SearchScopes: HKLM - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKLM - {081230F8-EA50-42A9-983C-D22ABC2EED3B} URL = hxxp://www.qemit.com/toolbar/hub.php?a=sb&did=8&pid=0&lan=de&day=343&ver=1.01&q={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKCU - {081230F8-EA50-42A9-983C-D22ABC2EED3B} URL = hxxp://www.qemit.com/toolbar/hub.php?a=sb&did=8&pid=0&lan=de&day=343&ver=1.01&q={searchTerms}
SearchScopes: HKCU - {3A7E8E98-D1CA-449E-B96C-B593CB1D3E80} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=386496&p={searchTerms}
BHO: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKLM - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKCU - No Name - {081230F8-EA50-42A9-983C-D22ABC2EED3B} -  No File
Toolbar: HKCU - No Name - {B9B97401-98E1-4942-930D-C36652DAB7F2} -  No File
Toolbar: HKCU - Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKCU - No Name - {78E516EF-11DE-47A1-8364-A99B917EC5EE} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} -  No File
Handler: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} -  No File
Handler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} -  No File
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []
S4 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] ()
2014-05-29 23:02 - 2013-02-21 13:29 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-05-29 22:20 - 2014-05-23 08:08 - 00281600 _____ () C:\ProgramData\IhijUshe.dat
C:\Users\Ewald Kaufmann\AppData\Roaming\desktop.ini
C:\ProgramData\IhijUshe.dat
C:\Windows\Tasks\{BAE265F4-032B-4F9C-9BED-3E90D7FC0D89}.job
C:\Users\Ewald Kaufmann\AppData\Local\Temp\avgnt.exe
C:\Users\Ewald Kaufmann\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbf6p5r.dll
C:\Users\Ewald Kaufmann\AppData\Local\Temp\Quarantine.exe
C:\Users\Ewald Kaufmann\AppData\Local\Temp\unwise.exe
AlternateDataStreams: C:\Windows:7D42EAC16CE61F88
HKU\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Classes\.exe:  =>  <===== ATTENTION!

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2: FRST Scan

Bitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan.

Schritt 3: ESET

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4: Frage

Wie läuft Dein PC?

charly-UM · 02.06.2014, 16:51

Hallo,
FRST Fix ist richtig gelaufen :

Fixlog.txt :

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:01-06-2014 01
Ran by Ewald Kaufmann at 2014-06-02 16:57:44 Run:1
Running from C:\Users\Ewald Kaufmann\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKU\S-1-5-21-2643817713-3400089558-1708297070-1003\...\MountPoints2: {36df8716-eb97-11dc-8dd3-806e6f6e6963} - H:\shelexec.exe INDEX.HTM
HKU\S-1-5-21-2643817713-3400089558-1708297070-1003\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-2643817713-3400089558-1708297070-1004\...\Run: [IhijUshe] => regsvr32.exe "C:\ProgramData\IhijUshe.dat"
HKU\S-1-5-21-2643817713-3400089558-1708297070-1004\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
AppInit_DLLs: C:\PROGRA~1\Amazon\Amazon1ButtonApp\\AmazonExtIE.dll => C:\PROGRA~1\Amazon\Amazon1ButtonApp\\AmazonExtIE.dll File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=a7a634d8-0b60-4b25-a212-e1d840fa20f7&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
URLSearchHook: HKLM - (No Name) - {b9b97401-98e1-4942-930d-c36652dab7f2} -  No File
SearchScopes: HKLM - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKLM - {081230F8-EA50-42A9-983C-D22ABC2EED3B} URL = hxxp://www.qemit.com/toolbar/hub.php?a=sb&did=8&pid=0&lan=de&day=343&ver=1.01&q={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKCU - {081230F8-EA50-42A9-983C-D22ABC2EED3B} URL = hxxp://www.qemit.com/toolbar/hub.php?a=sb&did=8&pid=0&lan=de&day=343&ver=1.01&q={searchTerms}
SearchScopes: HKCU - {3A7E8E98-D1CA-449E-B96C-B593CB1D3E80} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=386496&p={searchTerms}
BHO: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKLM - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKCU - No Name - {081230F8-EA50-42A9-983C-D22ABC2EED3B} -  No File
Toolbar: HKCU - No Name - {B9B97401-98E1-4942-930D-C36652DAB7F2} -  No File
Toolbar: HKCU - Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKCU - No Name - {78E516EF-11DE-47A1-8364-A99B917EC5EE} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} -  No File
Handler: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} -  No File
Handler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} -  No File
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []
S4 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] ()
2014-05-29 23:02 - 2013-02-21 13:29 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-05-29 22:20 - 2014-05-23 08:08 - 00281600 _____ () C:\ProgramData\IhijUshe.dat
C:\Users\Ewald Kaufmann\AppData\Roaming\desktop.ini
C:\ProgramData\IhijUshe.dat
C:\Windows\Tasks\{BAE265F4-032B-4F9C-9BED-3E90D7FC0D89}.job
C:\Users\Ewald Kaufmann\AppData\Local\Temp\avgnt.exe
C:\Users\Ewald Kaufmann\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbf6p5r.dll
C:\Users\Ewald Kaufmann\AppData\Local\Temp\Quarantine.exe
C:\Users\Ewald Kaufmann\AppData\Local\Temp\unwise.exe
AlternateDataStreams: C:\Windows:7D42EAC16CE61F88
HKU\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Classes\.exe:  =>  <===== ATTENTION!
         
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKU\S-1-5-21-2643817713-3400089558-1708297070-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36df8716-eb97-11dc-8dd3-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{36df8716-eb97-11dc-8dd3-806e6f6e6963} => Key not found.
HKU\S-1-5-21-2643817713-3400089558-1708297070-1003\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key deleted successfully.
HKU\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Run\\IhijUshe => Value deleted successfully.
HKU\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key deleted successfully.
"C:\PROGRA~1\Amazon\Amazon1ButtonApp\\AmazonExtIE.dll" => Value Data removed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{b9b97401-98e1-4942-930d-c36652dab7f2} => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{081230F8-EA50-42A9-983C-D22ABC2EED3B} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{081230F8-EA50-42A9-983C-D22ABC2EED3B} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{081230F8-EA50-42A9-983C-D22ABC2EED3B} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{081230F8-EA50-42A9-983C-D22ABC2EED3B} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3A7E8E98-D1CA-449E-B96C-B593CB1D3E80} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{3A7E8E98-D1CA-449E-B96C-B593CB1D3E80} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7} => Key deleted successfully.
HKCR\CLSID\{41564952-412D-5637-00A7-7A786E7484D7} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{41564952-412D-5637-00A7-7A786E7484D7} => Value deleted successfully.
HKCR\CLSID\{41564952-412D-5637-00A7-7A786E7484D7} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{081230F8-EA50-42A9-983C-D22ABC2EED3B} => Value deleted successfully.
HKCR\CLSID\{081230F8-EA50-42A9-983C-D22ABC2EED3B} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B9B97401-98E1-4942-930D-C36652DAB7F2} => Value deleted successfully.
HKCR\CLSID\{B9B97401-98E1-4942-930D-C36652DAB7F2} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} => Value not found.
HKCR\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} => Value deleted successfully.
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{78E516EF-11DE-47A1-8364-A99B917EC5EE} => Value deleted successfully.
HKCR\CLSID\{78E516EF-11DE-47A1-8364-A99B917EC5EE} => Key not found.
HKCR\PROTOCOLS\Handler\ms-itss => Key deleted successfully.
HKCR\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754} => Key not found.
HKCR\PROTOCOLS\Handler\mso-offdap => Key deleted successfully.
HKCR\CLSID\{3D9F03FA-7A94-11D3-BE81-0050048385D1} => Key not found.
HKCR\PROTOCOLS\Handler\mso-offdap11 => Key deleted successfully.
HKCR\CLSID\{32505114-5902-49B2-880A-1F7738E5A384} => Key not found.
HKCU\Software\Mozilla\Firefox\Extensions\\{B64D9B05-48E1-4CEB-BF58-E0643994E900} => Value deleted successfully.
C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ => Moved successfully.
APNMCP => Service deleted successfully.
C:\Program Files\Common Files\DVDVideoSoft => Moved successfully.
C:\ProgramData\IhijUshe.dat => Moved successfully.
C:\Users\Ewald Kaufmann\AppData\Roaming\desktop.ini => Moved successfully.
"C:\ProgramData\IhijUshe.dat" => File/Directory not found.
C:\Windows\Tasks\{BAE265F4-032B-4F9C-9BED-3E90D7FC0D89}.job => Moved successfully.
C:\Users\Ewald Kaufmann\AppData\Local\Temp\avgnt.exe => Moved successfully.
"C:\Users\Ewald Kaufmann\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbf6p5r.dll" => File/Directory not found.
C:\Users\Ewald Kaufmann\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Ewald Kaufmann\AppData\Local\Temp\unwise.exe => Moved successfully.
C:\Windows => ":7D42EAC16CE61F88" ADS removed successfully.
HKU\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Classes\ => Unable to delete key
HKU\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Classes\.exe => Key not found.


The system needed a reboot. 

==== End of Fixlog ====

Anschließend wurde automatisch neu gebootet - richtig ?

AntiVir wurde dann zum ersten mal hochgefahren - kam aber das bekannte Fehlerfester.
Das AntiVir Symbol ist wieder rechts unten in der Leiste, wenn man drauf geht steht dort:
-Echtzeit-Scanner: aktiv
-Browser-Schutz: aktiv
-Windows Firewall: aktiv
Beim Doppelklick auf das Symbol kommt aber das bekannte Fehlerfenster.
Ich kann also AntiVir nicht deaktivieren ?
Task-Manager : Avira Free Antivirus Status: wird ausgeführt.

Schritt 2 erst nach deiner Antwort ausführen ?

Machiavelli · 02.06.2014, 17:08

Führe Schritt 2 durch, am Schluss werde ich auf die Fragen genauer eingehen.

charly-UM · 02.06.2014, 17:35

Schritt 2:
FRST Scan ist OK gelaufen :

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-06-2014 01
Ran by Ewald Kaufmann (administrator) on VISTA-PC on 02-06-2014 18:27:51
Running from C:\Users\Ewald Kaufmann\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Intel(R) Corporation) C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Dropbox, Inc.) C:\Users\Ewald Kaufmann\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Empolis GmbH) C:\Program Files\Common Files\Gnab\Service\ServiceController.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Empolis GmbH) C:\Program Files\Medion\MEDIONbox\Program\GCS.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Buhl Data Service GmbH) C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
() C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Apple Inc.) C:\AirPrint\airprint.exe
(Intel(R) Corporation) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe
(Intel(R) Corporation) C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
() C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
() C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
(Intel(R) Corporation) C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\mobsync.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-09] (Intel Corporation)
HKLM\...\Run: [NMSSupport] => C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [439512 2007-06-27] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4706304 2007-11-14] (Realtek Semiconductor)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-09-02] (RealNetworks, Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-27] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\RunServices: [RegisterDropHandler] - C:\Program Files\TextBridge Pro 8.0\Bin\RegisterDropHandler.exe [23040 1998-12-14] ( ())
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [122200 2014-04-23] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2643817713-3400089558-1708297070-1003\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2643817713-3400089558-1708297070-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2643817713-3400089558-1708297070-1003\...\Run: [Messenger (Yahoo!)] => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
HKU\S-1-5-21-2643817713-3400089558-1708297070-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-04-30] (Google Inc.)
HKU\S-1-5-21-2643817713-3400089558-1708297070-1003\...\Run: [Remote Control Editor] => C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe [1105920 2008-12-09] (TerraTec Electronic GmbH)
HKU\S-1-5-21-2643817713-3400089558-1708297070-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2643817713-3400089558-1708297070-1003\...\Run: [Search Protection] => C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
HKU\S-1-5-21-2643817713-3400089558-1708297070-1003\...\Run: [1und1Agent] => C:\Program Files\Internetradio Player\ps_agent.exe
HKU\S-1-5-21-2643817713-3400089558-1708297070-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2643817713-3400089558-1708297070-1004\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2643817713-3400089558-1708297070-1004\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2643817713-3400089558-1708297070-1004\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1104256 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-2643817713-3400089558-1708297070-1004\...\Run: [IhijUshe] => regsvr32.exe "C:\ProgramData\IhijUshe.dat"
HKU\S-1-5-21-2643817713-3400089558-1708297070-1004\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-2643817713-3400089558-1708297070-1004\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-2643817713-3400089558-1708297070-1004\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Users\Ewald Kaufmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Users\Ewald Kaufmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ewald Kaufmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=EIE9HP&PC=UP50
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com/?fr=mkg029
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ewald Kaufmann\AppData\Roaming\Mozilla\Firefox\Profiles\0u2s3apf.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Deutsches Wörterbuch (alte Rechtschreibung) für die Rechtschreibprüfung in Mozilla-Produkten - C:\Users\Ewald Kaufmann\AppData\Roaming\Mozilla\Firefox\Profiles\0u2s3apf.default\Extensions\de-DE-alt@dictionaries.addons.mozilla.org [2008-03-11]
FF Extension: German Dictionary - C:\Users\Ewald Kaufmann\AppData\Roaming\Mozilla\Firefox\Profiles\0u2s3apf.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2013-03-10]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Ewald Kaufmann\AppData\Roaming\Mozilla\Firefox\Profiles\0u2s3apf.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-07-19]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-12-10]
FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ []
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-02]

Chrome: 
=======
CHR HomePage: https://www.google.de/
CHR StartupUrls: "hxxp://www.google.de/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Ewald Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Shockwave for Director) - C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Ewald Kaufmann\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Ewald Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-04]
CHR Extension: (Google-Suche) - C:\Users\Ewald Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-04]
CHR Extension: (RealDownloader) - C:\Users\Ewald Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-07-06]
CHR Extension: (Skype Click to Call) - C:\Users\Ewald Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-12-16]
CHR Extension: (Google Wallet) - C:\Users\Ewald Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Ewald Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-12-10]
CHR Extension: (Google Mail) - C:\Users\Ewald Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-04]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-05-16]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2011-12-12]

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AirPrint; C:\AirPrint\airprint.exe [234784 2012-10-29] (Apple Inc.)
R2 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [223448 2007-06-27] (Intel(R) Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-05-27] (Avira Operations GmbH & Co. KG)
S3 DHTRACE; C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [39640 2007-06-27] (Intel(R) Corporation)
R2 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2007-02-12] ()
S3 FirebirdServerMAGIXInstance; C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [100864 2012-09-07] (Freemake)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [436056 2014-04-23] (Garmin Ltd or its subsidiaries)
S3 getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33752 2008-12-01] (NOS Microsystems Ltd.)
R2 GnabService; c:\program files\common files\gnab\service\servicecontroller.exe [36864 2007-04-13] (Empolis GmbH)
S4 GoogleDesktopManager-061008-081103; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [29744 2008-09-22] (Google)
R2 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [59096 2007-06-27] (Intel(R) Corporation)
R2 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [268504 2007-06-27] ()
R2 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [157912 2007-06-27] (Intel(R) Corporation)
R2 NMSCore; C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [317656 2007-06-27] (Intel(R) Corporation)
R2 QualityManager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [272600 2007-06-27] (Intel(R) Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [446680 2007-06-27] (Intel(R) Corporation)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S4 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 srvcPVR; C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [1681408 2007-08-16] (Buhl Data Service GmbH)
R2 TVECapSvc; C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [290909 2007-10-19] ()
R2 TVESched; C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [114779 2007-10-19] ()
U2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10)

