Download Protect in Firefox läßt sich nicht dauerhaft entfernen - Windows 8.1

nobiruhr · 09.06.2014, 14:50

Hallo Trojaner-Board-Team,

ich bin neu hier, und auch nicht so beschlagen in der PC Welt, bitte etwas Nachsicht, wenn alles nicht gleich perfekt ist.

Habe heute entdeckt, dass ich dieses üble Add-on eingefangen habe, keine Ahnung wobei.
Und gleichzeitig Euer hilfreiches Board gesehen, offensichtlich gibt es hier nicht die eine Lösung, die für alles passt, sondern jedes Problem ist anderst.

Habe wie verlangt die Logfiles erstellt, nur bei GMER bin ich mir unsicher, weil ich keinen dedizierten Virenscanner habe, sondern m.E. den von Windows8 nutze. Bitte von daher um Hinweise, wie ich den ggf. abschalten kann. Ich liefere das GMER dann nach.

Vielen Dank vorab und Grüße aus dem Ruhrpott

Ruhrnobi

Hier das FRST-file:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-06-2014 01
Ran by Norbert Haag (administrator) on NORBERTHAAG-HP on 09-06-2014 15:21:07
Running from C:\Users\Norbert Haag\Downloads
Platform: Windows 8.1 Pro with Media Center (Update 1) (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\System32\Nlsdl64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\System32\DlProtectSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
() C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
() C:\Program Files (x86)\Hardcopy\hcdll2_ex_x64.exe
() C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHWE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHWE.EXE
() C:\Program Files (x86)\Medion AG\NSU\NSU.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(PIXELA CORPORATION) C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Norbert Haag\AppData\Roaming\Dropbox\bin\Dropbox.exe
(sw4you, Siegfried Weckmann) C:\Program Files (x86)\Hardcopy\hardcopy.exe
(Adobe Sytems Incorporated) C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
() C:\ProgramData\dlprotect.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [EPSON Stylus DX4200] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_FATIAEE.EXE [98304 2005-03-08] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764544 2012-09-14] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-14] (Atheros Communications)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-05-31] (IDT, Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-12-20] (Synaptics Incorporated)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] ()
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2013-06-01] (Intel Corporation)
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-09-28] (Memeo Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2013-11-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Version Cue CS2] => C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2014-03-13] (Sony Corporation)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [683656 2013-06-05] (PDF Complete Inc)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-08-07] (CyberLink Corp.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-10-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Download Protect] => C:\ProgramData\dlprotect.exe [12800 2014-05-14] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-27] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHWE.EXE [241280 2013-03-23] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [EPLTarget\P0000000000000002] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHWE.EXE [241280 2013-03-23] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [NSU] => C:\Program Files (x86)\Medion AG\NSU\NSU.exe [1789440 2011-10-20] ()
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2013-09-30] (Microsoft Corporation)
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1713416 2013-08-07] (CyberLink Corp.)
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [473496 2013-10-21] (TomTom)
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.4.lnk
ShortcutTarget: ImageMixer 3 SE Camera Monitor Ver.4.lnk -> C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TraXEx 4.0.lnk
ShortcutTarget: TraXEx 4.0.lnk -> C:\Program Files (x86)\TraXEx\TraXEx.exe (Alexander Miehlke Softwareentwicklung)
Startup: C:\Users\Norbert Haag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Norbert Haag\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Norbert Haag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
ShortcutTarget: Hardcopy.LNK -> C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - DefaultScope {12DEB332-337B-424F-B221-171F6B645E20} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {12DEB332-337B-424F-B221-171F6B645E20} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Norbert Haag\AppData\Roaming\Mozilla\Firefox\Profiles\vq1suljs.default-1400139493461
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de?hl=de&gl=de
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop - C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Norbert Haag\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Norbert Haag\AppData\Roaming\Mozilla\Firefox\Profiles\vq1suljs.default-1400139493461\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-02-02]
FF Extension: Download Protect - C:\WINDOWS\Installer\{3AAD13D1-999B-4311-A006-2DDD704E13CF}\{BE274E68-3CF3-453A-8286-C08508EE8238}.xpi [2014-06-09]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-02-02]
FF HKLM-x32\...\Firefox\Extensions: [{BE274E68-3CF3-453A-8286-C08508EE8238}] - C:\WINDOWS\Installer\{3AAD13D1-999B-4311-A006-2DDD704E13CF}\{BE274E68-3CF3-453A-8286-C08508EE8238}.xpi
FF Extension: Download Protect - C:\WINDOWS\Installer\{3AAD13D1-999B-4311-A006-2DDD704E13CF}\{BE274E68-3CF3-453A-8286-C08508EE8238}.xpi [2014-06-09]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

==================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-30] (Adobe Systems)
R2 Adobe Version Cue CS2; C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-09-14] (Qualcomm Atheros Commnucations)
R2 DivXDodecVersionChecker; C:\WINDOWS\system32\Nlsdl64.exe [120832 2014-05-14] ()
R2 DlProtectSvc; C:\Windows\System32\DlProtectSvc.exe [124928 2014-05-14] ()
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-10-16] (Hewlett-Packard Company)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-10-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-10-25] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155856 2014-06-03] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2013-11-05] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-06-05] (PDF Complete Inc)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-02-16] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] ()
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2012-02-03] (ArcSoft, Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-05] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2013-11-05] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-14] (Atheros)
S2 Update raving reyven; "C:\Program Files (x86)\raving reyven\updateravingreyven.exe" [X]

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-14] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2013-11-05] (Microsoft Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [1866080 2012-11-20] ()
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
R1 {e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64; C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys [61120 2014-04-24] (StdLib)
U3 idsvc; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-09 15:21 - 2014-06-09 15:21 - 00030259 _____ () C:\Users\Norbert Haag\Downloads\FRST.txt
2014-06-09 15:20 - 2014-06-09 15:21 - 00000000 ____D () C:\FRST
2014-06-09 15:19 - 2014-06-09 15:19 - 02080768 _____ (Farbar) C:\Users\Norbert Haag\Downloads\FRST64.exe
2014-06-09 15:18 - 2014-06-09 15:18 - 00000486 _____ () C:\Users\Norbert Haag\Downloads\defogger_disable.log
2014-06-09 15:18 - 2014-06-09 15:18 - 00000000 _____ () C:\Users\Norbert Haag\defogger_reenable
2014-06-09 15:17 - 2014-06-09 15:17 - 00050477 _____ () C:\Users\Norbert Haag\Downloads\Defogger.exe
2014-06-09 13:46 - 2014-06-09 13:46 - 00544502 _____ () C:\Users\Norbert Haag\Desktop\bookmarks-2014-06-09.json
2014-06-02 16:48 - 2014-06-02 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-02 16:48 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-06-02 16:48 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-06-02 16:48 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-06-02 16:48 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-06-02 16:47 - 2014-06-02 16:48 - 00004563 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_60-b19.log
2014-05-30 07:37 - 2014-05-30 07:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-05-30 07:37 - 2014-05-30 07:37 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-05-26 21:58 - 2014-05-26 21:58 - 00001042 _____ () C:\Users\Public\Desktop\Roadkil's Unstoppable Copier.lnk
2014-05-26 21:58 - 2014-05-26 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roadkil.Net
2014-05-26 21:58 - 2014-05-26 21:58 - 00000000 ____D () C:\Program Files (x86)\Roadkil.Net
2014-05-26 21:56 - 2014-05-26 21:57 - 00427256 _____ (Roadkil.Net ) C:\Users\Norbert Haag\Downloads\UnstopCpy_5_2_Win2K_UP_Setup(1).exe
2014-05-26 19:28 - 2014-05-26 19:28 - 00012267 _____ () C:\Users\Norbert Haag\Desktop\AdwCleaner[S1].txt
2014-05-26 19:09 - 2014-05-26 19:25 - 00000000 ____D () C:\AdwCleaner
2014-05-26 19:08 - 2014-05-26 19:08 - 01327971 _____ () C:\Users\Norbert Haag\Downloads\adwcleaner_3.211.exe
2014-05-26 14:13 - 2014-05-26 14:13 - 00002081 _____ () C:\Users\Norbert Haag\Desktop\Reader for PC.lnk
2014-05-26 14:13 - 2014-05-26 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reader for pc
2014-05-26 12:25 - 2014-05-26 12:25 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-26 12:25 - 2014-05-26 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-26 12:24 - 2014-05-26 12:25 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-26 12:24 - 2014-05-26 12:25 - 00000000 ____D () C:\Program Files\iTunes
2014-05-26 12:24 - 2014-05-26 12:25 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-26 12:24 - 2014-05-26 12:24 - 00000000 ____D () C:\Program Files\iPod
2014-05-26 12:21 - 2014-05-26 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-05-26 12:20 - 2014-05-26 12:21 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-05-26 08:53 - 2014-05-26 08:53 - 00098822 _____ () C:\Users\Norbert Haag\Downloads\DesktopOK_393.zip
2014-05-24 11:19 - 2014-05-24 11:19 - 00001085 _____ () C:\Users\Norbert Haag\Desktop\Exifsorter - Bilder Titel.lnk
2014-05-20 08:41 - 2014-06-07 17:46 - 00000728 __RSH () C:\ProgramData\ntuser.pol
2014-05-17 16:41 - 2014-05-17 16:51 - 405405696 _____ () C:\Users\Norbert Haag\Desktop\2001 bis 2009 Rückblick mit Fotos.iso
2014-05-15 09:38 - 2014-05-15 09:38 - 00000000 ____D () C:\Users\Norbert Haag\Desktop\Alte Firefox-Daten
2014-05-14 21:21 - 2014-05-01 22:30 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-14 21:21 - 2014-05-01 22:30 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 13:06 - 2014-04-24 12:33 - 00061120 _____ (StdLib) C:\WINDOWS\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys
2014-05-14 11:40 - 2014-05-17 16:40 - 00000026 _____ () C:\Users\Norbert Haag\AppData\Local\isoworkshop.ini
2014-05-14 11:39 - 2014-05-14 11:39 - 00001211 _____ () C:\Users\Public\Desktop\ISO Workshop.lnk
2014-05-14 11:39 - 2014-05-14 11:39 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\dlg
2014-05-14 11:36 - 2014-05-14 11:36 - 00124928 _____ () C:\WINDOWS\system32\DlProtectSvc.exe
2014-05-14 11:36 - 2014-05-14 11:36 - 00120832 _____ () C:\WINDOWS\system32\Nlsdl64.exe
2014-05-14 11:36 - 2014-05-14 11:36 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2014-05-14 11:35 - 2014-05-14 11:35 - 00000000 ____D () C:\Program Files (x86)\PlusSHD-9.9
2014-05-14 11:32 - 2014-05-14 11:32 - 00468104 _____ () C:\Users\Norbert Haag\Downloads\isoworkshop-Downloader.exe
2014-05-14 08:02 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-14 08:02 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-14 08:02 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-14 08:02 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-14 08:02 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-05-14 08:02 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-05-14 08:02 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-14 08:02 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-14 08:02 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-05-14 08:02 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-05-14 08:02 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-05-14 08:02 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-05-14 08:02 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-05-14 08:01 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-05-14 08:01 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-05-14 08:01 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-14 08:01 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-05-14 08:01 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-05-14 08:01 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-05-14 08:01 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-05-14 08:01 - 2014-04-11 05:36 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-05-14 08:01 - 2014-04-11 05:24 - 13288960 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-05-14 08:01 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-14 08:01 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 08:01 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-14 08:01 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 08:01 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-05-14 08:01 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-05-14 08:01 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-14 08:01 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-14 08:01 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-05-14 08:01 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-05-14 08:01 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-05-14 08:01 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-05-14 08:01 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-05-14 08:01 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-05-14 08:01 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-14 08:01 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-14 08:01 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-05-14 08:01 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-05-14 07:59 - 2014-03-27 11:12 - 21225584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-05-14 07:59 - 2014-03-27 09:48 - 18679728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-05-13 23:59 - 2014-05-13 23:59 - 00001019 _____ () C:\Users\Public\Desktop\UltraISO.lnk
2014-05-13 23:59 - 2014-05-13 23:59 - 00000000 ____D () C:\Users\Norbert Haag\Documents\My ISO Files
2014-05-13 23:59 - 2014-05-13 23:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
2014-05-13 23:59 - 2014-05-13 23:59 - 00000000 ____D () C:\Program Files (x86)\UltraISO
2014-05-13 23:51 - 2014-05-13 23:51 - 00000991 _____ () C:\Users\Public\Desktop\WinRAR.lnk
2014-05-13 23:51 - 2014-05-13 23:51 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\WinRAR
2014-05-13 23:51 - 2014-05-13 23:51 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-13 23:51 - 2014-05-13 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-13 23:50 - 2014-05-13 23:51 - 00000000 ____D () C:\Program Files\WinRAR
2014-05-13 23:50 - 2014-05-13 23:50 - 02087600 _____ () C:\Users\Norbert Haag\Downloads\winrar-x64-501d.exe
2014-05-13 22:52 - 2014-05-13 23:57 - 00000000 ____D () C:\Users\Norbert Haag\Downloads\UltraISO Premium Edition v9.6.0.3000
2014-05-13 21:44 - 2014-05-13 21:45 - 04313108 _____ () C:\Users\Norbert Haag\Downloads\UltraISO Premium Edition v9.6.0.3000.rar
2014-05-13 20:25 - 2014-05-13 20:25 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\ImgBurn
2014-05-13 20:06 - 2014-05-13 20:06 - 00001889 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2014-05-13 20:06 - 2014-05-13 20:06 - 00001877 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
2014-05-13 20:06 - 2014-05-13 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2014-05-13 20:05 - 2014-05-13 20:05 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-05-13 20:04 - 2014-05-13 20:04 - 03469871 _____ (LIGHTNING UK!) C:\Users\Norbert Haag\Downloads\SetupImgBurn_2.5.8.0.exe
2014-05-13 19:47 - 2014-06-07 17:13 - 00016072 _____ () C:\Users\Norbert Haag\Desktop\Sicherungen Film Musik sonst Überblick.xlsx
2014-05-13 18:48 - 2014-05-26 22:16 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\dvdcss
2014-05-13 18:20 - 2014-05-13 18:20 - 01029080 _____ (CyberLink) C:\Users\Norbert Haag\Downloads\CyberLink_PowerDirector_Downloader.exe
2014-05-11 11:09 - 2014-05-11 11:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-06-09 15:21 - 2014-06-09 15:21 - 00030259 _____ () C:\Users\Norbert Haag\Downloads\FRST.txt
2014-06-09 15:21 - 2014-06-09 15:20 - 00000000 ____D () C:\FRST
2014-06-09 15:21 - 2013-11-05 13:19 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Local\Temp
2014-06-09 15:20 - 2012-11-29 18:23 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\Skype
2014-06-09 15:19 - 2014-06-09 15:19 - 02080768 _____ (Farbar) C:\Users\Norbert Haag\Downloads\FRST64.exe
2014-06-09 15:18 - 2014-06-09 15:18 - 00000486 _____ () C:\Users\Norbert Haag\Downloads\defogger_disable.log
2014-06-09 15:18 - 2014-06-09 15:18 - 00000000 _____ () C:\Users\Norbert Haag\defogger_reenable
2014-06-09 15:18 - 2013-11-05 13:19 - 00000000 ____D () C:\Users\Norbert Haag
2014-06-09 15:17 - 2014-06-09 15:17 - 00050477 _____ () C:\Users\Norbert Haag\Downloads\Defogger.exe
2014-06-09 15:07 - 2013-02-05 23:02 - 00000000 ____D () C:\Users\Norbert Haag\Documents\Outlook-Dateien
2014-06-09 15:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-06-09 14:49 - 2013-10-10 22:18 - 00001152 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-09 14:40 - 2013-11-05 13:17 - 01197751 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-09 14:28 - 2013-01-05 16:07 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-09 14:23 - 2013-09-30 06:14 - 02076070 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-09 14:23 - 2013-09-30 05:58 - 00882614 _____ () C:\WINDOWS\system32\perfh007.dat
2014-06-09 14:23 - 2013-09-30 05:58 - 00202666 _____ () C:\WINDOWS\system32\perfc007.dat
2014-06-09 14:22 - 2013-12-18 11:28 - 00000000 __RDO () C:\Users\Norbert Haag\SkyDrive
2014-06-09 14:21 - 2014-05-03 09:07 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\DropboxMaster
2014-06-09 14:21 - 2013-10-10 22:18 - 00001148 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-09 14:21 - 2013-03-01 16:54 - 00000000 ___RD () C:\Users\Norbert Haag\Dropbox
2014-06-09 14:21 - 2013-03-01 16:51 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\Dropbox
2014-06-09 14:21 - 2012-12-09 15:58 - 00000000 ____D () C:\Users\Norbert Haag\NSU
2014-06-09 14:19 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-06-09 14:19 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-09 14:19 - 2012-04-16 05:16 - 00000000 ____D () C:\ProgramData\PDFC
2014-06-09 14:18 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-06-09 13:46 - 2014-06-09 13:46 - 00544502 _____ () C:\Users\Norbert Haag\Desktop\bookmarks-2014-06-09.json
2014-06-09 12:25 - 2013-02-07 14:00 - 00000000 ____D () C:\Users\Norbert Haag\Documents\WISO Mein Geld
2014-06-08 21:00 - 2012-11-29 12:52 - 00003982 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C158A91F-5486-490B-9002-3EA32ED42ED0}
2014-06-08 20:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-06-07 17:47 - 2014-02-27 16:18 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-07 17:47 - 2012-06-29 17:06 - 00000000 ____D () C:\ProgramData\Skype
2014-06-07 17:46 - 2014-05-20 08:41 - 00000728 __RSH () C:\ProgramData\ntuser.pol
2014-06-07 17:44 - 2013-09-29 21:05 - 00016498 _____ () C:\WINDOWS\PFRO.log
2014-06-07 17:44 - 2013-02-02 16:40 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-06-07 17:44 - 2012-12-09 13:29 - 00000390 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForNorbert Haag.job
2014-06-07 17:13 - 2014-05-13 19:47 - 00016072 _____ () C:\Users\Norbert Haag\Desktop\Sicherungen Film Musik sonst Überblick.xlsx
2014-06-06 18:19 - 2013-02-07 12:39 - 00000000 ____D () C:\Users\Norbert Haag\Desktop\Persönlich
2014-06-06 15:44 - 2013-08-22 16:46 - 00331948 _____ () C:\WINDOWS\setupact.log
2014-06-06 12:23 - 2012-12-09 13:29 - 00003218 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForNorbert Haag
2014-06-06 12:23 - 2012-11-29 18:32 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-06-06 12:22 - 2013-02-15 13:50 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-03 19:37 - 2013-10-09 13:53 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\vlc
2014-06-02 17:30 - 2012-12-30 17:22 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2157886841-597143831-284766362-1002
2014-06-02 16:48 - 2014-06-02 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-02 16:48 - 2014-06-02 16:47 - 00004563 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_60-b19.log
2014-06-02 16:48 - 2014-01-08 11:16 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-02 16:48 - 2013-10-16 22:42 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-30 14:15 - 2013-10-05 23:23 - 00007680 _____ () C:\Users\Norbert Haag\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-30 13:43 - 2014-02-05 12:24 - 00000000 ____D () C:\Users\Norbert Haag\Desktop\Transfer auf NAS
2014-05-30 13:43 - 2013-07-05 17:37 - 00000000 ____D () C:\Users\Norbert Haag\Desktop\Programme
2014-05-30 07:37 - 2014-05-30 07:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-05-30 07:37 - 2014-05-30 07:37 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-05-30 07:37 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2014-05-30 07:37 - 2013-04-11 13:41 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-05-29 17:55 - 2013-04-05 12:23 - 00000000 ____D () C:\ProgramData\AAV
2014-05-29 13:49 - 2012-11-29 12:53 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Local\PDFC
2014-05-29 12:34 - 2013-05-22 12:48 - 00000718 _____ () C:\Users\Norbert Haag\Documents\OuProxy.log
2014-05-29 09:02 - 2014-04-29 11:23 - 00002221 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2014.lnk
2014-05-26 22:16 - 2014-05-13 18:48 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\dvdcss
2014-05-26 21:58 - 2014-05-26 21:58 - 00001042 _____ () C:\Users\Public\Desktop\Roadkil's Unstoppable Copier.lnk
2014-05-26 21:58 - 2014-05-26 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roadkil.Net
2014-05-26 21:58 - 2014-05-26 21:58 - 00000000 ____D () C:\Program Files (x86)\Roadkil.Net
2014-05-26 21:57 - 2014-05-26 21:56 - 00427256 _____ (Roadkil.Net ) C:\Users\Norbert Haag\Downloads\UnstopCpy_5_2_Win2K_UP_Setup(1).exe
2014-05-26 19:28 - 2014-05-26 19:28 - 00012267 _____ () C:\Users\Norbert Haag\Desktop\AdwCleaner[S1].txt
2014-05-26 19:25 - 2014-05-26 19:09 - 00000000 ____D () C:\AdwCleaner
2014-05-26 19:08 - 2014-05-26 19:08 - 01327971 _____ () C:\Users\Norbert Haag\Downloads\adwcleaner_3.211.exe
2014-05-26 16:58 - 2013-08-22 16:44 - 00470984 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-05-26 14:13 - 2014-05-26 14:13 - 00002081 _____ () C:\Users\Norbert Haag\Desktop\Reader for PC.lnk
2014-05-26 14:13 - 2014-05-26 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reader for pc
2014-05-26 14:13 - 2013-03-16 17:12 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Local\Sony Corporation
2014-05-26 12:25 - 2014-05-26 12:25 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-26 12:25 - 2014-05-26 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-26 12:25 - 2014-05-26 12:24 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-26 12:25 - 2014-05-26 12:24 - 00000000 ____D () C:\Program Files\iTunes
2014-05-26 12:25 - 2014-05-26 12:24 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-26 12:24 - 2014-05-26 12:24 - 00000000 ____D () C:\Program Files\iPod
2014-05-26 12:21 - 2014-05-26 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-05-26 12:21 - 2014-05-26 12:20 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-05-26 12:21 - 2013-05-21 12:48 - 00000000 ____D () C:\ProgramData\Apple
2014-05-26 08:53 - 2014-05-26 08:53 - 00098822 _____ () C:\Users\Norbert Haag\Downloads\DesktopOK_393.zip
2014-05-24 22:49 - 2013-03-01 16:52 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-24 22:49 - 2012-11-29 12:52 - 00000000 ___RD () C:\Users\Norbert Haag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-24 11:19 - 2014-05-24 11:19 - 00001085 _____ () C:\Users\Norbert Haag\Desktop\Exifsorter - Bilder Titel.lnk
2014-05-18 18:59 - 2013-04-27 11:30 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-17 16:51 - 2014-05-17 16:41 - 405405696 _____ () C:\Users\Norbert Haag\Desktop\2001 bis 2009 Rückblick mit Fotos.iso
2014-05-17 16:40 - 2014-05-14 11:40 - 00000026 _____ () C:\Users\Norbert Haag\AppData\Local\isoworkshop.ini
2014-05-17 16:16 - 2014-04-11 19:08 - 00000000 ____D () C:\Users\Norbert Haag\Desktop\2014 Renovierung
2014-05-16 06:55 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-05-15 09:38 - 2014-05-15 09:38 - 00000000 ____D () C:\Users\Norbert Haag\Desktop\Alte Firefox-Daten
2014-05-14 21:26 - 2012-11-29 12:52 - 00000000 ___RD () C:\Users\Norbert Haag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 21:18 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-05-14 21:18 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 21:18 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 21:18 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-05-14 21:18 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-05-14 21:18 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-14 21:18 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-14 11:39 - 2014-05-14 11:39 - 00001211 _____ () C:\Users\Public\Desktop\ISO Workshop.lnk
2014-05-14 11:39 - 2014-05-14 11:39 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\dlg
2014-05-14 11:36 - 2014-05-14 11:36 - 00124928 _____ () C:\WINDOWS\system32\DlProtectSvc.exe
2014-05-14 11:36 - 2014-05-14 11:36 - 00120832 _____ () C:\WINDOWS\system32\Nlsdl64.exe
2014-05-14 11:36 - 2014-05-14 11:36 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2014-05-14 11:35 - 2014-05-14 11:35 - 00000000 ____D () C:\Program Files (x86)\PlusSHD-9.9
2014-05-14 11:32 - 2014-05-14 11:32 - 00468104 _____ () C:\Users\Norbert Haag\Downloads\isoworkshop-Downloader.exe
2014-05-14 09:31 - 2013-01-30 20:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 09:30 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-05-14 09:23 - 2013-07-13 21:59 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-14 09:19 - 2012-12-02 13:50 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-13 23:59 - 2014-05-13 23:59 - 00001019 _____ () C:\Users\Public\Desktop\UltraISO.lnk
2014-05-13 23:59 - 2014-05-13 23:59 - 00000000 ____D () C:\Users\Norbert Haag\Documents\My ISO Files
2014-05-13 23:59 - 2014-05-13 23:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
2014-05-13 23:59 - 2014-05-13 23:59 - 00000000 ____D () C:\Program Files (x86)\UltraISO
2014-05-13 23:57 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Norbert Haag\Downloads\UltraISO Premium Edition v9.6.0.3000
2014-05-13 23:51 - 2014-05-13 23:51 - 00000991 _____ () C:\Users\Public\Desktop\WinRAR.lnk
2014-05-13 23:51 - 2014-05-13 23:51 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\WinRAR
2014-05-13 23:51 - 2014-05-13 23:51 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-13 23:51 - 2014-05-13 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-13 23:51 - 2014-05-13 23:50 - 00000000 ____D () C:\Program Files\WinRAR
2014-05-13 23:50 - 2014-05-13 23:50 - 02087600 _____ () C:\Users\Norbert Haag\Downloads\winrar-x64-501d.exe
2014-05-13 22:17 - 2012-11-29 18:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-13 21:45 - 2014-05-13 21:44 - 04313108 _____ () C:\Users\Norbert Haag\Downloads\UltraISO Premium Edition v9.6.0.3000.rar
2014-05-13 20:28 - 2013-01-05 16:07 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-05-13 20:25 - 2014-05-13 20:25 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\ImgBurn
2014-05-13 20:06 - 2014-05-13 20:06 - 00001889 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2014-05-13 20:06 - 2014-05-13 20:06 - 00001877 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
2014-05-13 20:06 - 2014-05-13 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2014-05-13 20:05 - 2014-05-13 20:05 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-05-13 20:04 - 2014-05-13 20:04 - 03469871 _____ (LIGHTNING UK!) C:\Users\Norbert Haag\Downloads\SetupImgBurn_2.5.8.0.exe
2014-05-13 18:35 - 2013-07-26 13:07 - 00000000 ____D () C:\Users\Norbert Haag\Downloads\Cyberlink
2014-05-13 18:25 - 2012-04-16 05:25 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-13 18:24 - 2012-12-31 12:19 - 00000000 ____D () C:\ProgramData\Temp
2014-05-13 18:21 - 2012-12-31 12:22 - 00000000 ____D () C:\ProgramData\CyberLink
2014-05-13 18:20 - 2014-05-13 18:20 - 01029080 _____ (CyberLink) C:\Users\Norbert Haag\Downloads\CyberLink_PowerDirector_Downloader.exe
2014-05-12 19:00 - 2014-03-20 13:32 - 00000000 ___RD () C:\Users\Norbert Haag\Desktop\2014 Reisen
2014-05-11 11:09 - 2014-05-11 11:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 13:44 - 2013-10-10 22:18 - 00004124 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-10 13:44 - 2013-10-10 22:18 - 00003888 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

Files to move or delete:
====================
C:\ProgramData\dlprotect.exe


Some content of TEMP:
====================
C:\Users\Norbert Haag\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgng30i.dll
C:\Users\Norbert Haag\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Norbert Haag\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Norbert Haag\AppData\Local\Temp\Quarantine.exe
C:\Users\Norbert Haag\AppData\Local\Temp\sp64126.exe
C:\Users\Norbert Haag\AppData\Local\Temp\tmp57AC.exe
C:\Users\Norbert Haag\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Norbert Haag\AppData\Local\Temp\unrar.dll
C:\Users\Norbert Haag\AppData\Local\Temp\vlc-2.1.4-win64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-07 05:02

==================== End Of Log ============================

Das addition-File ist etwas zu groß, ich komme über die zugelassenen 120000 Zeichen.
Deswegen als Text angehängt.