==================== Drivers (Whitelisted) ====================

R3 3xHybrid; C:\Windows\System32\DRIVERS\3xHybrid.sys [1302368 2008-01-08] (NXP Semiconductors Germany GmbH)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-10] (Avira Operations GmbH & Co. KG)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc.              )
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-04-18] ()
R3 IntelDH; C:\Windows\System32\Drivers\IntelDH.sys [5632 2007-10-15] (Intel Corporation)
R3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25752 2009-10-07] ()
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-12-17] (Logitech Inc.)
S3 mod7700; C:\Windows\System32\DRIVERS\dvb7700all.sys [449408 2007-11-16] (DiBcom)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [31072 2007-05-23] (Intel Corporation )
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [554496 2007-09-21] (Ralink Technology Corp.)
R2 nmsunidr; C:\Windows\System32\DRIVERS\nmsunidr.sys [5376 2007-02-18] (Gteko Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-10] (Avira GmbH)
S3 TSHWMDTCP; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [14552 2007-06-27] ()
S3 WINFLASH; C:\Medion\Bios 1.0A_WInflash\WinFlash.sys [10848 2007-01-12] ()
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-02 18:27 - 2014-06-02 18:28 - 00032156 _____ () C:\Users\Ewald Kaufmann\Desktop\FRST.txt
2014-06-02 16:57 - 2014-06-02 16:57 - 00000000 ____D () C:\Users\Ewald Kaufmann\Desktop\FRST-OlderVersion
2014-06-01 22:48 - 2014-06-01 22:48 - 00001606 _____ () C:\xxxxxxxxxx.txt
2014-06-01 22:05 - 2014-06-01 22:05 - 00001601 _____ () C:\Users\Ewald Kaufmann\Desktop\mbam2.txt
2014-06-01 21:51 - 2014-06-01 21:51 - 00001601 _____ () C:\mbam2.txt
2014-05-30 22:41 - 2014-05-30 22:41 - 00000000 ____D () C:\Windows\ERUNT
2014-05-30 22:37 - 2014-05-30 22:37 - 01016261 _____ (Thisisu) C:\Users\Ewald Kaufmann\Desktop\JRT.exe
2014-05-30 22:00 - 2014-06-01 22:50 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 22:00 - 2014-05-30 22:00 - 00000955 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-30 22:00 - 2014-05-30 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-30 22:00 - 2014-05-30 22:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-30 22:00 - 2014-05-30 22:00 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-30 22:00 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-30 22:00 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-30 22:00 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-30 21:56 - 2014-05-30 21:57 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ewald Kaufmann\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-29 22:59 - 2010-08-30 08:34 - 00154625 _____ () C:\Windows\system32\sqlite3.dll
2014-05-29 22:58 - 2014-05-29 23:03 - 00000000 ____D () C:\AdwCleaner
2014-05-29 22:52 - 2014-05-29 22:52 - 01327971 _____ () C:\Users\Ewald Kaufmann\Desktop\adwcleaner_3.211.exe
2014-05-29 16:30 - 2014-05-29 16:30 - 00380416 _____ () C:\Users\Ewald Kaufmann\Desktop\Gmer-19357.exe
2014-05-29 16:09 - 2014-06-02 18:27 - 00000000 ____D () C:\FRST
2014-05-29 16:05 - 2014-06-02 16:57 - 01058304 _____ (Farbar) C:\Users\Ewald Kaufmann\Desktop\FRST.exe
2014-05-29 15:47 - 2014-05-29 15:47 - 00050477 _____ () C:\Users\Ewald Kaufmann\Desktop\Defogger.exe
2014-05-28 22:09 - 2014-05-28 22:09 - 00000456 _____ () C:\Windows\TT_VTX.log
2014-05-23 21:57 - 2014-05-23 21:57 - 00001254 _____ () C:\Windows\PFRO.log
2014-05-23 21:21 - 2014-05-24 14:00 - 00002451 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-23 08:08 - 2014-06-02 16:57 - 00281600 _____ () C:\ProgramData\IhijUshe.dat
2014-05-18 19:56 - 2014-05-18 19:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-16 08:31 - 2014-05-16 08:31 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-16 08:17 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 08:17 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 08:17 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 13:11 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-07 10:32 - 2014-05-07 10:32 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2014-05-07 10:32 - 2014-05-07 10:32 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2014-05-07 08:26 - 2014-06-02 17:10 - 00000000 ____D () C:\Users\Ewald Kaufmann\AppData\Roaming\DropboxMaster
2014-05-03 18:45 - 2014-06-02 17:01 - 00000000 ____D () C:\Users\Ewald Kaufmann\AppData\Local\FreePDF_XP

==================== One Month Modified Files and Folders =======

2014-06-02 18:28 - 2014-06-02 18:27 - 00032156 _____ () C:\Users\Ewald Kaufmann\Desktop\FRST.txt
2014-06-02 18:28 - 2008-03-06 18:32 - 00000000 ____D () C:\Users\Ewald Kaufmann\AppData\Local\Temp
2014-06-02 18:27 - 2014-05-29 16:09 - 00000000 ____D () C:\FRST
2014-06-02 18:24 - 2006-11-02 12:33 - 01603066 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-02 17:10 - 2014-05-07 08:26 - 00000000 ____D () C:\Users\Ewald Kaufmann\AppData\Roaming\DropboxMaster
2014-06-02 17:10 - 2013-02-12 22:21 - 00000000 ___RD () C:\Users\Ewald Kaufmann\Dropbox
2014-06-02 17:10 - 2013-02-12 22:14 - 00000000 ____D () C:\Users\Ewald Kaufmann\AppData\Roaming\Dropbox
2014-06-02 17:10 - 2008-03-06 18:14 - 01680056 _____ () C:\Windows\WindowsUpdate.log
2014-06-02 17:06 - 2006-11-02 14:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-02 17:05 - 2014-04-09 21:00 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-06-02 17:01 - 2014-05-03 18:45 - 00000000 ____D () C:\Users\Ewald Kaufmann\AppData\Local\FreePDF_XP
2014-06-02 17:01 - 2013-05-10 08:01 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce4d43c6b102c0.job
2014-06-02 17:01 - 2010-10-18 22:30 - 00000000 ____D () C:\Users\Ewald Kaufmann\AppData\Local\Apps\2.0
2014-06-02 17:01 - 2007-10-09 16:35 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-02 17:01 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-02 17:01 - 2006-11-02 14:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-02 17:01 - 2006-11-02 14:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-02 16:59 - 2008-11-13 12:54 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-06-02 16:58 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-02 16:57 - 2014-06-02 16:57 - 00000000 ____D () C:\Users\Ewald Kaufmann\Desktop\FRST-OlderVersion
2014-06-02 16:57 - 2014-05-29 16:05 - 01058304 _____ (Farbar) C:\Users\Ewald Kaufmann\Desktop\FRST.exe
2014-06-02 16:57 - 2014-05-23 08:08 - 00281600 _____ () C:\ProgramData\IhijUshe.dat
2014-06-02 16:57 - 2006-11-02 13:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-02 16:39 - 2012-08-05 13:59 - 00002617 _____ () C:\Users\Ewald Kaufmann\Desktop\Microsoft Word 2010.lnk
2014-06-02 14:36 - 2008-03-19 12:32 - 00000000 ____D () C:\Users\Ewald Kaufmann\Scanner
2014-06-02 08:03 - 2007-10-15 18:38 - 00000069 _____ () C:\Windows\NeroDigital.ini
2014-06-01 22:50 - 2014-05-30 22:00 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-01 22:48 - 2014-06-01 22:48 - 00001606 _____ () C:\xxxxxxxxxx.txt
2014-06-01 22:05 - 2014-06-01 22:05 - 00001601 _____ () C:\Users\Ewald Kaufmann\Desktop\mbam2.txt
2014-06-01 21:51 - 2014-06-01 21:51 - 00001601 _____ () C:\mbam2.txt
2014-06-01 20:56 - 2014-01-13 23:07 - 00000000 ____D () C:\Users\Ewald Kaufmann\AppData\Roaming\BOM
2014-05-30 22:41 - 2014-05-30 22:41 - 00000000 ____D () C:\Windows\ERUNT
2014-05-30 22:37 - 2014-05-30 22:37 - 01016261 _____ (Thisisu) C:\Users\Ewald Kaufmann\Desktop\JRT.exe
2014-05-30 22:00 - 2014-05-30 22:00 - 00000955 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-30 22:00 - 2014-05-30 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-30 22:00 - 2014-05-30 22:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-30 22:00 - 2014-05-30 22:00 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-30 21:57 - 2014-05-30 21:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ewald Kaufmann\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-29 23:57 - 2009-10-10 19:58 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-29 23:45 - 2012-07-29 17:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-29 23:03 - 2014-05-29 22:58 - 00000000 ____D () C:\AdwCleaner
2014-05-29 23:03 - 2008-03-06 18:32 - 00000000 ____D () C:\Users\Ewald Kaufmann
2014-05-29 23:01 - 2007-10-15 18:15 - 00000000 ____D () C:\Users\IUSR_NMPR\AppData\Local\Temp
2014-05-29 22:52 - 2014-05-29 22:52 - 01327971 _____ () C:\Users\Ewald Kaufmann\Desktop\adwcleaner_3.211.exe
2014-05-29 22:46 - 2007-10-10 12:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-29 22:04 - 2008-12-30 12:53 - 00000000 ____D () C:\Users\Public\Öffentliche TEMP
2014-05-29 21:43 - 2013-05-06 14:47 - 00000000 ____D () C:\Users\Ewald Kaufmann\_TEMP
2014-05-29 16:30 - 2014-05-29 16:30 - 00380416 _____ () C:\Users\Ewald Kaufmann\Desktop\Gmer-19357.exe
2014-05-29 15:47 - 2014-05-29 15:47 - 00050477 _____ () C:\Users\Ewald Kaufmann\Desktop\Defogger.exe
2014-05-29 08:47 - 2013-02-22 13:50 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-28 22:09 - 2014-05-28 22:09 - 00000456 _____ () C:\Windows\TT_VTX.log
2014-05-28 08:17 - 2013-02-12 22:21 - 00000998 _____ () C:\Users\Ewald Kaufmann\Desktop\Dropbox.lnk
2014-05-28 08:17 - 2013-02-12 22:15 - 00000000 ____D () C:\Users\Ewald Kaufmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-27 16:39 - 2013-11-05 22:43 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-27 16:39 - 2013-11-05 22:43 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-26 21:14 - 2014-01-13 23:07 - 00000000 ____D () C:\Program Files\Biet-O-Matic
2014-05-24 21:28 - 2013-01-07 15:40 - 00000000 ____D () C:\Users\Ewald Kaufmann\AppData\Local\Canon Easy-PhotoPrint EX
2014-05-24 14:00 - 2014-05-23 21:21 - 00002451 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-24 08:59 - 2009-10-10 20:03 - 00002005 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-23 21:57 - 2014-05-23 21:57 - 00001254 _____ () C:\Windows\PFRO.log
2014-05-23 21:22 - 2008-03-07 00:56 - 00000000 ____D () C:\Users\Ewald Kaufmann\AppData\Local\Adobe
2014-05-23 21:21 - 2011-06-24 13:40 - 00001932 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-05-23 21:21 - 2008-03-07 01:50 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-23 21:21 - 2007-10-10 13:06 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-23 21:21 - 2007-10-10 13:05 - 00000000 ____D () C:\Program Files\Adobe
2014-05-18 19:56 - 2014-05-18 19:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-16 19:15 - 2010-12-30 20:41 - 00058880 _____ () C:\Users\Ewald Kaufmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-16 15:17 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-16 08:31 - 2014-05-16 08:31 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-16 08:30 - 2013-07-16 07:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 08:23 - 2006-11-02 12:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-14 16:45 - 2012-07-29 17:28 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 16:45 - 2011-10-14 07:28 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-12 07:26 - 2014-05-30 22:00 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-30 22:00 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-05-30 22:00 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 14:20 - 2013-02-21 14:02 - 00002659 _____ () C:\Users\Ewald Kaufmann\Desktop\Microsoft PowerPoint 2010.lnk
2014-05-07 15:05 - 2008-10-03 11:10 - 00000103 _____ () C:\Users\Ewald Kaufmann\AppData\default.pls
2014-05-07 10:33 - 2012-12-23 13:01 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-07 10:32 - 2014-05-07 10:32 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2014-05-07 10:32 - 2014-05-07 10:32 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2014-05-07 10:32 - 2013-04-18 10:20 - 00001805 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-05-07 10:32 - 2009-05-18 21:36 - 00000000 ____D () C:\Program Files\Garmin
2014-05-07 10:32 - 2008-08-06 09:03 - 00000000 ____D () C:\ProgramData\GARMIN
2014-05-07 10:32 - 2008-03-14 02:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-05-06 01:32 - 2014-05-16 08:17 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 01:14 - 2014-05-16 08:17 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 01:14 - 2014-05-16 08:17 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

Files to move or delete:
====================
C:\ProgramData\IhijUshe.dat


Some content of TEMP:
====================
C:\Users\Ewald Kaufmann\AppData\Local\Temp\avgnt.exe
C:\Users\Ewald Kaufmann\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplg2h6u.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-02 17:11

==================== End Of Log ============================

--- --- ---

Addition.txt :

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-06-2014 01
Ran by Ewald Kaufmann at 2014-06-02 18:28:41
Running from C:\Users\Ewald Kaufmann\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