schrauber · 09.06.2014, 15:58

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

nobiruhr · 09.06.2014, 16:27

Hallo Schrauber,

verstanden, ich hänge das addition Log hier an:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-06-2014 01
Ran by Norbert Haag at 2014-06-09 15:22:03
Running from C:\Users\Norbert Haag\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7 Sticky Notes (HKLM-x32\...\{2DB7DD8E-F17B-408A-B93B-92867EF7974D}_is1) (Version:  - Fabio Martin)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Bridge 1.0 (x32 Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Creative Suite 2 (HKLM-x32\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version:  - )
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe Illustrator CS2 (x32 Version: 12.000.000 - Adobe Systems Inc.) Hidden
Adobe InDesign CS2 (x32 Version: 004.000.000 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Adobe Version Cue CS2 (x32 Version: 2.0 - Adobe Systems, Inc.) Hidden
Ahnenblatt 2.74 (HKLM-x32\...\Ahnenblatt_is1) (Version: 2.74.0.1 - Dirk Boettcher)
AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{45324571-83B7-307A-6114-DAE65A50DC8E}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Media Foundation Decoders (Version: 1.0.70329.2315 - Advanced Micro Devices, Inc.) Hidden
AmoK Exif Sorter 2.5.6 (nur deinstallieren) (HKLM-x32\...\AmoKExifSorter2) (Version:  - )
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.42 - ArcSoft)
ArcSoft TotalMedia (x32 Version: 1.0.61.25 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.38 - ArcSoft)
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Benutzerhandbuch EPSON BX630FW Series (HKLM-x32\...\EPSON BX630FW Series Useg) (Version:  - )
Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0329.2312.39738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0329.2312.39738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0329.2312.39738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0329.2312.39738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0329.2312.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0329.2312.39738 - Advanced Micro Devices, Inc.) Hidden
ClipGrab 3.4.3 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
comdirect BörsenTicker (HKLM-x32\...\de.comdirect.ticker.CD5696F93DD370A1D14916944CB4AC4A409DD315.1) (Version: 1.0.2 - comdirect Bank AG)
comdirect BörsenTicker (x32 Version: 1.0.2 - comdirect Bank AG) Hidden
CyberLink MediaEspresso 6.7 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.7.4131_47226 - CyberLink Corp.)
CyberLink MediaEspresso 6.7 (x32 Version: 6.7.4131_47226 - CyberLink Corp.) Hidden
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
CyberLink PhotoNow (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.3207 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.3.3207 - CyberLink Corp.) Hidden
CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.3625 - CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.3625 - Ihr Firmenname) Hidden
CyberLink PowerDirector Express (HKLM-x32\...\InstallShield_{EDE721EC-870A-11D8-9D75-000129760D75}) (Version: 6.5.4515 - CyberLink Corp.)
CyberLink PowerDirector Express (x32 Version: 6.5.4515 - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2415 - CyberLink Corp.)
CyberLink PowerProducer (x32 Version: 5.0.2.2415 - CyberLink Corp.) Hidden
CyberLink WaveEditor 2 (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.3206 - CyberLink Corp.)
CyberLink WaveEditor 2 (x32 Version: 2.0.3206 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version:  - Microsoft)
DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.2 - DivX, Inc.)
Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
Download Protect (HKCU\...\{132401a7-2006-4342-b43c-ccf5f02c2b01}) (Version:  - Download Protect)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
EPSON BX630FW Series Printer Uninstall (HKLM\...\EPSON BX630FW Series) (Version:  - SEIKO EPSON Corporation)
Epson Easy Photo Print 2 (HKLM-x32\...\{FFF841F3-9A15-4F61-BD16-C19F132E5A27}) (Version: 2.3.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
Evernote v. 4.6.5 (HKLM-x32\...\{F47455A0-B827-11E2-870C-984BE15F174E}) (Version: 4.6.5.8353 - Evernote Corp.)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\Firebird SQL Server D) (Version: 2.0.1.13 - MAGIX AG)
FUJIFILM MyFinePix Studio 4.2 (HKLM-x32\...\MyFinePix Studio_is1) (Version:  - )
Garmin BaseCamp (HKLM-x32\...\{EBAC8FD4-28EC-46F7-BF9E-89D6E6673001}) (Version: 4.2.5 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{AFA301E1-B410-4F1B-B1C0-2E92FDCD94AD}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin MapSource (HKLM-x32\...\{58FA5D40-E35A-47ED-8AFA-68CCC758559E}) (Version: 6.15.11 - Garmin Ltd or its subsidiaries)
Garmin TOPO Deutschland v3 (HKLM-x32\...\{AE255C55-E0CF-4591-AA86-CAA19AA32C53}) (Version: 3.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Trip and Waypoint Manager v5 (HKLM-x32\...\{414A373B-59DF-4102-94CA-9FE9A74CBDDA}) (Version: 5.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.0 - Google Inc.) Hidden
Hardcopy (HKLM-x32\...\Hardcopy) (Version: 2013.02.01 - www.hardcopy.de)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{B64F0818-316F-4237-8CB4-35BC2DA784C2}) (Version: 5.1.12.1 - Hewlett-Packard Company)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{A351CC1B-C92C-4F37-8109-9F6D33ACF5EF}) (Version: 1.1.1.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{6357258D-2BF9-49E7-A9EF-0C609D52C46D}) (Version: 2.0.6.1 - Hewlett-Packard Company)
HP ESU for Microsoft Windows 8 (HKLM-x32\...\{2F8A00FC-1F12-44B2-AA37-F9A358EDC161}) (Version: 1.2.2 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1113.1_WHQL - Sonix)
HP Hotkey Support (HKLM-x32\...\{7F7E2060-7212-4A53-9875-55173E4BA3F0}) (Version: 5.0.21.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company)
HP Quick Start (HKLM-x32\...\{BB27C290-AB30-4D9E-A5D1-88745AAE42E9}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{3F728815-C7E8-40EA-8D1A-F7B8E2382325}) (Version: 3.4.10.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{C4E9E8A4-EEC4-4F9E-B140-520A8B75F430}) (Version: 2.4.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HPISDataManager (HKLM-x32\...\{A682ACFC-C295-44F9-B745-6656B3272E7D}) (Version: 1.0.0.27 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6435.0 - IDT)
ImageMixer 3 SE Ver.4 Transfer Utility (HKLM-x32\...\{CAE4E520-4695-4A96-8661-B62FA5FB669E}) (Version: 3.03.005 - PIXELA)
ImageMixer 3 SE Ver.4 Video Tools (HKLM-x32\...\{AE6ECFF9-FD33-48A3-B4AC-89263CC393A8}) (Version: 3.03.009 - PIXELA)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
inSSIDer 3 (HKLM-x32\...\{A80CEA4E-74C1-4F9F-806B-E1D9AFC01768}) (Version: 3.0.7.48 - MetaGeek, LLC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.6.1002 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
ISO Workshop 5.3 (HKLM-x32\...\ISO Workshop_is1) (Version:  - Glorylogic)
iTunes (HKLM\...\{1CF5754A-545B-4360-BFDE-2847BC728DFC}) (Version: 11.2.0.115 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.)
MAGIX 3D Maker (embeded) (HKLM-x32\...\MAGIX 3D Maker D) (Version: 6.0.0.3 - MAGIX AG)
MAGIX Foto Manager 8 6.0.1.457 (D) (HKLM-x32\...\MAGIX Foto Manager 8 D) (Version: 6.0.1.457 - MAGIX AG)
MAGIX Fotobuch 3.6 (HKLM-x32\...\MAGIX Fotobuch) (Version: 3.6 - MAGIX AG)
MAGIX Fotos auf CD & DVD 8 deluxe 8.0.0.14 (D) (HKLM-x32\...\MAGIX Fotos auf CD & DVD 8 deluxe D) (Version: 8.0.0.14 - MAGIX AG)
MAGIX Online Druck Service 3.4.3.0 (D) (HKLM-x32\...\MAGIX Online Druck Service D) (Version: 3.4.3.0 - MAGIX AG)
MAGIX Screenshare 4.3.6.1987 (D) (HKLM-x32\...\MAGIX Screenshare D) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Xtreme Foto Designer 6 6.0.25.0 (D) (HKLM-x32\...\MAGIX Xtreme Foto Designer 6 D) (Version: 6.0.25.0 - MAGIX AG)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.190 - McAfee, Inc.)
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7943 - Memeo Inc.)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Music Transfer Utility Ver.1 (HKLM-x32\...\{9E520B22-546E-4AD3-8958-7D1EB8587AB1}) (Version: 1.00.005 - PIXELA)
MyDriveConnect 3.3.0.1318 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1318 - TomTom)
Netzwerkhandbuch EPSON BX630FW Series (HKLM-x32\...\EPSON BX630FW Series Netg) (Version:  - )
Newblue Art Effects for PowerDirector (HKLM\...\NewBlue Art Effects for PowerDirector) (Version: 2.0 - NewBlue)
NSU (HKLM-x32\...\{323F7AD9-1F4D-49E1-973B-80E1B6F1623A}) (Version: 1.00.1000 - Medion AG)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.49 - PDF Complete, Inc)
Picture Collage Maker 3.3.7 (HKLM-x32\...\{D53599B0-AA76-4CC6-B9EF-CC2F27B56F24}_is1) (Version: 3.3.7 - PearlMountain Technology Co., Ltd)
PlusSHD-9.9 (HKLM-x32\...\PlusSHD-9.9) (Version: 1.34.5.12 - PlusSHDD)
PowerDirector (Version: 11.0 - Ihr Firmenname) Hidden
Protegere (HKLM-x32\...\Protegere) (Version:  - )
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.209 - Qualcomm Atheros Communications)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Reader for PC (HKLM-x32\...\{8A3072C3-8EA3-4CDE-B342-88E67FAB06E5}) (Version: 2.3.00.03130 - Sony Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Roadkil's Unstoppable Copier Version 5.2 (HKLM-x32\...\{A306FD29-7D3A-4287-91AC-9A0180931395}_is1) (Version:  - Roadkil.Net)
SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.4.201403101311 - Sony Mobile Communications AB)
Sony PC Companion 2.10.188 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.188 - Sony)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.10.89 - Akademische Arbeitsgemeinschaft)
Suite Specific (x32 Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TraXEx 4.0 (HKLM-x32\...\TraXEx_is1) (Version: 4.0.4.0 - Alexander Miehlke Softwareentwicklung)
UltraISO Premium V9.6 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Validity Fingerprint Sensor Driver (HKLM\...\{93581599-ECF1-4DCD-BE36-BD969A6C8DB5}) (Version: 4.4.213.0 - Validity Sensors, Inc.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CF}) (Version: 15.0.10039 - WinZip Computing, S.L. )
WISO Mein Geld 2014 Standard (HKLM-x32\...\WISO Mein Geld 2014 Standard) (Version:  - Buhl Data Service GmbH)
WISO Mein Geld 2014 Standard (x32 Version: 16.0.1.0 - Buhl Data Service GmbH) Hidden

==================== Restore Points  =========================

21-05-2014 07:25:03 Geplanter Prüfpunkt
26-05-2014 12:11:38 Installed Reader for PC.
02-06-2014 14:47:06 Installed Java 7 Update 60

==================== Hosts content: ==========================

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {10D61BE7-FEA1-4A2A-858F-EE23CE3312D7} - \02f210d6-f6c3-429f-a3bf-a5f16f19c2e1-3 No Task File <==== ATTENTION
Task: {1BA1AC96-1139-4FC4-90DE-72FE170A6755} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {28163569-7842-4623-9AD8-90C46A89C148} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {29485FA1-1B63-4ABD-9D3B-6F63303F462E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-10] (Google Inc.)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {49B092D1-E41C-4E9E-A6C1-A4B9A45500DA} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {4A059E0A-03D4-4FBB-A424-D517B85E2C50} - \EPUpdater No Task File <==== ATTENTION
Task: {4AEBBE0E-0E14-4F56-A2AC-E095CC95200E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {50BC8A03-52B8-4B5C-BE0E-A87D51D1D1C6} - \PC Health Advisor Defrag No Task File <==== ATTENTION
Task: {538A3468-11D3-4D4B-8C5C-87353C6FE929} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {58DAEEE9-BE54-4D80-84CD-F0DAC81E81F6} - \ParetoLogic Registration3 No Task File <==== ATTENTION
Task: {59AD864D-F0AE-4F78-AACF-596943A9948F} - \02f210d6-f6c3-429f-a3bf-a5f16f19c2e1-5 No Task File <==== ATTENTION
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73512D35-5A7D-4A07-A61B-33BF551D70B3} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7C3ACEED-3541-444E-853D-581F0AF83EE9} - \02f210d6-f6c3-429f-a3bf-a5f16f19c2e1-4 No Task File <==== ATTENTION
Task: {82D9D8A4-E3D4-4B2D-A827-ED4A0B681C71} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-10] (Google Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {89E2F9E5-886F-4DFB-BC8D-B97B5B80E9FE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {92425016-98F9-414D-BAE1-C1740E99F378} - \02f210d6-f6c3-429f-a3bf-a5f16f19c2e1-2 No Task File <==== ATTENTION
Task: {98E1640F-5926-4CBE-B6BB-5B53187B8DFD} - \PC Health Advisor No Task File <==== ATTENTION
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A25C4D46-DA8B-4372-9282-76EFB8E07835} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2013-05-31] (CyberLink)
Task: {A8E95D02-FAC6-4ECB-A781-E418FF201BF8} - \02f210d6-f6c3-429f-a3bf-a5f16f19c2e1-1 No Task File <==== ATTENTION
Task: {AE6E5732-B74E-427E-A1E3-5E2634A8FE3A} - System32\Tasks\hcdll2_ex_Win32 => C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe [2012-11-08] ()
Task: {B0B004F0-DA18-4D56-BE9F-BD26A5F31647} - System32\Tasks\HPCeeScheduleForNorbert Haag => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {B306BE8F-77A1-455F-B62A-E58C41628D3A} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {D8D25A27-707E-4F5A-B274-1E7BC34670FE} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DA722C46-0374-4CE8-A4BA-432F4823449E} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {DBE3B809-7F0F-44D6-9729-BDE8E9A6D45E} - \ParetoLogic Update Version3 No Task File <==== ATTENTION
Task: {DC0BAF41-25A4-45B4-B679-6082674460DD} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {DF323EF3-0934-4B81-97E4-DC2279BF9313} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {ECE551D1-BFF8-4352-ABB5-EA80357A1DCD} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {FA6CCCF3-B402-4E29-AD4A-4FD423D1A997} - System32\Tasks\hcdll2_ex_x64 => C:\Program Files (x86)\Hardcopy\hcdll2_ex_x64.exe [2012-11-08] ()
Task: {FF6548E0-A167-4EDF-833B-53BB63663808} - \BitGuard No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForNorbert Haag.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2014-05-14 11:36 - 2014-05-14 11:36 - 00120832 _____ () C:\WINDOWS\system32\Nlsdl64.exe
2014-05-14 11:36 - 2014-05-14 11:36 - 00124928 _____ () C:\Windows\System32\DlProtectSvc.exe
2005-04-06 17:53 - 2005-04-06 17:53 - 03502080 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
2013-03-07 18:22 - 2009-02-16 16:02 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-07-26 13:25 - 2013-03-06 14:42 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-02-16 13:03 - 2012-11-08 08:38 - 00044608 _____ () C:\Program Files (x86)\Hardcopy\hcdll2_ex_x64.exe
2013-02-16 13:03 - 2012-07-30 10:28 - 00125504 _____ () C:\Program Files (x86)\Hardcopy\HcDLL2_38_x64.dll
2013-02-16 13:03 - 2012-11-08 08:39 - 00037440 _____ () C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
2012-12-14 03:42 - 2012-12-14 03:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-26 12:30 - 2011-10-20 22:22 - 01789440 _____ () C:\Program Files (x86)\Medion AG\NSU\NSU.exe
2014-05-14 11:36 - 2014-05-14 11:36 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2012-02-10 23:26 - 2012-02-10 23:26 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2005-04-06 17:52 - 2005-04-06 17:52 - 00028791 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\hpi.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00057453 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\verify.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00102515 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\java.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00053364 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\zip.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00057455 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\net.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00032880 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\nio.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00434255 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\ps-rw-vc-v8_58.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 01019904 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\ps-vc-v8_58.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-16 13:03 - 2012-07-05 15:56 - 00052800 _____ () C:\Program Files (x86)\Hardcopy\hardcopy_05.dll
2013-02-16 13:03 - 2012-07-30 10:27 - 00116800 _____ () C:\Program Files (x86)\Hardcopy\HcDLL2_38_Win32.dll
2013-07-26 12:30 - 2011-07-01 11:46 - 00806912 _____ () C:\Program Files (x86)\Medion AG\NSU\LIBEAY32.dll
2013-10-21 09:33 - 2013-10-21 09:33 - 00026520 _____ () C:\Program Files (x86)\MyDrive Connect\DeviceDetection.dll
2013-10-21 09:33 - 2013-10-21 09:33 - 00082840 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterBase.dll
2013-10-21 09:33 - 2013-10-21 09:33 - 00337816 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterProxy.dll
2013-05-20 11:24 - 2008-09-18 22:14 - 00364544 ____N () C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\pxl_m17n_tool.dll
2014-06-09 14:21 - 2014-06-09 14:21 - 00043008 _____ () C:\Users\Norbert Haag\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgng30i.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Norbert Haag\AppData\Roaming\Dropbox\bin\libcef.dll
2013-02-16 13:03 - 2013-01-28 08:15 - 02920952 _____ () C:\Program Files (x86)\Hardcopy\HcDllS.dll
2014-04-27 20:36 - 2014-04-27 20:36 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\7b676a821669300b7d99da8e03e8f110\PSIClient.ni.dll
2012-06-29 16:38 - 2013-10-25 17:12 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-05-11 11:09 - 2014-05-11 11:09 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\HPRDC.OS:$WIMMOUNTDATA
AlternateDataStreams: C:\Users\Norbert Haag\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS Adapter
Description: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/09/2014 02:19:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   22 49.178.168.192.in-addr.arpa. PTR NorbertHaag-HP.local.