1&1 HomeNet-Client (HKLM\...\1&1 HomeNet-Client) (Version:  - )
3D Live Pool (HKLM\...\3D Live Pool_is1) (Version:  - Etiumsoft, Inc.)
AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1568.4089 - ABBYY Software House)
Ace WINScreen 4.5 (HKLM\...\Ace WINScreen_is1) (Version: 4.5 - Caltrox Software Systems)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AntiBrowserSpy (HKLM\...\{F78B5B4F-075A-4C81-AA27-E707861EB5B7}_is1) (Version: 4.0.110 - Abelssoft)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Software Suite (HKLM\...\{497A1721-088F-41EF-8876-B43C9DA5528B}) (Version: 1.0 - ArcSoft)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-00A7-A758B70C0A03}) (Version: 12.10.3.4489 - APN, LLC)
AVM FRITZ!Box USB-Fernanschluss (HKCU\...\f018cf21c0452c64) (Version: 2.2.1.0 - AVM Berlin)
AXIS Media Control Embedded (HKLM\...\AXIS Media Control Embedded) (Version:  - )
Biet-O-Matic v2.14.12 (HKLM\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
BMW TV Version 1.5.0 (HKLM\...\BMW TV_is1) (Version:  - BMW)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MG5300 series Benutzerregistrierung (HKLM\...\Canon MG5300 series Benutzerregistrierung) (Version:  - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - )
Canon MG5300 series On-screen Manual (HKLM\...\Canon MG5300 series On-screen Manual) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.12 - Piriform)
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version:  - )
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DDBAC (HKLM\...\{763231D7-2E4E-44D6-8FC2-6A0C7EDCE3B6}) (Version: 4.3.46 - DataDesign)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version:  - Microsoft)
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.22 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Elevated Installer (Version: 3.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
FileZilla Client 3.3.2.1 (HKLM\...\FileZilla Client) (Version: 3.3.2.1 - )
Firebird SQL Server - MAGIX Edition (HKLM\...\Firebird SQL Server D) (Version: 2.0.1.8 - MAGIX AG)
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 3.2.1 (HKLM\...\Freemake Video Converter_is1) (Version: 3.2.1 - Ellora Assets Corporation)
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
FreeRIP MP3 Converter 4.4.1 (HKLM\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 4.4.1 - GreenTree Applications SRL)
Garmin BaseCamp (HKLM\...\{EBAC8FD4-28EC-46F7-BF9E-89D6E6673001}) (Version: 4.2.5 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe (Unicode) NT 2014.40 Update (HKLM\...\{D8E9584C-28A2-4C79-ABA6-68710DFF86F9}) (Version: 17.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2014.30 Update (HKLM\...\{F956C0BB-D2FA-4BA5-80D7-AC08E7CD611B}) (Version: 17.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM\...\{C7DD94A8-F775-426C-B56C-8E555A59F9E2}) (Version: 2.9.2 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{a2c69cba-542a-4a49-af31-b8a49349064d}) (Version: 3.1.8.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 3.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 3.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin MapSource (HKLM\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{6C94A234-CA2C-4D3C-81E6-6AAA8069825D}) (Version: 2.5.5 - Garmin Ltd or its subsidiaries)
getPlus(R) for Adobe (HKLM\...\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}) (Version: 1.5.2.35 - NOS Microsystems Ltd.)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.7.0806.10245 - Google)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
Haali Media Splitter (HKLM\...\HaaliMkx) (Version:  - )
InfoTech-Service Freischalt-Center 2.3  (HKLM\...\InfoTech-Service Freischalt-Center) (Version: 2.3 - InfoTech-Service, Christian Rimsl)
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Intel(R) PRO Network Connections 12.2.41.0 (HKLM\...\PROSetDX) (Version: 12.2.41.0 - Intel)
Intel(R) PRO Network Connections 12.2.41.0 (Version: 12.2.41.0 - Intel) Hidden
Intel® Viiv™ Software (HKLM\...\Intel(R) Configuration Center) (Version: 1.7.512.0 - Intel Corporation)
Intel® Viiv™ Software (Version: 1.7.512.0 - Intel Corporation) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version:  - )
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java(TM) 6 Update 4 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160040}) (Version: 1.6.0.40 - Sun Microsystems, Inc.)
Letstrade (HKLM\...\{E0091C29-DEE8-4B24-BF65-8C35B5940D77}) (Version: 1.00.0000 - Buhl Data Service)
LetsTrade Komponenten (HKLM\...\LetsTrade) (Version:  - )
Lexware Info Service (HKLM\...\{59624372-3B85-47f4-9B04-4911E551DF1E}) (Version: 2.61.00.0033 - Lexware GmbH & Co. KG)
Lexware online banking (HKLM\...\{6C35CAC7-27C9-4CB0-BBB8-CBF9994215DA}) (Version: 8.00.00.0067 - Lexware GmbH & Co. KG)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software-Treiberpaket (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
MakeDisc (HKLM\...\{B145EC69-66F5-11D8-9D75-000129760D75}) (Version: 3.0.2516 - CyberLink Corp.)
MakeitOne - MP3AlbumMaker (HKLM\...\{DD6FA976-3F0A-4C6C-A30F-6E75DFC39DE9}) (Version: 1.0.0 - MakeitOne)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MCE Software Encoder 1.1 (HKLM\...\{7655E113-C306-11D9-A373-0050BAE317E1}) (Version: 1.1.0.1918 - CyberLink Corporation)
MediaShow (HKLM\...\{D5A9B7C0-8751-11D8-9D75-000129760D75}) (Version: 3.0.4325 - CyberLink Corporation)
MEDION Fotos auf CD Sued (HKLM\...\MEDION Fotos auf CD Sued D) (Version: 6.0.2.0 - MAGIX AG)
Medion Media Center 0 (HKLM\...\{23CE4550-F67C-4114-88DF-FE923BC13E7F}) (Version: 1.0.12.0 - Medion)
MEDIONbox (HKLM\...\{27FDF949-69CE-435A-8372-339F72336AC5}) (Version: 1.09.0000.00050 - Medion)
MFC RunTime files (Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{A71D5E81-B967-43DB-93D7-FD31BFB95748}) (Version: 3.1.5.0 - Apple Inc.)
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MP3 EasySplitter (Trial) (HKLM\...\MP3 EasySplitter (Trial)_is1) (Version:  - )
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
Nero 7 Premium (HKLM\...\{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1031}) (Version: 7.03.1152 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
NimoFilm (HKLM\...\{CE52F670-9E10-4C0A-B0CB-D78BAB0A7923}) (Version: 1.9.21 - Mysher)
NVIDIA 3D Vision Controller-Treiber 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 296.10 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenAL (HKLM\...\OpenAL) (Version:  - )
PC Fresh (HKLM\...\PC Fresh_is1) (Version: 2012 - Abelssoft GmbH)
PC SpeedScan Pro (Version: 7.1.1 - Ascentive) Hidden
Phoenix Service Software 2010.48.004.44602 (HKLM\...\Phoenix Service Software 2010.48.004.44602_is1) (Version:  - leopard Tech)
PHOTOfunSTUDIO 6.1 HD Lite Edition (HKLM\...\{7E653036-DE31-4BFD-96BB-421CC72E06FC}) (Version: 6.01.015 - Panasonic Corporation)
PhotoNow! (HKLM\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.0.4310 - CyberLink Corp.)
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.2.10 - Prolific Technology INC)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2209a - CyberLink Corp.)
PowerDirector (Version: 6.5.2209a - CyberLink Corp.) Hidden
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3118.0 - CyberLink Corporation)
PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 4.2.2504 - CyberLink Corp.)
Quicken 2010 - Servicepack 5 (HKLM\...\{4C9E7EA5-9A3F-4C54-9038-EBB4CF25C29D}) (Version: 17.05.0000 - Lexware GmbH & Co KG)
Quicken 2010 (HKLM\...\InstallShield_{4F8AFA74-1562-4980-8B87-8C07E8DE8FAF}) (Version: 17.00.00.0081 - Lexware GmbH & Co. KG)
Quicken 2010 (Version: 17.00.00.0081 - Lexware GmbH & Co. KG) Hidden
Quicken Import Export Server 2010 (HKLM\...\{7DA9F24A-CEC3-426E-BFFA-ADB94D922463}) (Version: 17.00.00.0048 - Lexware GmbH & Co. KG)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5512 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Rechenbüro Professionell 2004 2.416  (HKLM\...\Rechenbüro Professionell 2004) (Version: 2.416 - InfoTech-Service, Christian Rimsl)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Remote Wonder Series Driver and Control Panel (HKLM\...\X10Hardware) (Version:  - )
Safari (HKLM\...\{C5C649A8-1D21-4C83-9B08-7B3752E580F4}) (Version: 4.30.17.0 - Apple Inc.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.0.12104_15 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.0.12104_15 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.34.0 - SAMSUNG Electronics Co., Ltd.)
Sceneo AbsolutTV (HKLM\...\{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Servicepack Datumsaktualisierung (Version: 1.00.00.0005 - Haufe-Lexware) Hidden
SILKYPIX Developer Studio 3.0 SE (HKLM\...\InstallShield_{B2F25F71-D920-4288-A548-54CD253DEF14}) (Version: 3 - Ichikawa Soft Laboratory)
SILKYPIX Developer Studio 3.0 SE (Version: 3 - Ichikawa Soft Laboratory) Hidden
SimpleScreenshot 1.40 (HKLM\...\SimpleScreenshot) (Version:  - )
Skype Toolbars (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.3.7555 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000004}) (Version: 8.1.0 - Adobe Systems)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Steuer-Spar-Erklärung 2011 (HKLM\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.14 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.13 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
Super LoiLoScope WebShortcut (HKLM\...\{AC589470-884E-4E15-96D8-437780F8185D}) (Version: 1.0.0 - LoiLo)
TAXMAN 2007 (Version: 13.00 - Lexware) Hidden
TerraTec Home Cinema (HKLM\...\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}) (Version: 5.125.0 - )
TextBridge Pro 8.0 (HKLM\...\TextBridge Pro 8.0) (Version:  - )
TopStyle Lite (Version 3.0) (HKLM\...\TopStyle Lite (Version 3.0)) (Version: 3.1.0 - Bradbury Software, LLC)
TranslatorBar 5 Toolbar (HKLM\...\TranslatorBar_5 Toolbar) (Version: 6.2.4.1 - TranslatorBar 5)
TubeBox (HKLM\...\{60597b3f-d714-4f4e-8094-be088a31ff25}) (Version: 4.1.1.0 - Freetec)
TubeBox (Version: 4.1.1.0 - Freetec) Hidden
Turbo Lister 2 (HKLM\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
TV Enhance (HKLM\...\{E4C891D6-6844-41B8-86E8-633CACCC644F}) (Version: 1.0.4916 - CyberLink Corp.)
TVsweeper 3 (HKLM\...\{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}) (Version: 3.0.3 - Sonavis)
Ulead PhotoImpact 12 (HKLM\...\{11AFE21E-B193-430D-B57A-DFF7815BB962}) (Version: 12.0 - Ulead System)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VR-NetWorld (HKLM\...\{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}) (Version:  - )
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinGDB3 3.70  (HKLM\...\WinGDB3) (Version: 3.70  - Asyver)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
Wise Registry Cleaner 7.91 (HKLM\...\Wise Registry Cleaner_is1) (Version: 7.91 - WiseCleaner.com, Inc.)
WISO Mein Geld 2009 Professional (HKLM\...\{44061C54-0775-4AE1-B433-79BCC6431817}) (Version: 10.00.0047 - Buhl Data Service GmbH)

==================== Restore Points  =========================

29-04-2014 06:17:06 Windows Update
04-05-2014 06:24:32 Windows Update
07-05-2014 08:27:58 Garmin Express
07-05-2014 08:32:51 Garmin Express
16-05-2014 06:09:29 Windows Update
23-05-2014 19:12:41 Removed Adobe Reader X (10.1.10) - Deutsch.

==================== Hosts content: ==========================

2006-11-02 12:23 - 2009-03-17 19:10 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {09DA815D-5102-4DA5-B1BE-006C5B6A5FC4} - System32\Tasks\Norton Internet Security CBE\Norton Error Analyzer => C:\Program Files\Norton Internet Security CBE\Engine\20.3.1.22\SymErr.exe
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {577994AF-79CC-43B9-853F-86A19155E0D8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2643817713-3400089558-1708297070-1004 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {8595EFC3-7FBB-475F-BDFA-E25C7EE8C725} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2643817713-3400089558-1708297070-1004 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {8B7560C0-381D-48E2-BFFE-AAF63897E89E} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-04-23] ()
Task: {8FEAB0EC-2724-4D8F-9DEB-D5BD0AAAD80B} - System32\Tasks\GoogleUpdateTaskMachineCore1ce4d43c6b102c0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-10] (Google Inc.)
Task: {965F8B8C-26CE-447D-8495-818783F20C8A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9DC98D58-5FB0-40CB-8139-D52796C6580A} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {A951737B-1111-423B-84AD-448897E68818} - System32\Tasks\{741E324B-42E2-4875-9954-51C44AAB2EDD} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.8.0.158/de/go/help.faq.installer?LastError=1618
Task: {ABE2DFC5-E788-496C-9F3E-0F2D53D822AC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {B0A79CC2-C6B6-4464-ACE3-FBABA6197949} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2643817713-3400089558-1708297070-1004 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B94F9E8F-150D-4196-8ABC-446AD10224BC} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Ewald Kaufmann => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {C9923C71-A490-4849-BDFD-D1AC37A055F0} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {CE9C8633-288E-4FED-99B6-AB7EE5100D77} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-10] (Google Inc.)
Task: {D45667F1-5FBE-470A-9312-5CC01B6ECAEB} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2643817713-3400089558-1708297070-1004 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {D8956B27-58ED-4D7F-B210-F734D74D412A} - System32\Tasks\Norton Internet Security CBE\Norton Error Processor => C:\Program Files\Norton Internet Security CBE\Engine\20.3.1.22\SymErr.exe
Task: {E19412A5-24DC-4B5A-ACD6-325289FF9232} - System32\Tasks\{F93099C5-5AEE-4D14-9D9E-2C45A6A55ADA} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {EDB64326-2C1B-453F-B54A-19DB547CFA0B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-10] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce4d43c6b102c0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2643817713-3400089558-1708297070-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

==================== Loaded Modules (whitelisted) =============

2014-04-29 12:54 - 2012-06-21 07:25 - 00094208 _____ () C:\Windows\System32\redmon32.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2008-03-07 14:39 - 1998-12-14 12:06 - 00163328 _____ () C:\Program Files\Common Files\Xerox Shared\easytb32.dll
2008-03-07 14:39 - 1998-12-14 12:06 - 00034304 _____ () C:\Program Files\Common Files\Xerox Shared\VGFILE.dll
2008-03-08 20:52 - 2007-09-20 19:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2010-03-21 20:19 - 2010-03-21 20:19 - 00094208 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2007-02-12 11:46 - 2007-02-12 11:46 - 00208896 _____ () C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
2014-06-02 17:02 - 2014-06-02 17:02 - 00043008 _____ () C:\Users\Ewald Kaufmann\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplg2h6u.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Ewald Kaufmann\AppData\Roaming\Dropbox\bin\libcef.dll
2013-07-11 08:30 - 2013-07-11 08:30 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5b8ee2f1\mscorlib.dll
2013-07-11 08:30 - 2013-07-11 08:30 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_ecc31d15\system.dll
2013-07-11 08:30 - 2013-07-11 08:30 - 03035136 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_0dc2ac08\system.windows.forms.dll
2013-07-11 08:30 - 2013-07-11 08:30 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_fa78f23c\system.xml.dll
2007-10-15 16:38 - 2007-04-13 18:14 - 00006656 _____ () c:\program files\medion\medionbox\program\structconverter.dll
2009-09-17 10:21 - 2009-04-11 08:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2008-02-04 17:28 - 2007-01-09 11:25 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2007-10-22 13:49 - 2007-05-16 22:48 - 00421955 _____ () C:\Program Files\Sceneo\AbsolutTV\Services\PVR\tvtvRemote.dll
2008-02-04 17:30 - 2007-10-19 18:42 - 00290909 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
2008-02-04 17:29 - 2007-10-19 18:42 - 00094208 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLSchRecordMonitor.dll
2008-02-04 17:30 - 2007-12-12 12:21 - 00245858 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLCapEngine.dll
2008-02-04 17:30 - 2007-10-19 18:42 - 00032768 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLCapSvcps.dll
2008-02-04 17:30 - 2007-10-19 18:42 - 00114779 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
2008-02-04 17:30 - 2007-10-19 18:42 - 00114780 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLSchMgr.dll
2008-02-04 17:30 - 2007-10-19 18:42 - 00339968 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLTinyDB.dll
2007-06-27 10:13 - 2007-06-27 10:13 - 00268504 _____ () C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
2007-06-27 10:14 - 2007-06-27 10:14 - 00325848 _____ () C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\xmb_mediaserver.dll
2007-06-27 10:13 - 2007-06-27 10:13 - 00563416 _____ () C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\xmb_client.dll
2007-06-27 10:14 - 2007-06-27 10:14 - 00070872 _____ () C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\xmb_mediaspace.dll
2007-06-27 10:14 - 2007-06-27 10:14 - 00219352 _____ () C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\xmb_import.dll
2007-06-27 10:14 - 2007-06-27 10:14 - 00041176 _____ () C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\lib\mediaserver\mediaserver_aggregate.dll
2007-06-27 10:14 - 2007-06-27 10:14 - 00030424 _____ () C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\lib\mediaserver\mediaserver_sync.dll
2007-06-27 10:14 - 2007-06-27 10:14 - 00025304 _____ () C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\lib\mediaserver\mediaserver_tunisauth.dll
2007-06-27 10:14 - 2007-06-27 10:14 - 00104664 _____ () C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\lib\mediaserver\mediaserver_tunists.dll
2007-06-27 10:14 - 2007-06-27 10:14 - 00088280 _____ () C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\lib\mediaserver\mediaserver_upnp.dll
2007-06-27 10:14 - 2007-06-27 10:14 - 00026328 _____ () C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\lib\mediaserver\mediaserver_upnppower.dll
2007-06-27 10:14 - 2007-06-27 10:14 - 00065240 _____ () C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\xmb_upnppower.dll
2007-06-27 10:14 - 2007-06-27 10:14 - 00027864 _____ () C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\lib\mediaserver\mediaserver_xrturi.dll
2007-06-27 10:14 - 2007-06-27 10:14 - 00252120 _____ () C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\lib\mediaserver\mediaserver_zcardea.dll
2009-12-27 22:48 - 2004-05-26 00:06 - 00417792 _____ () C:\Windows\system32\ac3filter.ax
2009-10-06 09:16 - 2009-10-06 09:16 - 00077824 _____ () C:\Program Files\MyFree Codec\1.0b beta\XVID-CORE\xvid.ax

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO -viewer-.lnk => C:\Windows\pss\PHOTOfunSTUDIO -viewer-.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VR-NetWorld Auftragsprüfung.lnk => C:\Windows\pss\VR-NetWorld Auftragsprüfung.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Ewald Kaufmann^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Ewald Kaufmann^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CCUTRAYICON => C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
MSCONFIG\startupreg: CloneCDTray => "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
MSCONFIG\startupreg: FreePDF Assistant => C:\Program Files\FreePDF_XP\fpassist.exe
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: InstantAccess => C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPDLR => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Remote Control Editor => "C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe"
MSCONFIG\startupreg: SimpleScreenshot => C:\PROGRA~1\SSS\SIMPLESCREENSHOT.EXE
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TVEService => "C:\Program Files\HomeCinema\TV Enhance\TVEService.exe"

==================== Faulty Device Manager Devices =============

Name: Microsoft-ISATAP-Adapter #3
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-ISATAP-Adapter #4
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-ISATAP-Adapter #5
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-ISATAP-Adapter #6
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-ISATAP-Adapter #9
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (06/02/2014 06:09:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\FRST\QUARANTINE\C\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DVDVIDEOSOFT\PLUGINS> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/02/2014 06:09:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\FRST\QUARANTINE\C\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DVDVIDEOSOFT\PLUGINS> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/02/2014 06:09:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\FRST\QUARANTINE\C\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DVDVIDEOSOFT\LIB> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/02/2014 06:09:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\FRST\QUARANTINE\C\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DVDVIDEOSOFT\LIB> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/02/2014 06:09:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\FRST\QUARANTINE\C\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DVDVIDEOSOFT\FREESTUDIOMANAGER.EXE> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/02/2014 06:09:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\FRST\QUARANTINE\C\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DVDVIDEOSOFT\FREESTUDIOMANAGER.EXE> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/02/2014 06:09:48 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\FRST\QUARANTINE\C\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DVDVIDEOSOFT\CHIMES.WAV> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/02/2014 06:09:48 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\FRST\QUARANTINE\C\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DVDVIDEOSOFT\CHIMES.WAV> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/02/2014 06:09:48 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\FRST\QUARANTINE\C\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DVDVIDEOSOFT\BIN> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/02/2014 06:09:48 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\FRST\QUARANTINE\C\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DVDVIDEOSOFT\BIN> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)


System errors:
=============
Error: (06/02/2014 05:08:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (06/02/2014 05:08:12 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (06/02/2014 05:05:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt

Error: (06/02/2014 05:05:50 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: X10 Device Network Service

Error: (06/02/2014 05:02:57 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (06/02/2014 05:01:24 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT-AUTORITÄT)
Description: 2147942402

Error: (06/02/2014 00:42:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (06/02/2014 00:42:33 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (06/02/2014 00:41:00 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (06/02/2014 00:39:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt


Microsoft Office Sessions:
=========================
Error: (06/02/2014 06:09:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\FRST\QUARANTINE\C\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DVDVIDEOSOFT\PLUGINS

Error: (06/02/2014 06:09:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\FRST\QUARANTINE\C\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DVDVIDEOSOFT\PLUGINS

Error: (06/02/2014 06:09:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\FRST\QUARANTINE\C\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DVDVIDEOSOFT\LIB

Error: (06/02/2014 06:09:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\FRST\QUARANTINE\C\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DVDVIDEOSOFT\LIB

Error: (06/02/2014 06:09:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\FRST\QUARANTINE\C\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DVDVIDEOSOFT\FREESTUDIOMANAGER.EXE

Error: (06/02/2014 06:09:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\FRST\QUARANTINE\C\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DVDVIDEOSOFT\FREESTUDIOMANAGER.EXE

Error: (06/02/2014 06:09:48 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\FRST\QUARANTINE\C\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DVDVIDEOSOFT\CHIMES.WAV

Error: (06/02/2014 06:09:48 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\FRST\QUARANTINE\C\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DVDVIDEOSOFT\CHIMES.WAV

Error: (06/02/2014 06:09:48 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\FRST\QUARANTINE\C\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DVDVIDEOSOFT\BIN

Error: (06/02/2014 06:09:48 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\FRST\QUARANTINE\C\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DVDVIDEOSOFT\BIN


CodeIntegrity Errors:
===================================
  Date: 2014-06-02 18:28:30.683
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-02 18:28:30.449
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-02 18:28:30.231
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-02 18:28:29.997
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-02 18:28:29.763
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-02 18:28:29.529
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-02 18:28:29.295
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-02 18:28:29.061
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-02 18:28:28.655
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-02 18:28:28.421
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 50%
Total physical RAM: 3069.45 MB
Available physical RAM: 1517.01 MB
Total Pagefile: 6349.77 MB
Available Pagefile: 4653.85 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.71 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:445.76 GB) (Free:143.12 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:19.99 GB) (Free:9.5 GB) FAT32
Drive f: () (Removable) (Total:14.83 GB) (Free:10.83 GB) FAT32
Drive j: (HD-PVU2) (Fixed) (Total:465.76 GB) (Free:305.31 GB) NTFS
Drive s: (Daten Kaufmann) (Fixed) (Total:298.09 GB) (Free:220.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 2BAB359D)
Partition 1: (Active) - (Size=446 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=20 GB) - (Type=OF Extended)

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)

========================================================
Disk: 5 (Size: 466 GB) (Disk ID: E8814535)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: CA730EDE)
Partition 1: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Machiavelli · 02.06.2014, 18:21

Nun Schritt 3 & 4.

charly-UM · 03.06.2014, 06:52

Hallo,

nun der ESET Log :

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=6e01d496d3cd7e419774fcd4b2005c34
# engine=18513
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-03 12:29:54
# local_time=2014-06-03 02:29:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 497878 20326552 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 33499793 239288122 0 0
# scanned=393994
# found=55
# cleaned=0
# scan_time=24076
sh=36CC87B6B7367F1A4DE58DFB84D5D8C1AAE3E2A0 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Backup\C\Users\Ewald Kaufmann\AppData\Roaming\Mozilla\Firefox\Profiles\0u2s3apf.default\prefs_29_05_2014_23_03_49.js"
sh=CF6185A9EDFBA0217C9D36D25CA9F6ADCC9F6BC8 ft=1 fh=f90d49fcbe154eac vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=4809ED6CE4E44E10CDD0B7BF47D00B637555E2B9 ft=1 fh=0fdc0c8965e17046 vn="Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5.vir"
sh=D67A33CEB13E362E02CE274646331CFE7CF37AEC ft=1 fh=c71c001169bb6296 vn="Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6.vir"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\ConduitEngine\ConduitEngin0.dll.vir"
sh=AF2A09062B79711D5D92F58251EE238DF2E5E9F9 ft=1 fh=ea86b3a42b031233 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\ConduitEngine\ConduitEngine.dll.vir"
sh=C6A9FB024D614702667E0768E0B673BA3A31F504 ft=1 fh=aa62bac49704426f vn="Variante von Win32/SweetIM.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe.vir"
sh=07695C8842935A01310F52C83BAB364950419841 ft=1 fh=e250219d9f9cd5af vn="Variante von Win32/SweetIM.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgUpdateSupport.dll.vir"
sh=419716F712489099B040AB846B565D808119B5E8 ft=1 fh=562d50baf79e8eca vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\TranslatorBar_5\tbTra1.dll.vir"
sh=AF2A09062B79711D5D92F58251EE238DF2E5E9F9 ft=1 fh=ea86b3a42b031233 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\TranslatorBar_5\tbTra2.dll.vir"
sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\TranslatorBar_5\tbTran.dll.vir"
sh=5CA319EBA10412E2FF4A47FD20624385C11A0C2A ft=1 fh=8ad6e907be4811df vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir"
sh=3D536C97F50FA75940AC47AAE81558668AECE1D7 ft=1 fh=1ffa41ecf2a03bbf vn="Win32/AnyProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ewald Kaufmann\AppData\Local\AnyProtectScannerSetup.exe.vir"
sh=0DDC9EFBCBB739ECBC9645E0D81144ACB0DC139F ft=1 fh=2cd04407df9b26ee vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ewald Kaufmann\AppData\Local\Conduit\CT2642706\TranslatorBar_5AutoUpdaterHelper.exe.vir"
sh=D4290B72810DBCDDFE49B3A887C32B8210448F23 ft=0 fh=0000000000000000 vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ewald Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\flavour.js.vir"
sh=368DBEFD4A7A058B8A499A7D63B8D0928AC85F41 ft=0 fh=0000000000000000 vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ewald Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\newtab.js.vir"
sh=356A4A0EBE1B2BA1D5B2D0DECE9E1E434641F57D ft=0 fh=0000000000000000 vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ewald Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\toolbar.js.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ewald Kaufmann\AppData\LocalLow\ConduitEngine\ConduitEngin0.dll.vir"
sh=AF2A09062B79711D5D92F58251EE238DF2E5E9F9 ft=1 fh=ea86b3a42b031233 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ewald Kaufmann\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ewald Kaufmann\AppData\LocalLow\TranslatorBar_5\tbTra0.dll.vir"
sh=3664B7B546B41FBFB469128DEA194DBA1AF556AC ft=1 fh=532d857584187cdc vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ewald Kaufmann\AppData\LocalLow\TranslatorBar_5\tbTra1.dll.vir"
sh=AF2A09062B79711D5D92F58251EE238DF2E5E9F9 ft=1 fh=ea86b3a42b031233 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ewald Kaufmann\AppData\LocalLow\TranslatorBar_5\tbTra2.dll.vir"
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ewald Kaufmann\AppData\LocalLow\TranslatorBar_5\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll.vir"
sh=0C8D82660838E75B8F1B50B0ACAD1E5366478E55 ft=1 fh=ba9e8c057949b790 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ewald Kaufmann\AppData\Roaming\Desktopicon\eBayShortcuts.exe.vir"
sh=A024516E0F366D5D3DA1380798B3861428E4D16B ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ewald Kaufmann\AppData\Roaming\Mozilla\Firefox\Profiles\0u2s3apf.default\user.js.vir"
sh=94CCAAC63F0B9227B0667107919C7B8C3D9BD04F ft=1 fh=a62edfdd11e6c6ab vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ewald Kaufmann\AppData\Roaming\OpenCandy\54B4197E773E4E26AF8687C96EA2FD6C\Installer.exe.vir"
sh=933F4749C961D68444537F727F31ADE1EE99747D ft=1 fh=efd21e6d445e2214 vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ewald Kaufmann\AppData\Roaming\OpenCandy\54B4197E773E4E26AF8687C96EA2FD6C\LinkuryGA_ALL_p2v5.exe.vir"
sh=8E84B3369C409B88BFF2F167495B5BDA08485065 ft=1 fh=cea6bc5b1fc91d53 vn="Variante von Win32/DealPly.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ewald Kaufmann\AppData\Roaming\SaveSense\UpdateProc\UpdateTask.exe.vir"
sh=CF26A27CF60936A6E73DB41885FE11A9D09A6756 ft=1 fh=ddf84355153b1f04 vn="Variante von Win32/Toolbar.Perion.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\dmwu.exe.vir"
sh=E5E55F157C1CC8F09FD2FDE4D943CFA502A8E636 ft=0 fh=0000000000000000 vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\jmdp\SweetNT.crx.vir"
sh=16751F1DC732740BD60703CFCB9818813E31966E ft=1 fh=c0a392e299985a3c vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\WNLT\Installation\NTSetup.exe.vir"
sh=3D4C6F1D551DD7D687FC99B6C12E684C64DA6F07 ft=1 fh=82b6f2f3276cd17c vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\WNLT\Installation\SKSetup.exe.vir"
sh=1824CFBB24861E0953082C9DB55CC549F9571FE6 ft=1 fh=5345ab72387b0575 vn="Variante von Win32/Toolbar.Perion.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\WNLT\Installation\WSSetup.exe.vir"
sh=42C316FA44E09FE9962FC0F6417DCC66E952975B ft=1 fh=1c7e8cd148e900a8 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files\Common Files\DVDVideoSoft\DVDVideoSoft\AskTB\DVDVideoSoftToolbar.exe"
sh=DB0246D8DDC666EC60CD38127F842B476F8E3120 ft=1 fh=a16d13840f7b745f vn="Variante von Win32/Kryptik.CDAF Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\IhijUshe.dat.xBAD"
sh=DB0246D8DDC666EC60CD38127F842B476F8E3120 ft=1 fh=a16d13840f7b745f vn="Variante von Win32/Kryptik.CDAF Trojaner" ac=I fn="C:\ProgramData\IhijUshe.dat"
sh=DB0246D8DDC666EC60CD38127F842B476F8E3120 ft=1 fh=a16d13840f7b745f vn="Variante von Win32/Kryptik.CDAF Trojaner" ac=I fn="C:\Users\All Users\IhijUshe.dat"
sh=ACBDEE1F85B43FC4683B18BB75985289F773E9F8 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ewald Kaufmann\AppData\Local\Downloaded Installations\{FB20D3A1-7281-4136-BE99-10838BAE8B18}\Movavi Video Converter 7.msi"
sh=06A52BAB880B91D58ADE3CCBB43994606DD779EE ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Ewald Kaufmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\1fbc2305-6156967d"
sh=3B2F34084E543A93526EB36EDBE1DD8719CD1253 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ewald Kaufmann\AppData\Roaming\Mozilla\Firefox\Profiles\0u2s3apf.default\prefs.js.bak"
sh=5707514D788581178761B6D3684B280F3F869F3E ft=1 fh=932c811bf71e5503 vn="Win32/SweetIM.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3VINL9I3\SkywalkerSetup[1].exe"
sh=8FCBAF3302FDF837B5D05AD5DCB8EFA77AA012CB ft=1 fh=7575fa339b0b916e vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3VINL9I3\SkywalkerSetup[2].exe"
sh=3D4C6F1D551DD7D687FC99B6C12E684C64DA6F07 ft=1 fh=82b6f2f3276cd17c vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3VINL9I3\SkywalkerSetup[3].exe"
sh=F0583DDAE95D2C50EE017A7B16941AFBC9E004D5 ft=1 fh=72c2adac041db1f9 vn="Variante von Win32/Toolbar.Perion.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3VINL9I3\WSSetup[1].exe"
sh=3FCDDDFFA523FD30995BD7F1EE90AD1DAFF05C22 ft=1 fh=eb68e71596000e50 vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FQ5PXKA4\SkywalkerSetup[1].exe"
sh=D9EE6B80A0799254672CEDD44F173BD38A604757 ft=1 fh=28f332d88c5a495a vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FQ5PXKA4\SkywalkerSetup[2].exe"
sh=0DBE65DA27C274B5A12C4DCB4EBAD6F94077F488 ft=1 fh=e4c8ac4733ac6a65 vn="Variante von Win32/Toolbar.Perion.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FQ5PXKA4\WSSetup[1].exe"
sh=1824CFBB24861E0953082C9DB55CC549F9571FE6 ft=1 fh=5345ab72387b0575 vn="Variante von Win32/Toolbar.Perion.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FQ5PXKA4\WSSetup[2].exe"
sh=45E17543C519D67E0C575E0F3F6D11E19BA400F2 ft=1 fh=3ae4eeffc55902ad vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GT6P9KWF\SkywalkerSetup[1].exe"
sh=F5E0B85D1080A86A759A30977F3EBE51AF85606E ft=1 fh=9fe8960328122cff vn="Variante von Win32/Toolbar.Perion.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GT6P9KWF\WSSetup[1].exe"
sh=58FD5BFD5621171F4F1C69389E3ACA9BC3C80F64 ft=1 fh=ee2985aba3d07ac3 vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JG5V8NTX\SkywalkerSetup[1].exe"
sh=6B97D6844255D47302665BE4EB504893477EFA9C ft=1 fh=edd6a7ebcaa5d0c2 vn="Variante von Win32/Toolbar.Perion.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JG5V8NTX\WSSetup[1].exe"
sh=1A739914A874A42A4520CE05D8B8761A884ADFB7 ft=1 fh=de394184ef561da5 vn="Variante von Win32/Toolbar.Perion.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JG5V8NTX\WSSetup[2].exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/PSW.Papras.CX Trojaner" ac=I fn="${Memory}"