Error: (06/09/2014 02:19:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.49:5353   24 49.178.168.192.in-addr.arpa. PTR NorbertHaag-HP-2.local.

Error: (06/09/2014 02:19:12 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (06/07/2014 05:44:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   22 49.178.168.192.in-addr.arpa. PTR NorbertHaag-HP.local.

Error: (06/07/2014 05:44:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.49:5353   24 49.178.168.192.in-addr.arpa. PTR NorbertHaag-HP-2.local.

Error: (06/07/2014 05:44:54 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (06/07/2014 05:42:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 788860

Error: (06/07/2014 05:42:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 788860

Error: (06/07/2014 05:42:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/06/2014 06:03:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 29.0.1.5239, Zeitstempel: 0x5369959a
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17031, Zeitstempel: 0x5308893d
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000df996
ID des fehlerhaften Prozesses: 0x113c
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Vollständiger Name des fehlerhaften Pakets: firefox.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: firefox.exe5


System errors:
=============
Error: (06/09/2014 02:19:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update raving reyven" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/08/2014 10:41:45 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (06/08/2014 10:12:24 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (06/08/2014 10:07:17 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (06/08/2014 09:33:35 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (06/07/2014 06:33:44 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (06/07/2014 05:44:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update raving reyven" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/07/2014 05:29:12 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (06/07/2014 01:40:33 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (06/06/2014 10:40:11 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4


Microsoft Office Sessions:
=========================
Error: (06/09/2014 02:19:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   22 49.178.168.192.in-addr.arpa. PTR NorbertHaag-HP.local.

Error: (06/09/2014 02:19:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.49:5353   24 49.178.168.192.in-addr.arpa. PTR NorbertHaag-HP-2.local.

Error: (06/09/2014 02:19:12 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (06/07/2014 05:44:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   22 49.178.168.192.in-addr.arpa. PTR NorbertHaag-HP.local.

Error: (06/07/2014 05:44:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.49:5353   24 49.178.168.192.in-addr.arpa. PTR NorbertHaag-HP-2.local.

Error: (06/07/2014 05:44:54 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (06/07/2014 05:42:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 788860

Error: (06/07/2014 05:42:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 788860

Error: (06/07/2014 05:42:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/06/2014 06:03:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe29.0.1.52395369959antdll.dll6.3.9600.170315308893dc0000374000df996113c01cf81621cc9a111C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\WINDOWS\SYSTEM32\ntdll.dll243b7d4c-ed94-11e3-bee2-b4b52f737333


CodeIntegrity Errors:
===================================
  Date: 2014-06-08 09:31:55.709
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-06 10:36:53.045
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-06 10:36:52.972
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-06 10:36:52.910
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-06 10:36:52.742
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-06 10:36:52.631
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-06 10:36:52.461
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-06 10:36:52.314
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-04 11:11:22.712
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-03 16:37:20.911
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Percentage of memory in use: 27%
Total physical RAM: 8075.59 MB
Available physical RAM: 5846.96 MB
Total Pagefile: 9355.59 MB
Available Pagefile: 6924.82 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:675.29 GB) (Free:492.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.96 GB) FAT32
Drive g: (HP_RECOVERY) (Fixed) (Total:21.05 GB) (Free:3.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 4D8DCA1E)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=675 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

==================== End Of Log ============================

schrauber · 09.06.2014, 17:06

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

nobiruhr · 10.06.2014, 14:49

Hallo schrauber,

wegen Sturm in NRW kommen meine Daten verspätet :-).

MBAN-File:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 10.06.2014
Suchlauf-Zeit: 14:59:02
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.06.10.04
Rootkit Datenbank: v2014.06.02.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Norbert Haag

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 314601
Verstrichene Zeit: 16 Min, 50 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
Trojan.Downloader, C:\ProgramData\dlprotect.exe, 5528, Löschen bei Neustart, [d7f54e2895e666d07aebacdd38c9ab55]

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 31
PUP.Optional.RavingReyven.A, HKU\S-1-5-21-2157886841-597143831-284766362-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{0F866026-A8BB-42A7-987F-2F92715A8147}, In Quarantäne, [19b37cfae794a78fce2f8eadc43e2ed2], 
PUP.Optional.RavingReyven.A, HKU\S-1-5-21-2157886841-597143831-284766362-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0F866026-A8BB-42A7-987F-2F92715A8147}, In Quarantäne, [19b37cfae794a78fce2f8eadc43e2ed2], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4B62762D-AA67-4312-A5BF-91BCB7A4720A}, In Quarantäne, [cefed2a4a4d7ac8a3bd1fb79f2101fe1], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\TypeLib\{105F25A9-C42F-48A6-998D-0494E8AE336A}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{506DD7C6-B05D-43CE-81FF-AA05E11DBDFD}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6D3C9858-2674-46E1-9112-107340758481}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{79C9FA6C-352A-49BA-89BA-85077BC35DC3}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{909112FE-C4A2-4990-A499-E58867D55B15}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9BEEB5A2-8B02-465A-904D-FE5A447F59EB}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B618C19D-A418-4586-80C6-09DBDA9C748E}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B68B00A0-95B9-4162-BA45-7A1113317DA9}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{BFE45A8B-650C-4E99-A3F4-CC6A2874893B}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E413D78F-283C-45F1-9992-8EF7D55A4933}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E7C2FDF1-1635-41B4-8207-C1684B6807D7}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F9F5A267-FA5A-4CA3-8BE5-4C1EEAD01011}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4B62762D-AA67-4312-A5BF-91BCB7A4720A}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{506DD7C6-B05D-43CE-81FF-AA05E11DBDFD}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6D3C9858-2674-46E1-9112-107340758481}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{79C9FA6C-352A-49BA-89BA-85077BC35DC3}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{909112FE-C4A2-4990-A499-E58867D55B15}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9BEEB5A2-8B02-465A-904D-FE5A447F59EB}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B618C19D-A418-4586-80C6-09DBDA9C748E}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B68B00A0-95B9-4162-BA45-7A1113317DA9}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BFE45A8B-650C-4E99-A3F4-CC6A2874893B}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E413D78F-283C-45F1-9992-8EF7D55A4933}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E7C2FDF1-1635-41B4-8207-C1684B6807D7}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F9F5A267-FA5A-4CA3-8BE5-4C1EEAD01011}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{105F25A9-C42F-48A6-998D-0494E8AE336A}, In Quarantäne, [705c84f254270a2c1bf1aec67989e719], 
PUP.Optional.HDPlus.A, HKLM\SOFTWARE\WOW6432NODE\PlusSHD-9.9, In Quarantäne, [0cc080f6de9d54e24809b0f4ee14cb35], 
PUP.Optional.HDPlus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PlusSHD-9.9, In Quarantäne, [19b3591ded8eae888fc4e6bebb47837d], 
PUP.Optional.HDPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PlusSHD-9.9, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010], 

Registrierungswerte: 1
Trojan.Downloader, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Download Protect, C:\ProgramData\dlprotect.exe, In Quarantäne, [d7f54e2895e666d07aebacdd38c9ab55]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 1
PUP.Optional.HDPlus.A, C:\Program Files (x86)\PlusSHD-9.9, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010], 

Dateien: 19
Trojan.Downloader, C:\ProgramData\dlprotect.exe, Löschen bei Neustart, [d7f54e2895e666d07aebacdd38c9ab55], 
PUP.Optional.Breitschopp, C:\Users\Norbert Haag\Downloads\isoworkshop-Downloader.exe, In Quarantäne, [606c1c5af685f244978562f93acada26], 
PUP.Optional.OpenCandy, C:\Users\Norbert Haag\Downloads\SetupImgBurn_2.5.8.0.exe, In Quarantäne, [ab21393d4e2d0e28e91a3f56d52f55ab], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\PlusSHD-9.9\02f210d6-f6c3-429f-a3bf-a5f16f19c2e1-2.exe, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\PlusSHD-9.9\02f210d6-f6c3-429f-a3bf-a5f16f19c2e1-3.exe, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\PlusSHD-9.9\02f210d6-f6c3-429f-a3bf-a5f16f19c2e1-4.exe, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\PlusSHD-9.9\02f210d6-f6c3-429f-a3bf-a5f16f19c2e1-5.exe, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\PlusSHD-9.9\1293297481.mxaddon, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\PlusSHD-9.9\360-52916.crx, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\PlusSHD-9.9\52916.crx, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\PlusSHD-9.9\52916.xpi, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\PlusSHD-9.9\background.html, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\PlusSHD-9.9\PlusSHD-9.9-bg.exe, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\PlusSHD-9.9\PlusSHD-9.9-bho.dll, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\PlusSHD-9.9\PlusSHD-9.9-bho64.dll, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\PlusSHD-9.9\PlusSHD-9.9-codedownloader.exe, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\PlusSHD-9.9\PlusSHD-9.9.ico, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\PlusSHD-9.9\Uninstall.exe, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\PlusSHD-9.9\utils.exe, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010], 

Physische Sektoren: 0
(No malicious items detected)


(end)

Hier die ADWCleaner Log-Datei:

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.212 - Bericht erstellt am 10/06/2014 um 15:29:21
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 8.1 Pro with Media Center  (64 bits)
# Benutzername : Norbert Haag - NORBERTHAAG-HP
# Gestartet von : C:\Users\Norbert Haag\Downloads\adwcleaner_3.212.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Norbert Haag\Documents\Updater
Datei Gelöscht : C:\Users\Norbert Haag\AppData\Roaming\Mozilla\Firefox\Profiles\vq1suljs.default-1400139493461\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17037


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\Norbert Haag\AppData\Roaming\Mozilla\Firefox\Profiles\vq1suljs.default-1400139493461\prefs.js ]


*************************

AdwCleaner[R0].txt - [14192 octets] - [26/05/2014 19:09:36]
AdwCleaner[R1].txt - [14312 octets] - [26/05/2014 19:23:23]
AdwCleaner[R2].txt - [1368 octets] - [10/06/2014 15:27:46]
AdwCleaner[S0].txt - [338 octets] - [26/05/2014 19:10:30]
AdwCleaner[S1].txt - [12267 octets] - [26/05/2014 19:24:58]
AdwCleaner[S2].txt - [1289 octets] - [10/06/2014 15:29:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1349 octets] ##########

--- --- ---

[/CODE]

Hier die JRT Datei:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 Pro with Media Center x64
Ran by Norbert Haag on 10.06.2014 at 15:35:06,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2157886841-597143831-284766362-1002\Software\sweetim



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.06.2014 at 15:40:13,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST-log folgt.

nobiruhr · 10.06.2014, 15:04

Hier noch die FRST logs:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-06-2014 01
Ran by Norbert Haag (administrator) on NORBERTHAAG-HP on 10-06-2014 15:49:09
Running from C:\Users\Norbert Haag\Downloads
Platform: Windows 8.1 Pro with Media Center (Update 1) (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\System32\Nlsdl64.exe
() C:\Windows\System32\DlProtectSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
() C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
() C:\Program Files (x86)\Hardcopy\hcdll2_ex_x64.exe
() C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHWE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHWE.EXE
() C:\Program Files (x86)\Medion AG\NSU\NSU.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(PIXELA CORPORATION) C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Norbert Haag\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Sytems Incorporated) C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(sw4you, Siegfried Weckmann) C:\Program Files (x86)\Hardcopy\hardcopy.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [EPSON Stylus DX4200] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_FATIAEE.EXE [98304 2005-03-08] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764544 2012-09-14] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-14] (Atheros Communications)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-05-31] (IDT, Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-12-20] (Synaptics Incorporated)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] ()
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2013-06-01] (Intel Corporation)
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-09-28] (Memeo Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2013-11-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Version Cue CS2] => C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2014-03-13] (Sony Corporation)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [683656 2013-06-05] (PDF Complete Inc)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-08-07] (CyberLink Corp.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-10-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-27] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHWE.EXE [241280 2013-03-23] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [EPLTarget\P0000000000000002] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHWE.EXE [241280 2013-03-23] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [NSU] => C:\Program Files (x86)\Medion AG\NSU\NSU.exe [1789440 2011-10-20] ()
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2013-09-30] (Microsoft Corporation)
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1713416 2013-08-07] (CyberLink Corp.)
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [473496 2013-10-21] (TomTom)
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.4.lnk
ShortcutTarget: ImageMixer 3 SE Camera Monitor Ver.4.lnk -> C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TraXEx 4.0.lnk
ShortcutTarget: TraXEx 4.0.lnk -> C:\Program Files (x86)\TraXEx\TraXEx.exe (Alexander Miehlke Softwareentwicklung)
Startup: C:\Users\Norbert Haag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Norbert Haag\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Norbert Haag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
ShortcutTarget: Hardcopy.LNK -> C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {12DEB332-337B-424F-B221-171F6B645E20} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Norbert Haag\AppData\Roaming\Mozilla\Firefox\Profiles\vq1suljs.default-1400139493461
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de?hl=de&gl=de
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop - C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Norbert Haag\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Download Protect - C:\WINDOWS\Installer\{3AAD13D1-999B-4311-A006-2DDD704E13CF}\{BE274E68-3CF3-453A-8286-C08508EE8238}.xpi [2014-06-09]
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-02-02]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-02-02]
FF HKLM-x32\...\Firefox\Extensions: [{BE274E68-3CF3-453A-8286-C08508EE8238}] - C:\WINDOWS\Installer\{3AAD13D1-999B-4311-A006-2DDD704E13CF}\{BE274E68-3CF3-453A-8286-C08508EE8238}.xpi
FF Extension: Download Protect - C:\WINDOWS\Installer\{3AAD13D1-999B-4311-A006-2DDD704E13CF}\{BE274E68-3CF3-453A-8286-C08508EE8238}.xpi [2014-06-09]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

==================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-30] (Adobe Systems)
R2 Adobe Version Cue CS2; C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-09-14] (Qualcomm Atheros Commnucations)
R2 DivXDodecVersionChecker; C:\WINDOWS\system32\Nlsdl64.exe [120832 2014-05-14] ()
R2 DlProtectSvc; C:\Windows\System32\DlProtectSvc.exe [124928 2014-05-14] ()
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-10-16] (Hewlett-Packard Company)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-10-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-10-25] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155856 2014-06-03] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2013-11-05] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-06-05] (PDF Complete Inc)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-02-16] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] ()
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2012-02-03] (ArcSoft, Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-05] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2013-11-05] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-14] (Atheros)
S2 Update raving reyven; "C:\Program Files (x86)\raving reyven\updateravingreyven.exe" [X]