Da ich den Avira ja nicht stoppen konnte hat der ein paarmal mit dem bekannten Fehlerfenster dazwischengefunkt und hat einen Fund gebracht :

Objekt: c:\Program Files\Unistall Information\ib_uninst_0\unistall.exe
Fund: TR/Dldr.Brantall.B.6
Aktion: In Quarantäne verschieben

Machiavelli · 03.06.2014, 15:20

Mich beunruhigt immer noch diese eine Datei.

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

Please download Combofix from one of the following locations:

Download Mirror #1
Download Mirror #2
Download Mirror #3

Note: You must save this directly to your Desktop.

Save any open documents, then close any open programs.
Disable all anti-virus and Anti-Malware software to prevent them inhibiting Combofix in any way. If you are unsure how to do this, see THIS
Double-click on combofix.exe then follow the on screen prompts
When Combofix finishes, it will open the log. Please Copy (Ctrl + C) and Paste (Ctrl + V) all of this text into your next post.

If, for whatever reason, the log does not open, it can be found in this location: C:\combofix.txt

charly-UM · 03.06.2014, 16:42

Hallo,
nun bin ich ratlos. Seit dem heutigen Start des PC's war die Avira Software (symbol rechts in der Leiste nicht zu sehen)!
Ich habe vorhin Combofix nach Anweisung gestartet und dann Fehlerfenster: Avira Desktop läuft noch. Habe dann im Manager den Task beendet ging auch. Habe nochmal versucht das Programm zu deinstallieren - ohne Erfolg. Combofix weiterlaufen lassen - kommt erneut ein scharfer Warnhinweis - und wartet auf OK?? habe nichts mehr unternommen !

Ich weiß nicht wie man Screenshots in den Text einfügt - deshalb unten die Anhänge.

Bin schon am überlegen ob es nicht sinnvoller ist die Daten auf externer Platte zu speichern und den PC neu zu installieren - was meinst Du ?

Machiavelli · 03.06.2014, 16:44

Auf OK klicken.

charly-UM · 03.06.2014, 23:09

Combofix ist dann normal durchgelaufen.

Code:

ATTFilter

ComboFix 14-06-03.01 - Ewald Kaufmann 03.06.2014  23:35:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3069.1608 [GMT 2:00]
ausgeführt von:: c:\users\Ewald Kaufmann\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\sss
c:\program files\sss\licence.txt
c:\program files\sss\ReadMe.txt
c:\program files\sss\SimpleScreenshot.exe
c:\program files\sss\upload.php
c:\programdata\IhijUshe.dat
c:\users\Ewald Kaufmann\AppData\Roaming\1&1
c:\users\Ewald Kaufmann\AppData\Roaming\1&1\1&1 HomeNetClient\HomeNetSettings.bin
c:\windows\system32\~GLH0045.TMP
c:\windows\system32\~GLH0047.TMP
c:\windows\system32\sqlite3.dll
c:\windows\system32\tmp26E4.tmp
c:\windows\system32\tmp27EE.tmp
c:\windows\system32\tmpA4EC.tmp
c:\windows\system32\tmpA644.tmp
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-05-03 bis 2014-06-03  ))))))))))))))))))))))))))))))
.
.
2014-06-03 21:47 . 2014-06-03 21:47	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-06-03 21:47 . 2014-06-03 21:47	--------	d-----w-	c:\users\IUSR_NMPR\AppData\Local\temp
2014-06-03 21:47 . 2014-06-03 21:47	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-05-30 20:41 . 2014-05-30 20:41	--------	d-----w-	c:\windows\ERUNT
2014-05-30 20:00 . 2014-06-01 20:50	110296	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-30 20:00 . 2014-05-30 20:00	--------	d-----w-	c:\program files\ Malwarebytes Anti-Malware 
2014-05-30 20:00 . 2014-05-30 20:00	--------	d-----w-	c:\programdata\Malwarebytes
2014-05-30 20:00 . 2014-05-12 05:26	51928	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-05-30 20:00 . 2014-05-12 05:25	74456	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-05-30 20:00 . 2014-05-12 05:25	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-05-29 20:58 . 2014-05-29 21:03	--------	d-----w-	C:\AdwCleaner
2014-05-29 14:09 . 2014-06-02 16:29	--------	d-----w-	C:\FRST
2014-05-16 06:17 . 2014-05-05 23:14	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-08 11:21 . 2014-05-08 11:21	188272	----a-w-	c:\program files\Internet Explorer\Plugins\nppdf32.dll
2014-05-07 08:32 . 2014-05-07 08:32	--------	d-----w-	c:\users\Default\AppData\Roaming\Garmin
2014-05-07 06:26 . 2014-06-03 11:55	--------	d-----w-	c:\users\Ewald Kaufmann\AppData\Roaming\DropboxMaster
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-27 14:39 . 2013-11-05 20:43	93528	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-05-27 14:39 . 2013-11-05 20:43	136216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2014-05-14 14:45 . 2012-07-29 15:28	692400	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-05-14 14:45 . 2011-10-14 05:28	70832	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-15 00:34 . 2014-04-15 00:34	1070232	----a-w-	c:\windows\system32\MSCOMCTL.OCX
2014-04-06 10:24 . 2013-06-03 06:48	632656	----a-w-	c:\windows\system32\msvcr80.dll
2014-04-06 10:24 . 2013-06-03 06:48	554832	----a-w-	c:\windows\system32\msvcp80.dll
2014-04-06 10:24 . 2013-06-03 06:48	479232	----a-w-	c:\windows\system32\msvcm80.dll
2014-03-07 23:12 . 2014-04-10 06:47	1806848	----a-w-	c:\windows\system32\jscript9.dll
2014-03-07 23:02 . 2014-04-10 06:47	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2014-03-07 23:02 . 2014-04-10 06:47	1129472	----a-w-	c:\windows\system32\wininet.dll
2014-03-07 22:57 . 2014-04-10 06:47	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2014-03-07 22:56 . 2014-04-10 06:47	421376	----a-w-	c:\windows\system32\vbscript.dll
2008-09-22 10:04 . 2014-05-18 17:56	122880	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Ewald Kaufmann\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Ewald Kaufmann\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Ewald Kaufmann\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Ewald Kaufmann\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"Adobe Reader Synchronizer"="c:\program files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" [2014-05-08 1104256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512]
"RtHDVCpl"="RtHDVCpl.exe" [2007-11-14 4706304]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-09-02 295512]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-05-27 737872]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2014-03-18 373760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2014-04-23 122200]
.
c:\users\Ewald Kaufmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ewald Kaufmann\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\
VR-NetWorld Auftragsprüfung.lnk - c:\program files\VR-NetWorld\VRToolCheckOrder.exe /autostart [2008-3-11 1137664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO -viewer-.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO -viewer-.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VR-NetWorld Auftragsprüfung.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VR-NetWorld Auftragsprüfung.lnk
backup=c:\windows\pss\VR-NetWorld Auftragsprüfung.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Ewald Kaufmann^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Ewald Kaufmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Ewald Kaufmann^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Ewald Kaufmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2012-11-05 13:27	89184	----a-w-	c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]
2007-06-27 08:18	215256	----a-w-	c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
2014-03-18 18:50	373760	----a-w-	c:\program files\FreePDF_XP\fpassist.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarminExpressTrayApp]
2014-04-23 07:26	122200	----a-w-	c:\program files\Garmin\Express Tray\ExpressTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-02-21 01:54	152392	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage]
2013-04-18 10:10	578560	----a-w-	c:\program files\Samsung\Kies\KiesAirMessage.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2014-02-14 12:55	845120	----a-w-	c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2014-02-14 12:55	1564992	----a-w-	c:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2014-02-14 12:55	311616	----a-w-	c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote Control Editor]
2008-12-09 16:22	1105920	----a-w-	c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-30 02:06	68856	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVEService]
2007-10-19 16:42	155648	----a-w-	c:\program files\HomeCinema\TV Enhance\TVEService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2643817713-3400089558-1708297070-1004]
"EnableNotificationsRef"=dword:00000002
.
S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2008-01-08 1302368]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-24 06:58	1091912	----a-w-	c:\program files\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-29 14:45]
.
2011-11-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-06 17:35]
.
2014-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce4d43c6b102c0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 17:57]
.
2014-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 17:57]
.
2013-02-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2643817713-3400089558-1708297070-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 15:13]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.de/
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: targobank.de\www
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Ewald Kaufmann\AppData\Roaming\Mozilla\Firefox\Profiles\0u2s3apf.default\
FF - ExtSQL: 2014-04-09 20:23; {B64D9B05-48E1-4CEB-BF58-E0643994E900}; c:\program files\Common Files\DVDVideoSoft\plugins\ff
FF - ExtSQL: 2014-04-09 21:24; {ad9a41d2-9a49-4fa6-a79e-71a0785364c8}; c:\users\Ewald Kaufmann\AppData\Roaming\Mozilla\Firefox\Profiles\0u2s3apf.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi
FF - ExtSQL: !HIDDEN! 2009-07-03 15:05; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-IhijUshe - c:\programdata\IhijUshe.dat
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-CloneCDTray - c:\program files\SlySoft\CloneCD\CloneCDTray.exe
MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\QuickCam\Quickcam.exe
MSConfigStartUp-SimpleScreenshot - c:\progra~1\SSS\SIMPLESCREENSHOT.EXE
AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files\Common Files\DVDVideoSoft\lib\Uninstall.exe
AddRemove-Redirection Port Monitor - c:\windows\system32\unredmon.exe
AddRemove-TranslatorBar_5 Toolbar - c:\program files\TranslatorBar_5\uninstall.exe
AddRemove-{501451DE-5808-4599-B544-8BD0915B6B24}_is1 - c:\program files\FreeRIP3\unins000.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-MyFreeCodec - c:\program files\MyFree Codec\1.0b beta\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-06-03 23:49
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.032"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.abr"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ani"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.apd"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.arw"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bay"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2643817713-3400089558-1708297070-1004)
"Progid"="ACDSee Foto-Manager 12.bmp"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bw"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cr2"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.crw"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cs1"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cur"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dcr"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dcx"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dib"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.djv"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.djvu"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dng"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.emf"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.eps"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.erf"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.fff"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.fpx"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.gif"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.hdr"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.icl"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.icn"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.iff"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ilbm"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.int"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.inta"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.iw4"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.j2c"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.j2k"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jbr"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jfif"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jif"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jp2"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpc"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpe"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpeg"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-2643817713-3400089558-1708297070-1004)
@Denied: (2) (LocalSystem)
"Progid"="Applications\\i_view32.exe"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpk"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpx"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.kdc"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.lbm"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mef"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mos"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mrw"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.nef"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.nrw"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.orf"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pbm"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pbr"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pcd"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pct"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pcx"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pef"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pgm"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pic"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pict"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pix"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.png"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ppm"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ps"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.psd"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.psp"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pspbrush"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pspimage"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.raf"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ras"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.raw"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rgb"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rgba"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rle"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rsb"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RW2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rw2"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rwl"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.sgi"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.sr2"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.srf"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.tga"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.thm"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (S-1-5-21-2643817713-3400089558-1708297070-1004)
@Denied: (2) (LocalSystem)
"Progid"="QuickTime.tif"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.tiff"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ttc"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ttf"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.wmf"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xbm"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xif"
.
[HKEY_USERS\S-1-5-21-2643817713-3400089558-1708297070-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xpm"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2014-06-03  23:52:49
ComboFix-quarantined-files.txt  2014-06-03 21:52
.
Vor Suchlauf: 23 Verzeichnis(se), 145.169.420.288 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 145.987.854.336 Bytes frei
.
- - End Of File - - E825AC882D99206EB6EB1F3DB7D8625E
671B81004FDD1588FA9ED1331C9CECA9

Auf den ersten Blick funktioniert auch der PC noch.

Machiavelli · 04.06.2014, 13:05

Bitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan.

charly-UM · 04.06.2014, 13:30

Heute nach Neustart :

1. Fehlerfenster:
RegSvr32
Das Modul „C:\ProgramData\IhiJUshe.dat“ konnte nicht geladen werden.
Das Modul konnte nicht gefunden werden.

2. Programm: Simplescreenshot lässt sich nicht mehr öffnen !
(war da ein Virus drin?)

3. Avira bringt nach wie vor den bekannten Fehler !

Jetzt FRST ist gelaufen :

FRST.txt :

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-06-2014 01
Ran by Ewald Kaufmann (administrator) on VISTA-PC on 04-06-2014 14:19:21
Running from C:\Users\Ewald Kaufmann\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Intel(R) Corporation) C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dropbox, Inc.) C:\Users\Ewald Kaufmann\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Empolis GmbH) C:\Program Files\Common Files\Gnab\Service\ServiceController.exe
(Empolis GmbH) C:\Program Files\Medion\MEDIONbox\Program\GCS.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Buhl Data Service GmbH) C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
() C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Apple Inc.) C:\AirPrint\airprint.exe
(Intel(R) Corporation) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe
(Intel(R) Corporation) C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
() C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
() C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
(Intel(R) Corporation) C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Intel(R) Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-09] (Intel Corporation)
HKLM\...\Run: [NMSSupport] => C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [439512 2007-06-27] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4706304 2007-11-14] (Realtek Semiconductor)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-09-02] (RealNetworks, Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-27] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [122200 2014-04-23] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2643817713-3400089558-1708297070-1003\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2643817713-3400089558-1708297070-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2643817713-3400089558-1708297070-1003\...\Run: [Messenger (Yahoo!)] => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
HKU\S-1-5-21-2643817713-3400089558-1708297070-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-04-30] (Google Inc.)
HKU\S-1-5-21-2643817713-3400089558-1708297070-1003\...\Run: [Remote Control Editor] => C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe [1105920 2008-12-09] (TerraTec Electronic GmbH)
HKU\S-1-5-21-2643817713-3400089558-1708297070-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2643817713-3400089558-1708297070-1003\...\Run: [Search Protection] => C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
HKU\S-1-5-21-2643817713-3400089558-1708297070-1003\...\Run: [1und1Agent] => C:\Program Files\Internetradio Player\ps_agent.exe
HKU\S-1-5-21-2643817713-3400089558-1708297070-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2643817713-3400089558-1708297070-1004\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2643817713-3400089558-1708297070-1004\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2643817713-3400089558-1708297070-1004\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1104256 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-2643817713-3400089558-1708297070-1004\...\Run: [IhijUshe] => regsvr32.exe "C:\ProgramData\IhijUshe.dat"
HKU\S-1-5-21-2643817713-3400089558-1708297070-1004\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-2643817713-3400089558-1708297070-1004\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-2643817713-3400089558-1708297070-1004\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Users\Ewald Kaufmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Users\Ewald Kaufmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ewald Kaufmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ewald Kaufmann\AppData\Roaming\Mozilla\Firefox\Profiles\0u2s3apf.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Deutsches Wörterbuch (alte Rechtschreibung) für die Rechtschreibprüfung in Mozilla-Produkten - C:\Users\Ewald Kaufmann\AppData\Roaming\Mozilla\Firefox\Profiles\0u2s3apf.default\Extensions\de-DE-alt@dictionaries.addons.mozilla.org [2008-03-11]
FF Extension: German Dictionary - C:\Users\Ewald Kaufmann\AppData\Roaming\Mozilla\Firefox\Profiles\0u2s3apf.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2013-03-10]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Ewald Kaufmann\AppData\Roaming\Mozilla\Firefox\Profiles\0u2s3apf.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-07-19]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-12-10]
FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ []
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-02]

Chrome: 
=======
CHR HomePage: https://www.google.de/
CHR StartupUrls: "hxxp://www.google.de/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Ewald Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Shockwave for Director) - C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Ewald Kaufmann\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Ewald Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-04]
CHR Extension: (Google-Suche) - C:\Users\Ewald Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-04]
CHR Extension: (RealDownloader) - C:\Users\Ewald Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-07-06]
CHR Extension: (Skype Click to Call) - C:\Users\Ewald Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-12-16]
CHR Extension: (Google Wallet) - C:\Users\Ewald Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Ewald Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-12-10]
CHR Extension: (Google Mail) - C:\Users\Ewald Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-04]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-05-16]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2011-12-12]

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AirPrint; C:\AirPrint\airprint.exe [234784 2012-10-29] (Apple Inc.)
R2 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [223448 2007-06-27] (Intel(R) Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-05-27] (Avira Operations GmbH & Co. KG)
S3 DHTRACE; C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [39640 2007-06-27] (Intel(R) Corporation)
R2 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2007-02-12] ()
S3 FirebirdServerMAGIXInstance; C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [100864 2012-09-07] (Freemake)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [436056 2014-04-23] (Garmin Ltd or its subsidiaries)
S3 getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33752 2008-12-01] (NOS Microsystems Ltd.)
R2 GnabService; c:\program files\common files\gnab\service\servicecontroller.exe [36864 2007-04-13] (Empolis GmbH)
S4 GoogleDesktopManager-061008-081103; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [29744 2008-09-22] (Google)
R2 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [59096 2007-06-27] (Intel(R) Corporation)
R2 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [268504 2007-06-27] ()
R2 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [157912 2007-06-27] (Intel(R) Corporation)
R2 NMSCore; C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [317656 2007-06-27] (Intel(R) Corporation)
R2 QualityManager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [272600 2007-06-27] (Intel(R) Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [446680 2007-06-27] (Intel(R) Corporation)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S4 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 srvcPVR; C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [1681408 2007-08-16] (Buhl Data Service GmbH)
R2 TVECapSvc; C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [290909 2007-10-19] ()
R2 TVESched; C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [114779 2007-10-19] ()
U2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10)

==================== Drivers (Whitelisted) ====================

R3 3xHybrid; C:\Windows\System32\DRIVERS\3xHybrid.sys [1302368 2008-01-08] (NXP Semiconductors Germany GmbH)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-10] (Avira Operations GmbH & Co. KG)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc.              )
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-04-18] ()
R3 IntelDH; C:\Windows\System32\Drivers\IntelDH.sys [5632 2007-10-15] (Intel Corporation)
R3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25752 2009-10-07] ()
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-12-17] (Logitech Inc.)
S3 mod7700; C:\Windows\System32\DRIVERS\dvb7700all.sys [449408 2007-11-16] (DiBcom)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [31072 2007-05-23] (Intel Corporation )
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [554496 2007-09-21] (Ralink Technology Corp.)
R2 nmsunidr; C:\Windows\System32\DRIVERS\nmsunidr.sys [5376 2007-02-18] (Gteko Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-10] (Avira GmbH)
S3 TSHWMDTCP; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [14552 2007-06-27] ()
S3 WINFLASH; C:\Medion\Bios 1.0A_WInflash\WinFlash.sys [10848 2007-01-12] ()
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\EWALDK~1\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-04 14:19 - 2014-06-04 14:20 - 00031252 _____ () C:\Users\Ewald Kaufmann\Desktop\FRST.txt
2014-06-03 23:52 - 2014-06-03 23:52 - 00038411 _____ () C:\ComboFix.txt
2014-06-03 23:52 - 2014-06-03 23:52 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp
2014-06-03 23:52 - 2014-06-03 23:52 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-03 23:52 - 2014-06-03 23:52 - 00000000 ____D () C:\Users\IUSR_NMPR\AppData\Local\temp
2014-06-03 23:52 - 2014-06-03 23:52 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-03 23:52 - 2014-06-03 23:52 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-03 23:32 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-03 23:32 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-03 23:32 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-03 23:32 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-03 23:32 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-03 23:32 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-03 23:32 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-03 23:32 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-03 23:31 - 2014-06-03 23:53 - 00000000 ____D () C:\ComboFix
2014-06-03 16:42 - 2014-06-03 23:52 - 00000000 ____D () C:\Qoobox
2014-06-03 16:39 - 2014-06-03 23:50 - 00000000 ____D () C:\Windows\erdnt
2014-06-03 16:31 - 2014-06-03 16:31 - 05206532 ____R (Swearware) C:\Users\Ewald Kaufmann\Desktop\ComboFix.exe
2014-06-02 19:37 - 2014-06-02 19:37 - 02347384 _____ (ESET) C:\Users\Ewald Kaufmann\Desktop\esetsmartinstaller_deu.exe
2014-06-02 16:57 - 2014-06-02 16:57 - 00000000 ____D () C:\Users\Ewald Kaufmann\Desktop\FRST-OlderVersion
2014-06-01 22:48 - 2014-06-01 22:48 - 00001606 _____ () C:\xxxxxxxxxx.txt
2014-06-01 22:05 - 2014-06-01 22:05 - 00001601 _____ () C:\Users\Ewald Kaufmann\Desktop\mbam2.txt
2014-06-01 21:51 - 2014-06-01 21:51 - 00001601 _____ () C:\mbam2.txt
2014-05-30 22:41 - 2014-05-30 22:41 - 00000000 ____D () C:\Windows\ERUNT
2014-05-30 22:37 - 2014-05-30 22:37 - 01016261 _____ (Thisisu) C:\Users\Ewald Kaufmann\Desktop\JRT.exe
2014-05-30 22:00 - 2014-06-01 22:50 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 22:00 - 2014-05-30 22:00 - 00000955 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-30 22:00 - 2014-05-30 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-30 22:00 - 2014-05-30 22:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-30 22:00 - 2014-05-30 22:00 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-30 22:00 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-30 22:00 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-30 22:00 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-30 21:56 - 2014-05-30 21:57 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ewald Kaufmann\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-29 22:58 - 2014-05-29 23:03 - 00000000 ____D () C:\AdwCleaner
2014-05-29 22:52 - 2014-05-29 22:52 - 01327971 _____ () C:\Users\Ewald Kaufmann\Desktop\adwcleaner_3.211.exe
2014-05-29 16:30 - 2014-05-29 16:30 - 00380416 _____ () C:\Users\Ewald Kaufmann\Desktop\Gmer-19357.exe
2014-05-29 16:09 - 2014-06-04 14:19 - 00000000 ____D () C:\FRST
2014-05-29 16:05 - 2014-06-02 16:57 - 01058304 _____ (Farbar) C:\Users\Ewald Kaufmann\Desktop\FRST.exe
2014-05-29 15:47 - 2014-05-29 15:47 - 00050477 _____ () C:\Users\Ewald Kaufmann\Desktop\Defogger.exe
2014-05-28 22:09 - 2014-05-28 22:09 - 00000456 _____ () C:\Windows\TT_VTX.log
2014-05-23 21:57 - 2014-06-04 07:59 - 00002980 _____ () C:\Windows\PFRO.log
2014-05-23 21:21 - 2014-05-24 14:00 - 00002451 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-18 19:56 - 2014-05-18 19:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-16 08:31 - 2014-05-16 08:31 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-16 08:17 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 08:17 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 08:17 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 13:11 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-07 10:32 - 2014-05-07 10:32 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2014-05-07 10:32 - 2014-05-07 10:32 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2014-05-07 08:26 - 2014-06-04 14:09 - 00000000 ____D () C:\Users\Ewald Kaufmann\AppData\Roaming\DropboxMaster