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-14] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2013-11-05] (Microsoft Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [1866080 2012-11-20] ()
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
R1 {e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64; C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys [61120 2014-04-24] (StdLib)
U3 idsvc; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-10 15:40 - 2014-06-10 15:40 - 00000831 _____ () C:\Users\Norbert Haag\Desktop\JRT.txt
2014-06-10 15:35 - 2014-06-10 15:35 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-06-10 15:34 - 2014-06-10 15:34 - 01016261 _____ (Thisisu) C:\Users\Norbert Haag\Downloads\JRT.exe
2014-06-10 15:24 - 2014-06-10 15:24 - 01333465 _____ () C:\Users\Norbert Haag\Downloads\adwcleaner_3.212.exe
2014-06-10 15:24 - 2014-06-10 15:24 - 00009060 _____ () C:\Users\Norbert Haag\Desktop\mbam.txt
2014-06-10 14:57 - 2014-06-10 15:21 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 14:57 - 2014-06-10 14:57 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-10 14:57 - 2014-06-10 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-10 14:57 - 2014-06-10 14:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-10 14:57 - 2014-06-10 14:57 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-10 14:57 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-10 14:57 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-06-10 14:57 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-06-10 14:56 - 2014-06-10 14:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Norbert Haag\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-09 15:22 - 2014-06-09 15:22 - 00062463 _____ () C:\Users\Norbert Haag\Downloads\Addition.txt
2014-06-09 15:21 - 2014-06-10 15:49 - 00029991 _____ () C:\Users\Norbert Haag\Downloads\FRST.txt
2014-06-09 15:20 - 2014-06-10 15:49 - 00000000 ____D () C:\FRST
2014-06-09 15:19 - 2014-06-09 15:19 - 02080768 _____ (Farbar) C:\Users\Norbert Haag\Downloads\FRST64.exe
2014-06-09 15:18 - 2014-06-09 15:18 - 00000486 _____ () C:\Users\Norbert Haag\Downloads\defogger_disable.log
2014-06-09 15:18 - 2014-06-09 15:18 - 00000000 _____ () C:\Users\Norbert Haag\defogger_reenable
2014-06-09 15:17 - 2014-06-09 15:17 - 00050477 _____ () C:\Users\Norbert Haag\Downloads\Defogger.exe
2014-06-09 13:46 - 2014-06-09 13:46 - 00544502 _____ () C:\Users\Norbert Haag\Desktop\bookmarks-2014-06-09.json
2014-06-02 16:48 - 2014-06-02 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-02 16:48 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-06-02 16:48 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-06-02 16:48 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-06-02 16:48 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-06-02 16:47 - 2014-06-02 16:48 - 00004563 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_60-b19.log
2014-05-30 07:37 - 2014-05-30 07:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-05-30 07:37 - 2014-05-30 07:37 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-05-26 21:58 - 2014-05-26 21:58 - 00001042 _____ () C:\Users\Public\Desktop\Roadkil's Unstoppable Copier.lnk
2014-05-26 21:58 - 2014-05-26 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roadkil.Net
2014-05-26 21:58 - 2014-05-26 21:58 - 00000000 ____D () C:\Program Files (x86)\Roadkil.Net
2014-05-26 21:56 - 2014-05-26 21:57 - 00427256 _____ (Roadkil.Net ) C:\Users\Norbert Haag\Downloads\UnstopCpy_5_2_Win2K_UP_Setup(1).exe
2014-05-26 19:28 - 2014-05-26 19:28 - 00012267 _____ () C:\Users\Norbert Haag\Desktop\AdwCleaner[S1].txt
2014-05-26 19:09 - 2014-06-10 15:29 - 00000000 ____D () C:\AdwCleaner
2014-05-26 19:08 - 2014-05-26 19:08 - 01327971 _____ () C:\Users\Norbert Haag\Downloads\adwcleaner_3.211.exe
2014-05-26 14:13 - 2014-05-26 14:13 - 00002081 _____ () C:\Users\Norbert Haag\Desktop\Reader for PC.lnk
2014-05-26 14:13 - 2014-05-26 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reader for pc
2014-05-26 12:25 - 2014-05-26 12:25 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-26 12:25 - 2014-05-26 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-26 12:24 - 2014-05-26 12:25 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-26 12:24 - 2014-05-26 12:25 - 00000000 ____D () C:\Program Files\iTunes
2014-05-26 12:24 - 2014-05-26 12:25 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-26 12:24 - 2014-05-26 12:24 - 00000000 ____D () C:\Program Files\iPod
2014-05-26 12:21 - 2014-05-26 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-05-26 12:20 - 2014-05-26 12:21 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-05-26 08:53 - 2014-05-26 08:53 - 00098822 _____ () C:\Users\Norbert Haag\Downloads\DesktopOK_393.zip
2014-05-24 11:19 - 2014-05-24 11:19 - 00001085 _____ () C:\Users\Norbert Haag\Desktop\Exifsorter - Bilder Titel.lnk
2014-05-20 08:41 - 2014-06-07 17:46 - 00000728 __RSH () C:\ProgramData\ntuser.pol
2014-05-17 16:41 - 2014-05-17 16:51 - 405405696 _____ () C:\Users\Norbert Haag\Desktop\2001 bis 2009 Rückblick mit Fotos.iso
2014-05-15 09:38 - 2014-05-15 09:38 - 00000000 ____D () C:\Users\Norbert Haag\Desktop\Alte Firefox-Daten
2014-05-14 21:21 - 2014-05-01 22:30 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-14 21:21 - 2014-05-01 22:30 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 13:06 - 2014-04-24 12:33 - 00061120 _____ (StdLib) C:\WINDOWS\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys
2014-05-14 11:40 - 2014-05-17 16:40 - 00000026 _____ () C:\Users\Norbert Haag\AppData\Local\isoworkshop.ini
2014-05-14 11:39 - 2014-05-14 11:39 - 00001211 _____ () C:\Users\Public\Desktop\ISO Workshop.lnk
2014-05-14 11:39 - 2014-05-14 11:39 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\dlg
2014-05-14 11:36 - 2014-05-14 11:36 - 00124928 _____ () C:\WINDOWS\system32\DlProtectSvc.exe
2014-05-14 11:36 - 2014-05-14 11:36 - 00120832 _____ () C:\WINDOWS\system32\Nlsdl64.exe
2014-05-14 08:02 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-14 08:02 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-14 08:02 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-14 08:02 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-14 08:02 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-05-14 08:02 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-05-14 08:02 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-14 08:02 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-14 08:02 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-05-14 08:02 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-05-14 08:02 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-05-14 08:02 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-05-14 08:02 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-05-14 08:01 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-05-14 08:01 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-05-14 08:01 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-14 08:01 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-05-14 08:01 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-05-14 08:01 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-05-14 08:01 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-05-14 08:01 - 2014-04-11 05:36 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-05-14 08:01 - 2014-04-11 05:24 - 13288960 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-05-14 08:01 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-14 08:01 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 08:01 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-14 08:01 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 08:01 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-05-14 08:01 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-05-14 08:01 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-14 08:01 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-14 08:01 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-05-14 08:01 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-05-14 08:01 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-05-14 08:01 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-05-14 08:01 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-05-14 08:01 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-05-14 08:01 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-14 08:01 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-14 08:01 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-05-14 08:01 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-05-14 07:59 - 2014-03-27 11:12 - 21225584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-05-14 07:59 - 2014-03-27 09:48 - 18679728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-05-13 23:59 - 2014-05-13 23:59 - 00001019 _____ () C:\Users\Public\Desktop\UltraISO.lnk
2014-05-13 23:59 - 2014-05-13 23:59 - 00000000 ____D () C:\Users\Norbert Haag\Documents\My ISO Files
2014-05-13 23:59 - 2014-05-13 23:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
2014-05-13 23:59 - 2014-05-13 23:59 - 00000000 ____D () C:\Program Files (x86)\UltraISO
2014-05-13 23:51 - 2014-05-13 23:51 - 00000991 _____ () C:\Users\Public\Desktop\WinRAR.lnk
2014-05-13 23:51 - 2014-05-13 23:51 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\WinRAR
2014-05-13 23:51 - 2014-05-13 23:51 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-13 23:51 - 2014-05-13 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-13 23:50 - 2014-05-13 23:51 - 00000000 ____D () C:\Program Files\WinRAR
2014-05-13 23:50 - 2014-05-13 23:50 - 02087600 _____ () C:\Users\Norbert Haag\Downloads\winrar-x64-501d.exe
2014-05-13 22:52 - 2014-05-13 23:57 - 00000000 ____D () C:\Users\Norbert Haag\Downloads\UltraISO Premium Edition v9.6.0.3000
2014-05-13 21:44 - 2014-05-13 21:45 - 04313108 _____ () C:\Users\Norbert Haag\Downloads\UltraISO Premium Edition v9.6.0.3000.rar
2014-05-13 20:25 - 2014-05-13 20:25 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\ImgBurn
2014-05-13 20:06 - 2014-05-13 20:06 - 00001889 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2014-05-13 20:06 - 2014-05-13 20:06 - 00001877 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
2014-05-13 20:06 - 2014-05-13 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2014-05-13 20:05 - 2014-05-13 20:05 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-05-13 19:47 - 2014-06-07 17:13 - 00016072 _____ () C:\Users\Norbert Haag\Desktop\Sicherungen Film Musik sonst Überblick.xlsx
2014-05-13 18:48 - 2014-05-26 22:16 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\dvdcss
2014-05-13 18:20 - 2014-05-13 18:20 - 01029080 _____ (CyberLink) C:\Users\Norbert Haag\Downloads\CyberLink_PowerDirector_Downloader.exe
2014-05-11 11:09 - 2014-05-11 11:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-06-10 15:49 - 2014-06-09 15:21 - 00029991 _____ () C:\Users\Norbert Haag\Downloads\FRST.txt
2014-06-10 15:49 - 2014-06-09 15:20 - 00000000 ____D () C:\FRST
2014-06-10 15:49 - 2013-11-05 13:19 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Local\Temp
2014-06-10 15:49 - 2013-10-10 22:18 - 00001152 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-10 15:45 - 2013-11-05 13:17 - 01319483 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-10 15:42 - 2012-12-30 17:22 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2157886841-597143831-284766362-1002
2014-06-10 15:40 - 2014-06-10 15:40 - 00000831 _____ () C:\Users\Norbert Haag\Desktop\JRT.txt
2014-06-10 15:37 - 2013-09-30 06:14 - 02076070 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-10 15:37 - 2013-09-30 05:58 - 00882614 _____ () C:\WINDOWS\system32\perfh007.dat
2014-06-10 15:37 - 2013-09-30 05:58 - 00202666 _____ () C:\WINDOWS\system32\perfc007.dat
2014-06-10 15:35 - 2014-06-10 15:35 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-06-10 15:34 - 2014-06-10 15:34 - 01016261 _____ (Thisisu) C:\Users\Norbert Haag\Downloads\JRT.exe
2014-06-10 15:32 - 2014-05-03 09:07 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\DropboxMaster
2014-06-10 15:32 - 2013-03-01 16:54 - 00000000 ___RD () C:\Users\Norbert Haag\Dropbox
2014-06-10 15:32 - 2013-03-01 16:51 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\Dropbox
2014-06-10 15:32 - 2012-11-29 18:23 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\Skype
2014-06-10 15:31 - 2013-12-18 11:28 - 00000000 __RDO () C:\Users\Norbert Haag\SkyDrive
2014-06-10 15:31 - 2013-10-10 22:18 - 00001148 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-10 15:31 - 2012-12-09 15:58 - 00000000 ____D () C:\Users\Norbert Haag\NSU
2014-06-10 15:31 - 2012-04-16 05:16 - 00000000 ____D () C:\ProgramData\PDFC
2014-06-10 15:30 - 2013-09-29 21:05 - 00022192 _____ () C:\WINDOWS\PFRO.log
2014-06-10 15:30 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-10 15:30 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-06-10 15:29 - 2014-05-26 19:09 - 00000000 ____D () C:\AdwCleaner
2014-06-10 15:29 - 2013-02-05 23:02 - 00000000 ____D () C:\Users\Norbert Haag\Documents\Outlook-Dateien
2014-06-10 15:28 - 2013-01-05 16:07 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-10 15:24 - 2014-06-10 15:24 - 01333465 _____ () C:\Users\Norbert Haag\Downloads\adwcleaner_3.212.exe
2014-06-10 15:24 - 2014-06-10 15:24 - 00009060 _____ () C:\Users\Norbert Haag\Desktop\mbam.txt
2014-06-10 15:21 - 2014-06-10 14:57 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 15:17 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-06-10 15:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-06-10 14:57 - 2014-06-10 14:57 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-10 14:57 - 2014-06-10 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-10 14:57 - 2014-06-10 14:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-10 14:57 - 2014-06-10 14:57 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-10 14:56 - 2014-06-10 14:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Norbert Haag\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-10 07:56 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-06-09 23:32 - 2012-11-29 12:52 - 00003982 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C158A91F-5486-490B-9002-3EA32ED42ED0}
2014-06-09 23:29 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-06-09 15:55 - 2013-02-07 12:39 - 00000000 ____D () C:\Users\Norbert Haag\Desktop\Persönlich
2014-06-09 15:22 - 2014-06-09 15:22 - 00062463 _____ () C:\Users\Norbert Haag\Downloads\Addition.txt
2014-06-09 15:19 - 2014-06-09 15:19 - 02080768 _____ (Farbar) C:\Users\Norbert Haag\Downloads\FRST64.exe
2014-06-09 15:18 - 2014-06-09 15:18 - 00000486 _____ () C:\Users\Norbert Haag\Downloads\defogger_disable.log
2014-06-09 15:18 - 2014-06-09 15:18 - 00000000 _____ () C:\Users\Norbert Haag\defogger_reenable
2014-06-09 15:18 - 2013-11-05 13:19 - 00000000 ____D () C:\Users\Norbert Haag
2014-06-09 15:17 - 2014-06-09 15:17 - 00050477 _____ () C:\Users\Norbert Haag\Downloads\Defogger.exe
2014-06-09 13:46 - 2014-06-09 13:46 - 00544502 _____ () C:\Users\Norbert Haag\Desktop\bookmarks-2014-06-09.json
2014-06-09 12:25 - 2013-02-07 14:00 - 00000000 ____D () C:\Users\Norbert Haag\Documents\WISO Mein Geld
2014-06-07 17:47 - 2014-02-27 16:18 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-07 17:47 - 2012-06-29 17:06 - 00000000 ____D () C:\ProgramData\Skype
2014-06-07 17:46 - 2014-05-20 08:41 - 00000728 __RSH () C:\ProgramData\ntuser.pol
2014-06-07 17:44 - 2013-02-02 16:40 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-06-07 17:44 - 2012-12-09 13:29 - 00000390 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForNorbert Haag.job
2014-06-07 17:13 - 2014-05-13 19:47 - 00016072 _____ () C:\Users\Norbert Haag\Desktop\Sicherungen Film Musik sonst Überblick.xlsx
2014-06-06 15:44 - 2013-08-22 16:46 - 00331948 _____ () C:\WINDOWS\setupact.log
2014-06-06 12:23 - 2012-12-09 13:29 - 00003218 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForNorbert Haag
2014-06-06 12:23 - 2012-11-29 18:32 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-06-06 12:22 - 2013-02-15 13:50 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-03 19:37 - 2013-10-09 13:53 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\vlc
2014-06-02 16:48 - 2014-06-02 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-02 16:48 - 2014-06-02 16:47 - 00004563 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_60-b19.log
2014-06-02 16:48 - 2014-01-08 11:16 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-02 16:48 - 2013-10-16 22:42 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-30 14:15 - 2013-10-05 23:23 - 00007680 _____ () C:\Users\Norbert Haag\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-30 13:43 - 2014-02-05 12:24 - 00000000 ____D () C:\Users\Norbert Haag\Desktop\Transfer auf NAS
2014-05-30 13:43 - 2013-07-05 17:37 - 00000000 ____D () C:\Users\Norbert Haag\Desktop\Programme
2014-05-30 07:37 - 2014-05-30 07:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-05-30 07:37 - 2014-05-30 07:37 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-05-30 07:37 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2014-05-30 07:37 - 2013-04-11 13:41 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-05-29 17:55 - 2013-04-05 12:23 - 00000000 ____D () C:\ProgramData\AAV
2014-05-29 13:49 - 2012-11-29 12:53 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Local\PDFC
2014-05-29 12:34 - 2013-05-22 12:48 - 00000718 _____ () C:\Users\Norbert Haag\Documents\OuProxy.log
2014-05-29 09:02 - 2014-04-29 11:23 - 00002221 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2014.lnk
2014-05-26 22:16 - 2014-05-13 18:48 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\dvdcss
2014-05-26 21:58 - 2014-05-26 21:58 - 00001042 _____ () C:\Users\Public\Desktop\Roadkil's Unstoppable Copier.lnk
2014-05-26 21:58 - 2014-05-26 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roadkil.Net
2014-05-26 21:58 - 2014-05-26 21:58 - 00000000 ____D () C:\Program Files (x86)\Roadkil.Net
2014-05-26 21:57 - 2014-05-26 21:56 - 00427256 _____ (Roadkil.Net ) C:\Users\Norbert Haag\Downloads\UnstopCpy_5_2_Win2K_UP_Setup(1).exe
2014-05-26 19:28 - 2014-05-26 19:28 - 00012267 _____ () C:\Users\Norbert Haag\Desktop\AdwCleaner[S1].txt
2014-05-26 19:08 - 2014-05-26 19:08 - 01327971 _____ () C:\Users\Norbert Haag\Downloads\adwcleaner_3.211.exe
2014-05-26 16:58 - 2013-08-22 16:44 - 00470984 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-05-26 14:13 - 2014-05-26 14:13 - 00002081 _____ () C:\Users\Norbert Haag\Desktop\Reader for PC.lnk
2014-05-26 14:13 - 2014-05-26 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reader for pc
2014-05-26 14:13 - 2013-03-16 17:12 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Local\Sony Corporation
2014-05-26 12:25 - 2014-05-26 12:25 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-26 12:25 - 2014-05-26 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-26 12:25 - 2014-05-26 12:24 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-26 12:25 - 2014-05-26 12:24 - 00000000 ____D () C:\Program Files\iTunes
2014-05-26 12:25 - 2014-05-26 12:24 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-26 12:24 - 2014-05-26 12:24 - 00000000 ____D () C:\Program Files\iPod
2014-05-26 12:21 - 2014-05-26 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-05-26 12:21 - 2014-05-26 12:20 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-05-26 12:21 - 2013-05-21 12:48 - 00000000 ____D () C:\ProgramData\Apple
2014-05-26 08:53 - 2014-05-26 08:53 - 00098822 _____ () C:\Users\Norbert Haag\Downloads\DesktopOK_393.zip
2014-05-24 22:49 - 2013-03-01 16:52 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-24 22:49 - 2012-11-29 12:52 - 00000000 ___RD () C:\Users\Norbert Haag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-24 11:19 - 2014-05-24 11:19 - 00001085 _____ () C:\Users\Norbert Haag\Desktop\Exifsorter - Bilder Titel.lnk
2014-05-18 18:59 - 2013-04-27 11:30 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-17 16:51 - 2014-05-17 16:41 - 405405696 _____ () C:\Users\Norbert Haag\Desktop\2001 bis 2009 Rückblick mit Fotos.iso
2014-05-17 16:40 - 2014-05-14 11:40 - 00000026 _____ () C:\Users\Norbert Haag\AppData\Local\isoworkshop.ini
2014-05-17 16:16 - 2014-04-11 19:08 - 00000000 ____D () C:\Users\Norbert Haag\Desktop\2014 Renovierung
2014-05-16 06:55 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-05-15 09:38 - 2014-05-15 09:38 - 00000000 ____D () C:\Users\Norbert Haag\Desktop\Alte Firefox-Daten
2014-05-14 21:26 - 2012-11-29 12:52 - 00000000 ___RD () C:\Users\Norbert Haag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 21:18 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-05-14 21:18 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 21:18 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 21:18 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-05-14 21:18 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-05-14 21:18 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-14 21:18 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-14 11:39 - 2014-05-14 11:39 - 00001211 _____ () C:\Users\Public\Desktop\ISO Workshop.lnk
2014-05-14 11:39 - 2014-05-14 11:39 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\dlg
2014-05-14 11:36 - 2014-05-14 11:36 - 00124928 _____ () C:\WINDOWS\system32\DlProtectSvc.exe
2014-05-14 11:36 - 2014-05-14 11:36 - 00120832 _____ () C:\WINDOWS\system32\Nlsdl64.exe
2014-05-14 09:31 - 2013-01-30 20:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 09:30 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-05-14 09:23 - 2013-07-13 21:59 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-14 09:19 - 2012-12-02 13:50 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-13 23:59 - 2014-05-13 23:59 - 00001019 _____ () C:\Users\Public\Desktop\UltraISO.lnk
2014-05-13 23:59 - 2014-05-13 23:59 - 00000000 ____D () C:\Users\Norbert Haag\Documents\My ISO Files
2014-05-13 23:59 - 2014-05-13 23:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
2014-05-13 23:59 - 2014-05-13 23:59 - 00000000 ____D () C:\Program Files (x86)\UltraISO
2014-05-13 23:57 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Norbert Haag\Downloads\UltraISO Premium Edition v9.6.0.3000
2014-05-13 23:51 - 2014-05-13 23:51 - 00000991 _____ () C:\Users\Public\Desktop\WinRAR.lnk
2014-05-13 23:51 - 2014-05-13 23:51 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\WinRAR
2014-05-13 23:51 - 2014-05-13 23:51 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-13 23:51 - 2014-05-13 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-13 23:51 - 2014-05-13 23:50 - 00000000 ____D () C:\Program Files\WinRAR
2014-05-13 23:50 - 2014-05-13 23:50 - 02087600 _____ () C:\Users\Norbert Haag\Downloads\winrar-x64-501d.exe
2014-05-13 22:17 - 2012-11-29 18:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-13 21:45 - 2014-05-13 21:44 - 04313108 _____ () C:\Users\Norbert Haag\Downloads\UltraISO Premium Edition v9.6.0.3000.rar
2014-05-13 20:28 - 2013-01-05 16:07 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-05-13 20:25 - 2014-05-13 20:25 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\ImgBurn
2014-05-13 20:06 - 2014-05-13 20:06 - 00001889 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2014-05-13 20:06 - 2014-05-13 20:06 - 00001877 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
2014-05-13 20:06 - 2014-05-13 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2014-05-13 20:05 - 2014-05-13 20:05 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-05-13 18:35 - 2013-07-26 13:07 - 00000000 ____D () C:\Users\Norbert Haag\Downloads\Cyberlink
2014-05-13 18:25 - 2012-04-16 05:25 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-13 18:24 - 2012-12-31 12:19 - 00000000 ____D () C:\ProgramData\Temp
2014-05-13 18:21 - 2012-12-31 12:22 - 00000000 ____D () C:\ProgramData\CyberLink
2014-05-13 18:20 - 2014-05-13 18:20 - 01029080 _____ (CyberLink) C:\Users\Norbert Haag\Downloads\CyberLink_PowerDirector_Downloader.exe
2014-05-12 19:00 - 2014-03-20 13:32 - 00000000 ___RD () C:\Users\Norbert Haag\Desktop\2014 Reisen
2014-05-12 07:26 - 2014-06-10 14:57 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-10 14:57 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-10 14:57 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-11 11:09 - 2014-05-11 11:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\Norbert Haag\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpifxzpu.dll
C:\Users\Norbert Haag\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Norbert Haag\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Norbert Haag\AppData\Local\Temp\Quarantine.exe
C:\Users\Norbert Haag\AppData\Local\Temp\sp64126.exe
C:\Users\Norbert Haag\AppData\Local\Temp\tmp57AC.exe
C:\Users\Norbert Haag\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Norbert Haag\AppData\Local\Temp\unrar.dll
C:\Users\Norbert Haag\AppData\Local\Temp\vlc-2.1.4-win64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-07 05:02