==================== One Month Modified Files and Folders =======

2014-06-04 14:20 - 2014-06-04 14:19 - 00031252 _____ () C:\Users\Ewald Kaufmann\Desktop\FRST.txt
2014-06-04 14:20 - 2008-03-06 18:32 - 00000000 ____D () C:\Users\Ewald Kaufmann\AppData\Local\Temp
2014-06-04 14:19 - 2014-05-29 16:09 - 00000000 ____D () C:\FRST
2014-06-04 14:17 - 2008-03-06 18:14 - 01787569 _____ () C:\Windows\WindowsUpdate.log
2014-06-04 14:09 - 2014-05-07 08:26 - 00000000 ____D () C:\Users\Ewald Kaufmann\AppData\Roaming\DropboxMaster
2014-06-04 14:09 - 2013-02-12 22:21 - 00000000 ___RD () C:\Users\Ewald Kaufmann\Dropbox
2014-06-04 14:09 - 2013-02-12 22:14 - 00000000 ____D () C:\Users\Ewald Kaufmann\AppData\Roaming\Dropbox
2014-06-04 14:07 - 2006-11-02 14:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-04 14:02 - 2014-05-03 18:45 - 00000000 ____D () C:\Users\Ewald Kaufmann\AppData\Local\FreePDF_XP
2014-06-04 14:02 - 2013-05-10 08:01 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce4d43c6b102c0.job
2014-06-04 14:02 - 2008-11-13 12:54 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-06-04 14:02 - 2007-10-09 16:35 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-04 14:02 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-04 14:02 - 2006-11-02 14:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-04 14:02 - 2006-11-02 14:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-04 11:26 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-04 10:42 - 2012-08-05 13:59 - 00002617 _____ () C:\Users\Ewald Kaufmann\Desktop\Microsoft Word 2010.lnk
2014-06-04 08:24 - 2007-10-15 18:38 - 00000069 _____ () C:\Windows\NeroDigital.ini
2014-06-04 07:59 - 2014-05-23 21:57 - 00002980 _____ () C:\Windows\PFRO.log
2014-06-03 23:53 - 2014-06-03 23:31 - 00000000 ____D () C:\ComboFix
2014-06-03 23:52 - 2014-06-03 23:52 - 00038411 _____ () C:\ComboFix.txt
2014-06-03 23:52 - 2014-06-03 23:52 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp
2014-06-03 23:52 - 2014-06-03 23:52 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-03 23:52 - 2014-06-03 23:52 - 00000000 ____D () C:\Users\IUSR_NMPR\AppData\Local\temp
2014-06-03 23:52 - 2014-06-03 23:52 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-03 23:52 - 2014-06-03 23:52 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-03 23:52 - 2014-06-03 16:42 - 00000000 ____D () C:\Qoobox
2014-06-03 23:52 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-06-03 23:52 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-06-03 23:50 - 2014-06-03 16:39 - 00000000 ____D () C:\Windows\erdnt
2014-06-03 23:49 - 2006-11-02 12:23 - 00000248 _____ () C:\Windows\system.ini
2014-06-03 16:31 - 2014-06-03 16:31 - 05206532 ____R (Swearware) C:\Users\Ewald Kaufmann\Desktop\ComboFix.exe
2014-06-03 15:45 - 2008-03-19 12:32 - 00000000 ____D () C:\Users\Ewald Kaufmann\Scanner
2014-06-02 19:37 - 2014-06-02 19:37 - 02347384 _____ (ESET) C:\Users\Ewald Kaufmann\Desktop\esetsmartinstaller_deu.exe
2014-06-02 18:54 - 2006-11-02 12:33 - 01603066 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-02 17:05 - 2014-04-09 21:00 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-06-02 17:01 - 2010-10-18 22:30 - 00000000 ____D () C:\Users\Ewald Kaufmann\AppData\Local\Apps\2.0
2014-06-02 16:57 - 2014-06-02 16:57 - 00000000 ____D () C:\Users\Ewald Kaufmann\Desktop\FRST-OlderVersion
2014-06-02 16:57 - 2014-05-29 16:05 - 01058304 _____ (Farbar) C:\Users\Ewald Kaufmann\Desktop\FRST.exe
2014-06-02 16:57 - 2006-11-02 13:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-01 22:50 - 2014-05-30 22:00 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-01 22:48 - 2014-06-01 22:48 - 00001606 _____ () C:\xxxxxxxxxx.txt
2014-06-01 22:05 - 2014-06-01 22:05 - 00001601 _____ () C:\Users\Ewald Kaufmann\Desktop\mbam2.txt
2014-06-01 21:51 - 2014-06-01 21:51 - 00001601 _____ () C:\mbam2.txt
2014-06-01 20:56 - 2014-01-13 23:07 - 00000000 ____D () C:\Users\Ewald Kaufmann\AppData\Roaming\BOM
2014-05-30 22:41 - 2014-05-30 22:41 - 00000000 ____D () C:\Windows\ERUNT
2014-05-30 22:37 - 2014-05-30 22:37 - 01016261 _____ (Thisisu) C:\Users\Ewald Kaufmann\Desktop\JRT.exe
2014-05-30 22:00 - 2014-05-30 22:00 - 00000955 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-30 22:00 - 2014-05-30 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-30 22:00 - 2014-05-30 22:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-30 22:00 - 2014-05-30 22:00 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-30 21:57 - 2014-05-30 21:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ewald Kaufmann\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-29 23:57 - 2009-10-10 19:58 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-29 23:45 - 2012-07-29 17:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-29 23:03 - 2014-05-29 22:58 - 00000000 ____D () C:\AdwCleaner
2014-05-29 23:03 - 2008-03-06 18:32 - 00000000 ____D () C:\Users\Ewald Kaufmann
2014-05-29 22:52 - 2014-05-29 22:52 - 01327971 _____ () C:\Users\Ewald Kaufmann\Desktop\adwcleaner_3.211.exe
2014-05-29 22:46 - 2007-10-10 12:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-29 22:04 - 2008-12-30 12:53 - 00000000 ____D () C:\Users\Public\Öffentliche TEMP
2014-05-29 21:43 - 2013-05-06 14:47 - 00000000 ____D () C:\Users\Ewald Kaufmann\_TEMP
2014-05-29 16:30 - 2014-05-29 16:30 - 00380416 _____ () C:\Users\Ewald Kaufmann\Desktop\Gmer-19357.exe
2014-05-29 15:47 - 2014-05-29 15:47 - 00050477 _____ () C:\Users\Ewald Kaufmann\Desktop\Defogger.exe
2014-05-29 08:47 - 2013-02-22 13:50 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-28 22:09 - 2014-05-28 22:09 - 00000456 _____ () C:\Windows\TT_VTX.log
2014-05-28 08:17 - 2013-02-12 22:21 - 00000998 _____ () C:\Users\Ewald Kaufmann\Desktop\Dropbox.lnk
2014-05-28 08:17 - 2013-02-12 22:15 - 00000000 ____D () C:\Users\Ewald Kaufmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-27 16:39 - 2013-11-05 22:43 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-27 16:39 - 2013-11-05 22:43 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-26 21:14 - 2014-01-13 23:07 - 00000000 ____D () C:\Program Files\Biet-O-Matic
2014-05-24 21:28 - 2013-01-07 15:40 - 00000000 ____D () C:\Users\Ewald Kaufmann\AppData\Local\Canon Easy-PhotoPrint EX
2014-05-24 14:00 - 2014-05-23 21:21 - 00002451 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-24 08:59 - 2009-10-10 20:03 - 00002005 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-23 21:22 - 2008-03-07 00:56 - 00000000 ____D () C:\Users\Ewald Kaufmann\AppData\Local\Adobe
2014-05-23 21:21 - 2011-06-24 13:40 - 00001932 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-05-23 21:21 - 2008-03-07 01:50 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-23 21:21 - 2007-10-10 13:06 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-23 21:21 - 2007-10-10 13:05 - 00000000 ____D () C:\Program Files\Adobe
2014-05-18 19:56 - 2014-05-18 19:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-16 19:15 - 2010-12-30 20:41 - 00058880 _____ () C:\Users\Ewald Kaufmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-16 15:17 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-16 08:31 - 2014-05-16 08:31 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-16 08:30 - 2013-07-16 07:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 08:23 - 2006-11-02 12:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-14 16:45 - 2012-07-29 17:28 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 16:45 - 2011-10-14 07:28 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-12 07:26 - 2014-05-30 22:00 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-30 22:00 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-05-30 22:00 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 14:20 - 2013-02-21 14:02 - 00002659 _____ () C:\Users\Ewald Kaufmann\Desktop\Microsoft PowerPoint 2010.lnk
2014-05-07 15:05 - 2008-10-03 11:10 - 00000103 _____ () C:\Users\Ewald Kaufmann\AppData\default.pls
2014-05-07 10:33 - 2012-12-23 13:01 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-07 10:32 - 2014-05-07 10:32 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2014-05-07 10:32 - 2014-05-07 10:32 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2014-05-07 10:32 - 2013-04-18 10:20 - 00001805 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-05-07 10:32 - 2009-05-18 21:36 - 00000000 ____D () C:\Program Files\Garmin
2014-05-07 10:32 - 2008-08-06 09:03 - 00000000 ____D () C:\ProgramData\GARMIN
2014-05-07 10:32 - 2008-03-14 02:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-05-06 01:32 - 2014-05-16 08:17 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 01:14 - 2014-05-16 08:17 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 01:14 - 2014-05-16 08:17 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

Some content of TEMP:
====================
C:\Users\Ewald Kaufmann\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcmro2k.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-04 14:12

==================== End Of Log ============================

--- --- ---

Addition,txt :

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-06-2014 01
Ran by Ewald Kaufmann at 2014-06-04 14:21:11
Running from C:\Users\Ewald Kaufmann\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

1&1 HomeNet-Client (HKLM\...\1&1 HomeNet-Client) (Version:  - )
3D Live Pool (HKLM\...\3D Live Pool_is1) (Version:  - Etiumsoft, Inc.)
AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1568.4089 - ABBYY Software House)
Ace WINScreen 4.5 (HKLM\...\Ace WINScreen_is1) (Version: 4.5 - Caltrox Software Systems)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AntiBrowserSpy (HKLM\...\{F78B5B4F-075A-4C81-AA27-E707861EB5B7}_is1) (Version: 4.0.110 - Abelssoft)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Software Suite (HKLM\...\{497A1721-088F-41EF-8876-B43C9DA5528B}) (Version: 1.0 - ArcSoft)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
AVM FRITZ!Box USB-Fernanschluss (HKCU\...\f018cf21c0452c64) (Version: 2.2.1.0 - AVM Berlin)
AXIS Media Control Embedded (HKLM\...\AXIS Media Control Embedded) (Version:  - )
Biet-O-Matic v2.14.12 (HKLM\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
BMW TV Version 1.5.0 (HKLM\...\BMW TV_is1) (Version:  - BMW)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MG5300 series Benutzerregistrierung (HKLM\...\Canon MG5300 series Benutzerregistrierung) (Version:  - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - )
Canon MG5300 series On-screen Manual (HKLM\...\Canon MG5300 series On-screen Manual) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.12 - Piriform)
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version:  - )
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DDBAC (HKLM\...\{763231D7-2E4E-44D6-8FC2-6A0C7EDCE3B6}) (Version: 4.3.46 - DataDesign)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version:  - Microsoft)
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.22 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Elevated Installer (Version: 3.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
FileZilla Client 3.3.2.1 (HKLM\...\FileZilla Client) (Version: 3.3.2.1 - )
Firebird SQL Server - MAGIX Edition (HKLM\...\Firebird SQL Server D) (Version: 2.0.1.8 - MAGIX AG)
Freemake Video Converter Version 3.2.1 (HKLM\...\Freemake Video Converter_is1) (Version: 3.2.1 - Ellora Assets Corporation)
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
Garmin BaseCamp (HKLM\...\{EBAC8FD4-28EC-46F7-BF9E-89D6E6673001}) (Version: 4.2.5 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe (Unicode) NT 2014.40 Update (HKLM\...\{D8E9584C-28A2-4C79-ABA6-68710DFF86F9}) (Version: 17.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2014.30 Update (HKLM\...\{F956C0BB-D2FA-4BA5-80D7-AC08E7CD611B}) (Version: 17.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM\...\{C7DD94A8-F775-426C-B56C-8E555A59F9E2}) (Version: 2.9.2 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{a2c69cba-542a-4a49-af31-b8a49349064d}) (Version: 3.1.8.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 3.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 3.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin MapSource (HKLM\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{6C94A234-CA2C-4D3C-81E6-6AAA8069825D}) (Version: 2.5.5 - Garmin Ltd or its subsidiaries)
getPlus(R) for Adobe (HKLM\...\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}) (Version: 1.5.2.35 - NOS Microsystems Ltd.)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.7.0806.10245 - Google)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
Haali Media Splitter (HKLM\...\HaaliMkx) (Version:  - )
InfoTech-Service Freischalt-Center 2.3  (HKLM\...\InfoTech-Service Freischalt-Center) (Version: 2.3 - InfoTech-Service, Christian Rimsl)
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Intel(R) PRO Network Connections 12.2.41.0 (HKLM\...\PROSetDX) (Version: 12.2.41.0 - Intel)
Intel(R) PRO Network Connections 12.2.41.0 (Version: 12.2.41.0 - Intel) Hidden
Intel® Viiv™ Software (HKLM\...\Intel(R) Configuration Center) (Version: 1.7.512.0 - Intel Corporation)
Intel® Viiv™ Software (Version: 1.7.512.0 - Intel Corporation) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version:  - )
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java(TM) 6 Update 4 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160040}) (Version: 1.6.0.40 - Sun Microsystems, Inc.)
Letstrade (HKLM\...\{E0091C29-DEE8-4B24-BF65-8C35B5940D77}) (Version: 1.00.0000 - Buhl Data Service)
LetsTrade Komponenten (HKLM\...\LetsTrade) (Version:  - )
Lexware Info Service (HKLM\...\{59624372-3B85-47f4-9B04-4911E551DF1E}) (Version: 2.61.00.0033 - Lexware GmbH & Co. KG)
Lexware online banking (HKLM\...\{6C35CAC7-27C9-4CB0-BBB8-CBF9994215DA}) (Version: 8.00.00.0067 - Lexware GmbH & Co. KG)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software-Treiberpaket (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
MakeDisc (HKLM\...\{B145EC69-66F5-11D8-9D75-000129760D75}) (Version: 3.0.2516 - CyberLink Corp.)
MakeitOne - MP3AlbumMaker (HKLM\...\{DD6FA976-3F0A-4C6C-A30F-6E75DFC39DE9}) (Version: 1.0.0 - MakeitOne)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MCE Software Encoder 1.1 (HKLM\...\{7655E113-C306-11D9-A373-0050BAE317E1}) (Version: 1.1.0.1918 - CyberLink Corporation)
MediaShow (HKLM\...\{D5A9B7C0-8751-11D8-9D75-000129760D75}) (Version: 3.0.4325 - CyberLink Corporation)
MEDION Fotos auf CD Sued (HKLM\...\MEDION Fotos auf CD Sued D) (Version: 6.0.2.0 - MAGIX AG)
Medion Media Center 0 (HKLM\...\{23CE4550-F67C-4114-88DF-FE923BC13E7F}) (Version: 1.0.12.0 - Medion)
MEDIONbox (HKLM\...\{27FDF949-69CE-435A-8372-339F72336AC5}) (Version: 1.09.0000.00050 - Medion)
MFC RunTime files (Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{A71D5E81-B967-43DB-93D7-FD31BFB95748}) (Version: 3.1.5.0 - Apple Inc.)
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MP3 EasySplitter (Trial) (HKLM\...\MP3 EasySplitter (Trial)_is1) (Version:  - )
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Premium (HKLM\...\{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1031}) (Version: 7.03.1152 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
NimoFilm (HKLM\...\{CE52F670-9E10-4C0A-B0CB-D78BAB0A7923}) (Version: 1.9.21 - Mysher)
NVIDIA 3D Vision Controller-Treiber 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 296.10 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenAL (HKLM\...\OpenAL) (Version:  - )
PC Fresh (HKLM\...\PC Fresh_is1) (Version: 2012 - Abelssoft GmbH)
PC SpeedScan Pro (Version: 7.1.1 - Ascentive) Hidden
Phoenix Service Software 2010.48.004.44602 (HKLM\...\Phoenix Service Software 2010.48.004.44602_is1) (Version:  - leopard Tech)
PHOTOfunSTUDIO 6.1 HD Lite Edition (HKLM\...\{7E653036-DE31-4BFD-96BB-421CC72E06FC}) (Version: 6.01.015 - Panasonic Corporation)
PhotoNow! (HKLM\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.0.4310 - CyberLink Corp.)
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.2.10 - Prolific Technology INC)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2209a - CyberLink Corp.)
PowerDirector (Version: 6.5.2209a - CyberLink Corp.) Hidden
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3118.0 - CyberLink Corporation)
PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 4.2.2504 - CyberLink Corp.)
Quicken 2010 - Servicepack 5 (HKLM\...\{4C9E7EA5-9A3F-4C54-9038-EBB4CF25C29D}) (Version: 17.05.0000 - Lexware GmbH & Co KG)
Quicken 2010 (HKLM\...\InstallShield_{4F8AFA74-1562-4980-8B87-8C07E8DE8FAF}) (Version: 17.00.00.0081 - Lexware GmbH & Co. KG)
Quicken 2010 (Version: 17.00.00.0081 - Lexware GmbH & Co. KG) Hidden
Quicken Import Export Server 2010 (HKLM\...\{7DA9F24A-CEC3-426E-BFFA-ADB94D922463}) (Version: 17.00.00.0048 - Lexware GmbH & Co. KG)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5512 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Rechenbüro Professionell 2004 2.416  (HKLM\...\Rechenbüro Professionell 2004) (Version: 2.416 - InfoTech-Service, Christian Rimsl)
Remote Wonder Series Driver and Control Panel (HKLM\...\X10Hardware) (Version:  - )
Safari (HKLM\...\{C5C649A8-1D21-4C83-9B08-7B3752E580F4}) (Version: 4.30.17.0 - Apple Inc.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.0.12104_15 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.0.12104_15 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.34.0 - SAMSUNG Electronics Co., Ltd.)
Sceneo AbsolutTV (HKLM\...\{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Servicepack Datumsaktualisierung (Version: 1.00.00.0005 - Haufe-Lexware) Hidden
SILKYPIX Developer Studio 3.0 SE (HKLM\...\InstallShield_{B2F25F71-D920-4288-A548-54CD253DEF14}) (Version: 3 - Ichikawa Soft Laboratory)
SILKYPIX Developer Studio 3.0 SE (Version: 3 - Ichikawa Soft Laboratory) Hidden
SimpleScreenshot 1.40 (HKLM\...\SimpleScreenshot) (Version:  - )
Skype Toolbars (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.3.7555 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000004}) (Version: 8.1.0 - Adobe Systems)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Steuer-Spar-Erklärung 2011 (HKLM\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.14 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.13 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
Super LoiLoScope WebShortcut (HKLM\...\{AC589470-884E-4E15-96D8-437780F8185D}) (Version: 1.0.0 - LoiLo)
TAXMAN 2007 (Version: 13.00 - Lexware) Hidden
TerraTec Home Cinema (HKLM\...\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}) (Version: 5.125.0 - )
TextBridge Pro 8.0 (HKLM\...\TextBridge Pro 8.0) (Version:  - )
TopStyle Lite (Version 3.0) (HKLM\...\TopStyle Lite (Version 3.0)) (Version: 3.1.0 - Bradbury Software, LLC)
TubeBox (HKLM\...\{60597b3f-d714-4f4e-8094-be088a31ff25}) (Version: 4.1.1.0 - Freetec)
TubeBox (Version: 4.1.1.0 - Freetec) Hidden
Turbo Lister 2 (HKLM\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
TV Enhance (HKLM\...\{E4C891D6-6844-41B8-86E8-633CACCC644F}) (Version: 1.0.4916 - CyberLink Corp.)
TVsweeper 3 (HKLM\...\{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}) (Version: 3.0.3 - Sonavis)
Ulead PhotoImpact 12 (HKLM\...\{11AFE21E-B193-430D-B57A-DFF7815BB962}) (Version: 12.0 - Ulead System)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VR-NetWorld (HKLM\...\{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}) (Version:  - )
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinGDB3 3.70  (HKLM\...\WinGDB3) (Version: 3.70  - Asyver)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
Wise Registry Cleaner 7.91 (HKLM\...\Wise Registry Cleaner_is1) (Version: 7.91 - WiseCleaner.com, Inc.)
WISO Mein Geld 2009 Professional (HKLM\...\{44061C54-0775-4AE1-B433-79BCC6431817}) (Version: 10.00.0047 - Buhl Data Service GmbH)