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

und das FRST addition log:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-06-2014 01
Ran by Norbert Haag at 2014-06-10 15:49:48
Running from C:\Users\Norbert Haag\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7 Sticky Notes (HKLM-x32\...\{2DB7DD8E-F17B-408A-B93B-92867EF7974D}_is1) (Version:  - Fabio Martin)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Bridge 1.0 (x32 Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Creative Suite 2 (HKLM-x32\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version:  - )
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe Illustrator CS2 (x32 Version: 12.000.000 - Adobe Systems Inc.) Hidden
Adobe InDesign CS2 (x32 Version: 004.000.000 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Adobe Version Cue CS2 (x32 Version: 2.0 - Adobe Systems, Inc.) Hidden
Ahnenblatt 2.74 (HKLM-x32\...\Ahnenblatt_is1) (Version: 2.74.0.1 - Dirk Boettcher)
AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{45324571-83B7-307A-6114-DAE65A50DC8E}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Media Foundation Decoders (Version: 1.0.70329.2315 - Advanced Micro Devices, Inc.) Hidden
AmoK Exif Sorter 2.5.6 (nur deinstallieren) (HKLM-x32\...\AmoKExifSorter2) (Version:  - )
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.42 - ArcSoft)
ArcSoft TotalMedia (x32 Version: 1.0.61.25 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.38 - ArcSoft)
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Benutzerhandbuch EPSON BX630FW Series (HKLM-x32\...\EPSON BX630FW Series Useg) (Version:  - )
Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0329.2312.39738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0329.2312.39738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0329.2312.39738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0329.2312.39738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0329.2312.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0329.2312.39738 - Advanced Micro Devices, Inc.) Hidden
ClipGrab 3.4.3 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
comdirect BörsenTicker (HKLM-x32\...\de.comdirect.ticker.CD5696F93DD370A1D14916944CB4AC4A409DD315.1) (Version: 1.0.2 - comdirect Bank AG)
comdirect BörsenTicker (x32 Version: 1.0.2 - comdirect Bank AG) Hidden
CyberLink MediaEspresso 6.7 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.7.4131_47226 - CyberLink Corp.)
CyberLink MediaEspresso 6.7 (x32 Version: 6.7.4131_47226 - CyberLink Corp.) Hidden
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
CyberLink PhotoNow (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.3207 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.3.3207 - CyberLink Corp.) Hidden
CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.3625 - CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.3625 - Ihr Firmenname) Hidden
CyberLink PowerDirector Express (HKLM-x32\...\InstallShield_{EDE721EC-870A-11D8-9D75-000129760D75}) (Version: 6.5.4515 - CyberLink Corp.)
CyberLink PowerDirector Express (x32 Version: 6.5.4515 - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2415 - CyberLink Corp.)
CyberLink PowerProducer (x32 Version: 5.0.2.2415 - CyberLink Corp.) Hidden
CyberLink WaveEditor 2 (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.3206 - CyberLink Corp.)
CyberLink WaveEditor 2 (x32 Version: 2.0.3206 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version:  - Microsoft)
DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.2 - DivX, Inc.)
Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
Download Protect (HKCU\...\{132401a7-2006-4342-b43c-ccf5f02c2b01}) (Version:  - Download Protect)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
EPSON BX630FW Series Printer Uninstall (HKLM\...\EPSON BX630FW Series) (Version:  - SEIKO EPSON Corporation)
Epson Easy Photo Print 2 (HKLM-x32\...\{FFF841F3-9A15-4F61-BD16-C19F132E5A27}) (Version: 2.3.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
Evernote v. 4.6.5 (HKLM-x32\...\{F47455A0-B827-11E2-870C-984BE15F174E}) (Version: 4.6.5.8353 - Evernote Corp.)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\Firebird SQL Server D) (Version: 2.0.1.13 - MAGIX AG)
FUJIFILM MyFinePix Studio 4.2 (HKLM-x32\...\MyFinePix Studio_is1) (Version:  - )
Garmin BaseCamp (HKLM-x32\...\{EBAC8FD4-28EC-46F7-BF9E-89D6E6673001}) (Version: 4.2.5 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{AFA301E1-B410-4F1B-B1C0-2E92FDCD94AD}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin MapSource (HKLM-x32\...\{58FA5D40-E35A-47ED-8AFA-68CCC758559E}) (Version: 6.15.11 - Garmin Ltd or its subsidiaries)
Garmin TOPO Deutschland v3 (HKLM-x32\...\{AE255C55-E0CF-4591-AA86-CAA19AA32C53}) (Version: 3.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Trip and Waypoint Manager v5 (HKLM-x32\...\{414A373B-59DF-4102-94CA-9FE9A74CBDDA}) (Version: 5.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.0 - Google Inc.) Hidden
Hardcopy (HKLM-x32\...\Hardcopy) (Version: 2013.02.01 - www.hardcopy.de)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{B64F0818-316F-4237-8CB4-35BC2DA784C2}) (Version: 5.1.12.1 - Hewlett-Packard Company)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{A351CC1B-C92C-4F37-8109-9F6D33ACF5EF}) (Version: 1.1.1.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{6357258D-2BF9-49E7-A9EF-0C609D52C46D}) (Version: 2.0.6.1 - Hewlett-Packard Company)
HP ESU for Microsoft Windows 8 (HKLM-x32\...\{2F8A00FC-1F12-44B2-AA37-F9A358EDC161}) (Version: 1.2.2 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1113.1_WHQL - Sonix)
HP Hotkey Support (HKLM-x32\...\{7F7E2060-7212-4A53-9875-55173E4BA3F0}) (Version: 5.0.21.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company)
HP Quick Start (HKLM-x32\...\{BB27C290-AB30-4D9E-A5D1-88745AAE42E9}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{3F728815-C7E8-40EA-8D1A-F7B8E2382325}) (Version: 3.4.10.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{C4E9E8A4-EEC4-4F9E-B140-520A8B75F430}) (Version: 2.4.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HPISDataManager (HKLM-x32\...\{A682ACFC-C295-44F9-B745-6656B3272E7D}) (Version: 1.0.0.27 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6435.0 - IDT)
ImageMixer 3 SE Ver.4 Transfer Utility (HKLM-x32\...\{CAE4E520-4695-4A96-8661-B62FA5FB669E}) (Version: 3.03.005 - PIXELA)
ImageMixer 3 SE Ver.4 Video Tools (HKLM-x32\...\{AE6ECFF9-FD33-48A3-B4AC-89263CC393A8}) (Version: 3.03.009 - PIXELA)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
inSSIDer 3 (HKLM-x32\...\{A80CEA4E-74C1-4F9F-806B-E1D9AFC01768}) (Version: 3.0.7.48 - MetaGeek, LLC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.6.1002 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
ISO Workshop 5.3 (HKLM-x32\...\ISO Workshop_is1) (Version:  - Glorylogic)
iTunes (HKLM\...\{1CF5754A-545B-4360-BFDE-2847BC728DFC}) (Version: 11.2.0.115 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.)
MAGIX 3D Maker (embeded) (HKLM-x32\...\MAGIX 3D Maker D) (Version: 6.0.0.3 - MAGIX AG)
MAGIX Foto Manager 8 6.0.1.457 (D) (HKLM-x32\...\MAGIX Foto Manager 8 D) (Version: 6.0.1.457 - MAGIX AG)
MAGIX Fotobuch 3.6 (HKLM-x32\...\MAGIX Fotobuch) (Version: 3.6 - MAGIX AG)
MAGIX Fotos auf CD & DVD 8 deluxe 8.0.0.14 (D) (HKLM-x32\...\MAGIX Fotos auf CD & DVD 8 deluxe D) (Version: 8.0.0.14 - MAGIX AG)
MAGIX Online Druck Service 3.4.3.0 (D) (HKLM-x32\...\MAGIX Online Druck Service D) (Version: 3.4.3.0 - MAGIX AG)
MAGIX Screenshare 4.3.6.1987 (D) (HKLM-x32\...\MAGIX Screenshare D) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Xtreme Foto Designer 6 6.0.25.0 (D) (HKLM-x32\...\MAGIX Xtreme Foto Designer 6 D) (Version: 6.0.25.0 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.190 - McAfee, Inc.)
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7943 - Memeo Inc.)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Music Transfer Utility Ver.1 (HKLM-x32\...\{9E520B22-546E-4AD3-8958-7D1EB8587AB1}) (Version: 1.00.005 - PIXELA)
MyDriveConnect 3.3.0.1318 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1318 - TomTom)
Netzwerkhandbuch EPSON BX630FW Series (HKLM-x32\...\EPSON BX630FW Series Netg) (Version:  - )
Newblue Art Effects for PowerDirector (HKLM\...\NewBlue Art Effects for PowerDirector) (Version: 2.0 - NewBlue)
NSU (HKLM-x32\...\{323F7AD9-1F4D-49E1-973B-80E1B6F1623A}) (Version: 1.00.1000 - Medion AG)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.49 - PDF Complete, Inc)
Picture Collage Maker 3.3.7 (HKLM-x32\...\{D53599B0-AA76-4CC6-B9EF-CC2F27B56F24}_is1) (Version: 3.3.7 - PearlMountain Technology Co., Ltd)
PowerDirector (Version: 11.0 - Ihr Firmenname) Hidden
Protegere (HKLM-x32\...\Protegere) (Version:  - )
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.209 - Qualcomm Atheros Communications)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Reader for PC (HKLM-x32\...\{8A3072C3-8EA3-4CDE-B342-88E67FAB06E5}) (Version: 2.3.00.03130 - Sony Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Roadkil's Unstoppable Copier Version 5.2 (HKLM-x32\...\{A306FD29-7D3A-4287-91AC-9A0180931395}_is1) (Version:  - Roadkil.Net)
SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.4.201403101311 - Sony Mobile Communications AB)
Sony PC Companion 2.10.188 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.188 - Sony)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.10.89 - Akademische Arbeitsgemeinschaft)
Suite Specific (x32 Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TraXEx 4.0 (HKLM-x32\...\TraXEx_is1) (Version: 4.0.4.0 - Alexander Miehlke Softwareentwicklung)
UltraISO Premium V9.6 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Validity Fingerprint Sensor Driver (HKLM\...\{93581599-ECF1-4DCD-BE36-BD969A6C8DB5}) (Version: 4.4.213.0 - Validity Sensors, Inc.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CF}) (Version: 15.0.10039 - WinZip Computing, S.L. )
WISO Mein Geld 2014 Standard (HKLM-x32\...\WISO Mein Geld 2014 Standard) (Version:  - Buhl Data Service GmbH)
WISO Mein Geld 2014 Standard (x32 Version: 16.0.1.0 - Buhl Data Service GmbH) Hidden

==================== Restore Points  =========================

21-05-2014 07:25:03 Geplanter Prüfpunkt
26-05-2014 12:11:38 Installed Reader for PC.
02-06-2014 14:47:06 Installed Java 7 Update 60

==================== Hosts content: ==========================

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {10D61BE7-FEA1-4A2A-858F-EE23CE3312D7} - \02f210d6-f6c3-429f-a3bf-a5f16f19c2e1-3 No Task File <==== ATTENTION
Task: {1BA1AC96-1139-4FC4-90DE-72FE170A6755} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {28163569-7842-4623-9AD8-90C46A89C148} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {29485FA1-1B63-4ABD-9D3B-6F63303F462E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-10] (Google Inc.)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {49B092D1-E41C-4E9E-A6C1-A4B9A45500DA} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {4A059E0A-03D4-4FBB-A424-D517B85E2C50} - \EPUpdater No Task File <==== ATTENTION
Task: {4AEBBE0E-0E14-4F56-A2AC-E095CC95200E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {50BC8A03-52B8-4B5C-BE0E-A87D51D1D1C6} - \PC Health Advisor Defrag No Task File <==== ATTENTION
Task: {538A3468-11D3-4D4B-8C5C-87353C6FE929} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {58DAEEE9-BE54-4D80-84CD-F0DAC81E81F6} - \ParetoLogic Registration3 No Task File <==== ATTENTION
Task: {59AD864D-F0AE-4F78-AACF-596943A9948F} - \02f210d6-f6c3-429f-a3bf-a5f16f19c2e1-5 No Task File <==== ATTENTION
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73512D35-5A7D-4A07-A61B-33BF551D70B3} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7C3ACEED-3541-444E-853D-581F0AF83EE9} - \02f210d6-f6c3-429f-a3bf-a5f16f19c2e1-4 No Task File <==== ATTENTION
Task: {82D9D8A4-E3D4-4B2D-A827-ED4A0B681C71} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-10] (Google Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {89E2F9E5-886F-4DFB-BC8D-B97B5B80E9FE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {92425016-98F9-414D-BAE1-C1740E99F378} - \02f210d6-f6c3-429f-a3bf-a5f16f19c2e1-2 No Task File <==== ATTENTION
Task: {98E1640F-5926-4CBE-B6BB-5B53187B8DFD} - \PC Health Advisor No Task File <==== ATTENTION
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A25C4D46-DA8B-4372-9282-76EFB8E07835} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2013-05-31] (CyberLink)
Task: {A8E95D02-FAC6-4ECB-A781-E418FF201BF8} - \02f210d6-f6c3-429f-a3bf-a5f16f19c2e1-1 No Task File <==== ATTENTION
Task: {AE6E5732-B74E-427E-A1E3-5E2634A8FE3A} - System32\Tasks\hcdll2_ex_Win32 => C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe [2012-11-08] ()
Task: {B0B004F0-DA18-4D56-BE9F-BD26A5F31647} - System32\Tasks\HPCeeScheduleForNorbert Haag => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {B306BE8F-77A1-455F-B62A-E58C41628D3A} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {D8D25A27-707E-4F5A-B274-1E7BC34670FE} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DA722C46-0374-4CE8-A4BA-432F4823449E} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {DBE3B809-7F0F-44D6-9729-BDE8E9A6D45E} - \ParetoLogic Update Version3 No Task File <==== ATTENTION
Task: {DC0BAF41-25A4-45B4-B679-6082674460DD} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {DF323EF3-0934-4B81-97E4-DC2279BF9313} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {ECE551D1-BFF8-4352-ABB5-EA80357A1DCD} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {FA6CCCF3-B402-4E29-AD4A-4FD423D1A997} - System32\Tasks\hcdll2_ex_x64 => C:\Program Files (x86)\Hardcopy\hcdll2_ex_x64.exe [2012-11-08] ()
Task: {FF6548E0-A167-4EDF-833B-53BB63663808} - \BitGuard No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForNorbert Haag.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2014-05-14 11:36 - 2014-05-14 11:36 - 00120832 _____ () C:\WINDOWS\system32\Nlsdl64.exe
2014-05-14 11:36 - 2014-05-14 11:36 - 00124928 _____ () C:\Windows\System32\DlProtectSvc.exe
2005-04-06 17:53 - 2005-04-06 17:53 - 03502080 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
2013-03-07 18:22 - 2009-02-16 16:02 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-07-26 13:25 - 2013-03-06 14:42 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-02-16 13:03 - 2012-07-30 10:28 - 00125504 _____ () C:\Program Files (x86)\Hardcopy\HcDLL2_38_x64.dll
2013-02-16 13:03 - 2012-11-08 08:38 - 00044608 _____ () C:\Program Files (x86)\Hardcopy\hcdll2_ex_x64.exe
2013-02-16 13:03 - 2012-11-08 08:39 - 00037440 _____ () C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
2012-12-14 03:42 - 2012-12-14 03:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-26 12:30 - 2011-10-20 22:22 - 01789440 _____ () C:\Program Files (x86)\Medion AG\NSU\NSU.exe
2012-02-10 23:26 - 2012-02-10 23:26 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2005-04-06 17:52 - 2005-04-06 17:52 - 00028791 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\hpi.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00057453 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\verify.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00102515 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\java.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00053364 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\zip.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00057455 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\net.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00032880 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\nio.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00434255 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\ps-rw-vc-v8_58.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 01019904 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\ps-vc-v8_58.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-16 13:03 - 2012-07-05 15:56 - 00052800 _____ () C:\Program Files (x86)\Hardcopy\hardcopy_05.dll
2013-02-16 13:03 - 2012-07-30 10:27 - 00116800 _____ () C:\Program Files (x86)\Hardcopy\HcDLL2_38_Win32.dll
2013-07-26 12:30 - 2011-07-01 11:46 - 00806912 _____ () C:\Program Files (x86)\Medion AG\NSU\LIBEAY32.dll
2013-10-21 09:33 - 2013-10-21 09:33 - 00026520 _____ () C:\Program Files (x86)\MyDrive Connect\DeviceDetection.dll
2013-10-21 09:33 - 2013-10-21 09:33 - 00082840 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterBase.dll
2013-10-21 09:33 - 2013-10-21 09:33 - 00337816 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterProxy.dll
2013-05-20 11:24 - 2008-09-18 22:14 - 00364544 ____N () C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\pxl_m17n_tool.dll
2014-06-10 15:31 - 2014-06-10 15:31 - 00043008 _____ () C:\Users\Norbert Haag\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpifxzpu.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Norbert Haag\AppData\Roaming\Dropbox\bin\libcef.dll
2013-02-16 13:03 - 2013-01-28 08:15 - 02920952 _____ () C:\Program Files (x86)\Hardcopy\HcDllS.dll
2014-04-27 20:36 - 2014-04-27 20:36 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\7b676a821669300b7d99da8e03e8f110\PSIClient.ni.dll
2012-06-29 16:38 - 2013-10-25 17:12 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-05-11 11:09 - 2014-05-11 11:09 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\HPRDC.OS:$WIMMOUNTDATA
AlternateDataStreams: C:\Users\Norbert Haag\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS Adapter
Description: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (06/10/2014 03:50:15 PM) (Source: DCOM) (EventID: 10010) (User: NORBERTHAAG-HP)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (06/10/2014 03:49:45 PM) (Source: DCOM) (EventID: 10010) (User: NORBERTHAAG-HP)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (06/10/2014 03:49:15 PM) (Source: DCOM) (EventID: 10010) (User: NORBERTHAAG-HP)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-06-08 09:31:55.709
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-06 10:36:53.045
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-06 10:36:52.972
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-06 10:36:52.910
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-06 10:36:52.742
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-06 10:36:52.631
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-06 10:36:52.461
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-06 10:36:52.314
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-04 11:11:22.712
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-03 16:37:20.911
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Percentage of memory in use: 26%
Total physical RAM: 8075.59 MB
Available physical RAM: 5955.86 MB
Total Pagefile: 9355.59 MB
Available Pagefile: 7013.09 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:675.29 GB) (Free:492.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.96 GB) FAT32
Drive g: (HP_RECOVERY) (Fixed) (Total:21.05 GB) (Free:3.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 4D8DCA1E)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=675 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

==================== End Of Log ============================

Hoffe dass download protect und andere Malware jetzt unschädlich ist.

Hätte mich schon mal gerne per Smiley bedankt, aber der Siteadvisor warnt vor der
Smiley-Seite des trojaner-board.de. 

Also - vorab herzlichen Dank für die gute Hilfestellung !

Ruhrnobi

[/CODE]

Irgendwie ist mein Gruß am Ende abhanden gekommen.
Wollte schon mal eine Danke-schön Smiley anhängen, aber die trojaner-board.de smiley Seite wird von siteadvisor als kritisch eingestuft.
Wie auch immer - erst mal herzlichen Dank.

Ruhrnobi

Hallo schrauber,

habe zur Sicherheit gerade noch mal meine Firefox Add-ons angeschaut.
Der download protect ist nicht da.
Was lief falsch ?

Ruhrnovi

Schreibfehler: ist noch da

schrauber · 11.06.2014, 08:47

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
FF Extension: Download Protect - C:\WINDOWS\Installer\{3AAD13D1-999B-4311-A006-2DDD704E13CF}\{BE274E68-3CF3-453A-8286-C08508EE8238}.xpi [2014-06-09]
R1 {e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64; C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys [61120 2014-04-24] (StdLib)
C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

nobiruhr · 13.06.2014, 07:01

Hallo schrauber,

hier die angeforderten Files:

Fixlog

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-06-2014 01
Ran by Norbert Haag at 2014-06-11 22:45:21 Run:1
Running from C:\Users\Norbert Haag\Downloads\Trojaner Abwehr
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
FF Extension: Download Protect - C:\WINDOWS\Installer\{3AAD13D1-999B-4311-A006-2DDD704E13CF}\{BE274E68-3CF3-453A-8286-C08508EE8238}.xpi [2014-06-09]
R1 {e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64; C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys [61120 2014-04-24] (StdLib)
C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys
         
*****************

C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\WINDOWS\Installer\{3AAD13D1-999B-4311-A006-2DDD704E13CF}\{BE274E68-3CF3-453A-8286-C08508EE8238}.xpi => Moved successfully.
{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64 => Unable to stop service
{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64 => Service deleted successfully.
C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys => Moved successfully.


The system needed a reboot. 