==================== Restore Points  =========================

29-04-2014 06:17:06 Windows Update
04-05-2014 06:24:32 Windows Update
07-05-2014 08:27:58 Garmin Express
07-05-2014 08:32:51 Garmin Express
16-05-2014 06:09:29 Windows Update
23-05-2014 19:12:41 Removed Adobe Reader X (10.1.10) - Deutsch.
03-06-2014 06:00:08 Removed Avira SearchFree Toolbar

==================== Hosts content: ==========================

2006-11-02 12:23 - 2009-03-17 19:10 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {09DA815D-5102-4DA5-B1BE-006C5B6A5FC4} - System32\Tasks\Norton Internet Security CBE\Norton Error Analyzer => C:\Program Files\Norton Internet Security CBE\Engine\20.3.1.22\SymErr.exe
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {5076BB9A-3214-4E69-B884-54106A162A33} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Ewald Kaufmann => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {577994AF-79CC-43B9-853F-86A19155E0D8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2643817713-3400089558-1708297070-1004 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {8595EFC3-7FBB-475F-BDFA-E25C7EE8C725} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2643817713-3400089558-1708297070-1004 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {8B7560C0-381D-48E2-BFFE-AAF63897E89E} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-04-23] ()
Task: {8FEAB0EC-2724-4D8F-9DEB-D5BD0AAAD80B} - System32\Tasks\GoogleUpdateTaskMachineCore1ce4d43c6b102c0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-10] (Google Inc.)
Task: {965F8B8C-26CE-447D-8495-818783F20C8A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9DC98D58-5FB0-40CB-8139-D52796C6580A} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {A951737B-1111-423B-84AD-448897E68818} - System32\Tasks\{741E324B-42E2-4875-9954-51C44AAB2EDD} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.8.0.158/de/go/help.faq.installer?LastError=1618
Task: {ABE2DFC5-E788-496C-9F3E-0F2D53D822AC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {B0A79CC2-C6B6-4464-ACE3-FBABA6197949} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2643817713-3400089558-1708297070-1004 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {C9923C71-A490-4849-BDFD-D1AC37A055F0} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {CE9C8633-288E-4FED-99B6-AB7EE5100D77} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-10] (Google Inc.)
Task: {D45667F1-5FBE-470A-9312-5CC01B6ECAEB} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2643817713-3400089558-1708297070-1004 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {D8956B27-58ED-4D7F-B210-F734D74D412A} - System32\Tasks\Norton Internet Security CBE\Norton Error Processor => C:\Program Files\Norton Internet Security CBE\Engine\20.3.1.22\SymErr.exe
Task: {E19412A5-24DC-4B5A-ACD6-325289FF9232} - System32\Tasks\{F93099C5-5AEE-4D14-9D9E-2C45A6A55ADA} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {EDB64326-2C1B-453F-B54A-19DB547CFA0B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-10] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce4d43c6b102c0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2643817713-3400089558-1708297070-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

==================== Loaded Modules (whitelisted) =============

2014-04-29 12:54 - 2012-06-21 07:25 - 00094208 _____ () C:\Windows\System32\redmon32.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-21 20:19 - 2010-03-21 20:19 - 00094208 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2008-03-08 20:52 - 2007-09-20 19:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2008-03-07 14:39 - 1998-12-14 12:06 - 00163328 _____ () C:\Program Files\Common Files\Xerox Shared\easytb32.dll
2008-03-07 14:39 - 1998-12-14 12:06 - 00034304 _____ () C:\Program Files\Common Files\Xerox Shared\VGFILE.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2007-02-12 11:46 - 2007-02-12 11:46 - 00208896 _____ () C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
2014-06-04 14:06 - 2014-06-04 14:06 - 00043008 _____ () C:\Users\Ewald Kaufmann\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcmro2k.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Ewald Kaufmann\AppData\Roaming\Dropbox\bin\libcef.dll
2013-07-11 08:30 - 2013-07-11 08:30 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5b8ee2f1\mscorlib.dll
2013-07-11 08:30 - 2013-07-11 08:30 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_ecc31d15\system.dll
2013-07-11 08:30 - 2013-07-11 08:30 - 03035136 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_0dc2ac08\system.windows.forms.dll
2013-07-11 08:30 - 2013-07-11 08:30 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_fa78f23c\system.xml.dll
2007-10-15 16:38 - 2007-04-13 18:14 - 00006656 _____ () c:\program files\medion\medionbox\program\structconverter.dll
2009-09-17 10:21 - 2009-04-11 08:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2008-02-04 17:28 - 2007-01-09 11:25 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2007-10-22 13:49 - 2007-05-16 22:48 - 00421955 _____ () C:\Program Files\Sceneo\AbsolutTV\Services\PVR\tvtvRemote.dll
2008-02-04 17:30 - 2007-10-19 18:42 - 00290909 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
2008-02-04 17:29 - 2007-10-19 18:42 - 00094208 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLSchRecordMonitor.dll
2008-02-04 17:30 - 2007-12-12 12:21 - 00245858 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLCapEngine.dll
2008-02-04 17:30 - 2007-10-19 18:42 - 00032768 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLCapSvcps.dll
2008-02-04 17:30 - 2007-10-19 18:42 - 00114779 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
2008-02-04 17:30 - 2007-10-19 18:42 - 00114780 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLSchMgr.dll
2008-02-04 17:30 - 2007-10-19 18:42 - 00339968 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLTinyDB.dll
2007-06-27 10:13 - 2007-06-27 10:13 - 00268504 _____ () C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
2007-06-27 10:14 - 2007-06-27 10:14 - 00325848 _____ () C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\xmb_mediaserver.dll
2007-06-27 10:13 - 2007-06-27 10:13 - 00563416 _____ () C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\xmb_client.dll
2007-06-27 10:14 - 2007-06-27 10:14 - 00070872 _____ () C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\xmb_mediaspace.dll
2007-06-27 10:14 - 2007-06-27 10:14 - 00219352 _____ () C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\xmb_import.dll
2007-06-27 10:14 - 2007-06-27 10:14 - 00041176 _____ () C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\lib\mediaserver\mediaserver_aggregate.dll
2007-06-27 10:14 - 2007-06-27 10:14 - 00030424 _____ () C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\lib\mediaserver\mediaserver_sync.dll
2007-06-27 10:14 - 2007-06-27 10:14 - 00025304 _____ () C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\lib\mediaserver\mediaserver_tunisauth.dll
2007-06-27 10:14 - 2007-06-27 10:14 - 00104664 _____ () C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\lib\mediaserver\mediaserver_tunists.dll
2007-06-27 10:14 - 2007-06-27 10:14 - 00088280 _____ () C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\lib\mediaserver\mediaserver_upnp.dll
2007-06-27 10:14 - 2007-06-27 10:14 - 00026328 _____ () C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\lib\mediaserver\mediaserver_upnppower.dll
2007-06-27 10:14 - 2007-06-27 10:14 - 00065240 _____ () C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\xmb_upnppower.dll
2007-06-27 10:14 - 2007-06-27 10:14 - 00027864 _____ () C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\lib\mediaserver\mediaserver_xrturi.dll
2007-06-27 10:14 - 2007-06-27 10:14 - 00252120 _____ () C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\lib\mediaserver\mediaserver_zcardea.dll
2009-12-27 22:48 - 2004-05-26 00:06 - 00417792 _____ () C:\Windows\system32\ac3filter.ax
2009-10-06 09:16 - 2009-10-06 09:16 - 00077824 _____ () C:\Program Files\MyFree Codec\1.0b beta\XVID-CORE\xvid.ax

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO -viewer-.lnk => C:\Windows\pss\PHOTOfunSTUDIO -viewer-.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VR-NetWorld Auftragsprüfung.lnk => C:\Windows\pss\VR-NetWorld Auftragsprüfung.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Ewald Kaufmann^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Ewald Kaufmann^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CCUTRAYICON => C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
MSCONFIG\startupreg: FreePDF Assistant => C:\Program Files\FreePDF_XP\fpassist.exe
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: InstantAccess => C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPDLR => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Remote Control Editor => "C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TVEService => "C:\Program Files\HomeCinema\TV Enhance\TVEService.exe"

==================== Faulty Device Manager Devices =============

Name: Microsoft-ISATAP-Adapter #3
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-ISATAP-Adapter #4
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-ISATAP-Adapter #5
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-ISATAP-Adapter #6
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-ISATAP-Adapter #9
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (06/03/2014 11:51:23 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\COMBOFIX\TEMP02> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/03/2014 11:51:23 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\COMBOFIX\TEMP02> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/03/2014 11:51:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\COMBOFIX\REGRUNS01> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/03/2014 11:51:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\COMBOFIX\REGRUNS0A> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/03/2014 11:51:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\COMBOFIX\REGRUNORIC> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/03/2014 11:45:22 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\COMBOFIX\TEMP4900> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/03/2014 11:44:00 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\COMBOFIX\TEMP3700> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/03/2014 11:37:41 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\COMBOFIX\TEMP0201> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/03/2014 11:37:41 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\COMBOFIX\TEMP0201> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/03/2014 11:37:37 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\COMBOFIX\TEMP0002> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)


System errors:
=============
Error: (06/04/2014 02:09:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (06/04/2014 02:09:07 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (06/04/2014 02:07:45 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (06/04/2014 02:06:41 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt

Error: (06/04/2014 02:06:40 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: X10 Device Network Service

Error: (06/04/2014 02:04:20 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (06/04/2014 02:04:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Avira Browser-Schutz%%1260

Error: (06/04/2014 02:02:48 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT-AUTORITÄT)
Description: 2147942402

Error: (06/04/2014 10:41:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (06/04/2014 10:41:24 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330


Microsoft Office Sessions:
=========================
Error: (06/03/2014 11:51:23 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\COMBOFIX\TEMP02

Error: (06/03/2014 11:51:23 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\COMBOFIX\TEMP02

Error: (06/03/2014 11:51:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\COMBOFIX\REGRUNS01

Error: (06/03/2014 11:51:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\COMBOFIX\REGRUNS0A

Error: (06/03/2014 11:51:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\COMBOFIX\REGRUNORIC

Error: (06/03/2014 11:45:22 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\COMBOFIX\TEMP4900

Error: (06/03/2014 11:44:00 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\COMBOFIX\TEMP3700

Error: (06/03/2014 11:37:41 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\COMBOFIX\TEMP0201

Error: (06/03/2014 11:37:41 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\COMBOFIX\TEMP0201

Error: (06/03/2014 11:37:37 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\COMBOFIX\TEMP0002


CodeIntegrity Errors:
===================================
  Date: 2014-06-04 14:21:00.626
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-04 14:21:00.376
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-04 14:21:00.142
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-04 14:20:59.893
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-04 14:20:59.643
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-04 14:20:59.393
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-04 14:20:59.144
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-04 14:20:58.894
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-04 14:20:58.504
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-04 14:20:58.255
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 45%
Total physical RAM: 3069.45 MB
Available physical RAM: 1669.07 MB
Total Pagefile: 6349.77 MB
Available Pagefile: 4829.01 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.65 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:445.76 GB) (Free:135.79 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:19.99 GB) (Free:9.5 GB) FAT32
Drive f: () (Removable) (Total:14.83 GB) (Free:10.83 GB) FAT32
Drive j: (HD-PVU2) (Fixed) (Total:465.76 GB) (Free:309.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 2BAB359D)
Partition 1: (Active) - (Size=446 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=20 GB) - (Type=OF Extended)

========================================================
Disk: 4 (Size: 466 GB) (Disk ID: E8814535)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)

==================== End Of Log ============================

Machiavelli · 04.06.2014, 14:41

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Users\All Users\IhijUshe.dat
C:\ProgramData\IhijUshe.dat
C:\Users\Ewald Kaufmann\AppData\Local\Downloaded Installations\{FB20D3A1-7281-4136-BE99-10838BAE8B18}
C:\Users\Ewald Kaufmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\1fbc2305-6156967d
C:\Users\Ewald Kaufmann\AppData\Roaming\Mozilla\Firefox\Profiles\0u2s3apf.default\prefs.js.bak
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3VINL9I3
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FQ5PXKA4
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GT6P9KWF
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JG5V8NTX
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKU\S-1-5-21-2643817713-3400089558-1708297070-1004\...\Run: [IhijUshe] => regsvr32.exe "C:\ProgramData\IhijUshe.dat"
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
2014-05-29 21:43 - 2013-05-06 14:47 - 00000000 ____D () C:\Users\Ewald 
Folder: Kaufmann\_TEMP
Folder: C:\Users\Public\Öffentliche TEMP
C:\Users\Ewald Kaufmann\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcmro2k.dll

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Danach,

Bitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan.

AntiVir - Dieses Programm wurde duch eine Gruppenrichtlinie geblockt.

Log-Analyse und Auswertung: AntiVir - Dieses Programm wurde duch eine Gruppenrichtlinie geblockt.