==== End of Fixlog ====

Das Eset-Log:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=5f868867ec1d86449847c13114498722
# engine=18684
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-12 10:23:19
# local_time=2014-06-13 12:23:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 32638 6995320 0 0
# scanned=317293
# found=10
# cleaned=0
# scan_time=29325
sh=F831FBC6A34556761399CE04D4B421C7BA716480 ft=1 fh=d91bac541848e8d7 vn="Win32/Toolbar.Funmoods evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\escortShld.dll.vir"
sh=F6FB123B9F3604629D0CFA93BB8D45DF3DB5E511 ft=1 fh=bae64ff57b12b8e1 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\searchgolApp.dll.vir"
sh=8E9985E14F4C259A48F2730C31816FE01FB3F865 ft=1 fh=4002b95c2b374955 vn="möglicherweise Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\searchgolEng.dll.vir"
sh=6520D348A6F1EA16BBECE520507946C57065A8FD ft=1 fh=2af50e6cee369def vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\searchgolsrv.exe.vir"
sh=57F06A8C7A86599F43AFFF3080D4DA9ADC2FAD73 ft=1 fh=27f83682369f38da vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\searchgolTlbr.dll.vir"
sh=133303BCE1ECF349510B3998FA793BB4C0C16622 ft=1 fh=a7489edf367e6313 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\uninstall.exe.vir"
sh=30971B5BE14BBEF177CF34714DD35A0174449A15 ft=1 fh=ff621fdc0f8fcec5 vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\bh\searchgol.dll.vir"
sh=D8F10BDFCF1D7203A10EDD44BFA91E63429F7509 ft=1 fh=125879de58b34aa1 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Norbert Haag\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
sh=22EA12E23878248FEBC79C3B7FD1FA8B91F03725 ft=1 fh=fe2b149769bf0004 vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Norbert Haag\AppData\Roaming\OpenCandy\5716AAF5CA3F4829908D9230FC0FB32E\SearchGolTB.exe.vir"
sh=8CE29B8AB884C4365F82A7A8AFB62B296781C051 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Norbert Haag\Desktop\Alte Firefox-Daten\y4zes6z8.default\extensions\a54e453c-130a-4769-9333-c5ec2aa914c5@9bd7cc89-9c7c-44e9-a03b-042b92d363f0.com\extensionData\plugins\91.js"

Und das Security checkup-Log:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.83  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 McAfee SiteAdvisor    
 Java 7 Update 60  
 Java version out of Date! 
 Adobe Flash Player 	13.0.0.214  
 Adobe Reader XI  
 Mozilla Firefox (29.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Windows Defender MpCmdRun.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

Windows defender und Firewall habe ich wieder aktiviert.

FRST folgt in separater Antwort.

Macht Spaß, mit Euch zusammenzuarbeiten.
Super Team, ganz herzlich Dank.

Ruhrnobi

nobiruhr · 13.06.2014, 07:03

Hier noch die FRST logs:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2014 01
Ran by Norbert Haag (administrator) on NORBERTHAAG-HP on 13-06-2014 07:58:53
Running from C:\Users\Norbert Haag\Downloads\Trojaner Abwehr
Platform: Windows 8.1 Pro with Media Center (Update 1) (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\System32\Nlsdl64.exe
() C:\Windows\System32\DlProtectSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
() C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
() C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
() C:\Program Files (x86)\Hardcopy\hcdll2_ex_x64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHWE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHWE.EXE
() C:\Program Files (x86)\Medion AG\NSU\NSU.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(PIXELA CORPORATION) C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Norbert Haag\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Sytems Incorporated) C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(sw4you, Siegfried Weckmann) C:\Program Files (x86)\Hardcopy\hardcopy.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
() C:\Program Files (x86)\comdirect BörsenTicker\comdirect BörsenTicker.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [EPSON Stylus DX4200] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_FATIAEE.EXE [98304 2005-03-08] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764544 2012-09-14] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-14] (Atheros Communications)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-05-31] (IDT, Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-12-20] (Synaptics Incorporated)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] ()
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2013-06-01] (Intel Corporation)
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-09-28] (Memeo Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2013-11-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Version Cue CS2] => C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2014-03-13] (Sony Corporation)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [683656 2013-06-05] (PDF Complete Inc)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-08-07] (CyberLink Corp.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-10-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-27] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHWE.EXE [241280 2013-03-23] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [EPLTarget\P0000000000000002] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHWE.EXE [241280 2013-03-23] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [NSU] => C:\Program Files (x86)\Medion AG\NSU\NSU.exe [1789440 2011-10-20] ()
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2013-09-30] (Microsoft Corporation)
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1713416 2013-08-07] (CyberLink Corp.)
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [473496 2013-10-21] (TomTom)
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.4.lnk
ShortcutTarget: ImageMixer 3 SE Camera Monitor Ver.4.lnk -> C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TraXEx 4.0.lnk
ShortcutTarget: TraXEx 4.0.lnk -> C:\Program Files (x86)\TraXEx\TraXEx.exe (Alexander Miehlke Softwareentwicklung)
Startup: C:\Users\Norbert Haag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Norbert Haag\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Norbert Haag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
ShortcutTarget: Hardcopy.LNK -> C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {12DEB332-337B-424F-B221-171F6B645E20} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Norbert Haag\AppData\Roaming\Mozilla\Firefox\Profiles\vq1suljs.default-1400139493461
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de?hl=de&gl=de
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop - C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Norbert Haag\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-02-02]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-02-02]
FF HKLM-x32\...\Firefox\Extensions: [{BE274E68-3CF3-453A-8286-C08508EE8238}] - C:\WINDOWS\Installer\{3AAD13D1-999B-4311-A006-2DDD704E13CF}\{BE274E68-3CF3-453A-8286-C08508EE8238}.xpi
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

==================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-30] (Adobe Systems) [File not signed]
R2 Adobe Version Cue CS2; C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-09-14] (Qualcomm Atheros Commnucations)
R2 DivXDodecVersionChecker; C:\WINDOWS\system32\Nlsdl64.exe [120832 2014-05-14] () [File not signed]
R2 DlProtectSvc; C:\Windows\System32\DlProtectSvc.exe [124928 2014-05-14] () [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-10-16] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2013-06-01] (Intel Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-10-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-10-25] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155856 2014-06-03] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2013-11-05] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-06-05] (PDF Complete Inc)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-02-16] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] ()
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2013-11-26] (Sony Corporation) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2013-05-31] (IDT, Inc.) [File not signed]
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2012-02-03] (ArcSoft, Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-05] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2013-11-05] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-14] (Atheros) [File not signed]
S2 Update raving reyven; "C:\Program Files (x86)\raving reyven\updateravingreyven.exe" [X]

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-14] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2013-11-05] (Microsoft Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [1866080 2012-11-20] ()
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
U3 idsvc; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-12 15:24 - 2014-05-05 06:02 - 03360256 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-06-12 15:22 - 2014-05-19 08:31 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2014-06-12 15:22 - 2014-05-19 08:21 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2014-06-12 15:22 - 2014-05-19 07:23 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe
2014-06-10 18:51 - 2014-06-13 07:58 - 00000000 ____D () C:\Users\Norbert Haag\Downloads\Trojaner Abwehr
2014-06-10 15:35 - 2014-06-10 15:35 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-06-10 14:57 - 2014-06-10 15:21 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 14:57 - 2014-06-10 14:57 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-10 14:57 - 2014-06-10 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-10 14:57 - 2014-06-10 14:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-10 14:57 - 2014-06-10 14:57 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-10 14:57 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-10 14:57 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-06-10 14:57 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-06-09 15:20 - 2014-06-13 07:59 - 00000000 ____D () C:\FRST
2014-06-09 15:18 - 2014-06-09 15:18 - 00000000 _____ () C:\Users\Norbert Haag\defogger_reenable
2014-06-09 13:46 - 2014-06-09 13:46 - 00544502 _____ () C:\Users\Norbert Haag\Desktop\bookmarks-2014-06-09.json
2014-06-02 16:48 - 2014-06-02 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-02 16:48 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-06-02 16:48 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-06-02 16:48 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-06-02 16:48 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-06-02 16:47 - 2014-06-02 16:48 - 00004563 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_60-b19.log
2014-05-30 07:37 - 2014-05-30 07:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-05-30 07:37 - 2014-05-30 07:37 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-05-26 21:58 - 2014-05-26 21:58 - 00001042 _____ () C:\Users\Public\Desktop\Roadkil's Unstoppable Copier.lnk
2014-05-26 21:58 - 2014-05-26 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roadkil.Net
2014-05-26 21:58 - 2014-05-26 21:58 - 00000000 ____D () C:\Program Files (x86)\Roadkil.Net
2014-05-26 21:56 - 2014-05-26 21:57 - 00427256 _____ (Roadkil.Net ) C:\Users\Norbert Haag\Downloads\UnstopCpy_5_2_Win2K_UP_Setup(1).exe
2014-05-26 19:09 - 2014-06-10 15:29 - 00000000 ____D () C:\AdwCleaner
2014-05-26 14:13 - 2014-05-26 14:13 - 00002081 _____ () C:\Users\Norbert Haag\Desktop\Reader for PC.lnk
2014-05-26 14:13 - 2014-05-26 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reader for pc
2014-05-26 12:25 - 2014-05-26 12:25 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-26 12:25 - 2014-05-26 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-26 12:24 - 2014-05-26 12:25 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-26 12:24 - 2014-05-26 12:25 - 00000000 ____D () C:\Program Files\iTunes
2014-05-26 12:24 - 2014-05-26 12:25 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-26 12:24 - 2014-05-26 12:24 - 00000000 ____D () C:\Program Files\iPod
2014-05-26 12:21 - 2014-05-26 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-05-26 12:20 - 2014-05-26 12:21 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-05-26 08:53 - 2014-05-26 08:53 - 00098822 _____ () C:\Users\Norbert Haag\Downloads\DesktopOK_393.zip
2014-05-24 11:19 - 2014-05-24 11:19 - 00001085 _____ () C:\Users\Norbert Haag\Desktop\Exifsorter - Bilder Titel.lnk
2014-05-20 08:41 - 2014-06-11 22:47 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-05-17 16:41 - 2014-05-17 16:51 - 405405696 _____ () C:\Users\Norbert Haag\Desktop\2001 bis 2009 Rückblick mit Fotos.iso
2014-05-15 09:38 - 2014-05-15 09:38 - 00000000 ____D () C:\Users\Norbert Haag\Desktop\Alte Firefox-Daten
2014-05-14 21:21 - 2014-05-31 07:13 - 00703992 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-14 21:21 - 2014-05-31 07:13 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 11:40 - 2014-05-17 16:40 - 00000026 _____ () C:\Users\Norbert Haag\AppData\Local\isoworkshop.ini
2014-05-14 11:39 - 2014-05-14 11:39 - 00001211 _____ () C:\Users\Public\Desktop\ISO Workshop.lnk
2014-05-14 11:39 - 2014-05-14 11:39 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\dlg
2014-05-14 11:36 - 2014-05-14 11:36 - 00124928 _____ () C:\WINDOWS\system32\DlProtectSvc.exe
2014-05-14 11:36 - 2014-05-14 11:36 - 00120832 _____ () C:\WINDOWS\system32\Nlsdl64.exe
2014-05-14 08:02 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-14 08:02 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-14 08:02 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-14 08:02 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-14 08:02 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-05-14 08:02 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-05-14 08:02 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-14 08:02 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-14 08:02 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-05-14 08:02 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-05-14 08:02 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-05-14 08:02 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-05-14 08:02 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-05-14 08:01 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-05-14 08:01 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-05-14 08:01 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-14 08:01 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-05-14 08:01 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-05-14 08:01 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-05-14 08:01 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-05-14 08:01 - 2014-04-11 05:36 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-05-14 08:01 - 2014-04-11 05:24 - 13288960 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-05-14 08:01 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-14 08:01 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 08:01 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-14 08:01 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 08:01 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-05-14 08:01 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-05-14 08:01 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-14 08:01 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-14 08:01 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-05-14 08:01 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-05-14 08:01 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-05-14 08:01 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-05-14 08:01 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-05-14 08:01 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-05-14 08:01 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-14 08:01 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-14 08:01 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-05-14 08:01 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-05-14 07:59 - 2014-03-27 11:12 - 21225584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-05-14 07:59 - 2014-03-27 09:48 - 18679728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

==================== One Month Modified Files and Folders =======

2014-06-13 07:59 - 2014-06-09 15:20 - 00000000 ____D () C:\FRST
2014-06-13 07:59 - 2013-11-05 13:19 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Local\Temp
2014-06-13 07:58 - 2014-06-10 18:51 - 00000000 ____D () C:\Users\Norbert Haag\Downloads\Trojaner Abwehr
2014-06-13 07:57 - 2013-02-05 23:02 - 00000000 ____D () C:\Users\Norbert Haag\Documents\Outlook-Dateien
2014-06-13 07:49 - 2013-10-10 22:18 - 00001152 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-13 07:49 - 2012-11-29 18:23 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\Skype
2014-06-13 07:45 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-06-13 07:35 - 2013-11-05 13:17 - 01064119 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-13 07:28 - 2013-01-05 16:07 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-13 07:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-06-13 06:23 - 2012-12-09 13:29 - 00000390 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForNorbert Haag.job
2014-06-12 16:41 - 2013-09-30 06:14 - 02076070 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-12 16:41 - 2013-09-30 05:58 - 00882614 _____ () C:\WINDOWS\system32\perfh007.dat
2014-06-12 16:41 - 2013-09-30 05:58 - 00202666 _____ () C:\WINDOWS\system32\perfc007.dat
2014-06-12 16:40 - 2013-10-05 23:23 - 00007168 _____ () C:\Users\Norbert Haag\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-12 15:36 - 2013-01-30 20:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 15:36 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-06-12 15:35 - 2013-07-13 21:59 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-06-12 15:33 - 2012-12-02 13:50 - 95414520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-06-12 15:22 - 2012-11-29 12:52 - 00003982 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C158A91F-5486-490B-9002-3EA32ED42ED0}
2014-06-12 15:18 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-06-11 23:04 - 2012-12-30 17:22 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2157886841-597143831-284766362-1002
2014-06-11 22:48 - 2014-05-03 09:07 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\DropboxMaster
2014-06-11 22:48 - 2013-12-18 11:28 - 00000000 __RDO () C:\Users\Norbert Haag\SkyDrive
2014-06-11 22:48 - 2013-03-01 16:54 - 00000000 ___RD () C:\Users\Norbert Haag\Dropbox
2014-06-11 22:48 - 2013-03-01 16:51 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\Dropbox
2014-06-11 22:48 - 2012-12-09 15:58 - 00000000 ____D () C:\Users\Norbert Haag\NSU
2014-06-11 22:47 - 2014-05-20 08:41 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-06-11 22:47 - 2013-10-10 22:18 - 00001148 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-11 22:47 - 2012-04-16 05:16 - 00000000 ____D () C:\ProgramData\PDFC
2014-06-11 22:46 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-11 22:46 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-06-11 22:45 - 2009-07-14 05:20 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-06-11 22:37 - 2013-02-07 14:00 - 00000000 ____D () C:\Users\Norbert Haag\Documents\WISO Mein Geld
2014-06-11 11:38 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-06-10 15:35 - 2014-06-10 15:35 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-06-10 15:30 - 2013-09-29 21:05 - 00022192 _____ () C:\WINDOWS\PFRO.log
2014-06-10 15:29 - 2014-05-26 19:09 - 00000000 ____D () C:\AdwCleaner
2014-06-10 15:21 - 2014-06-10 14:57 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 14:57 - 2014-06-10 14:57 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-10 14:57 - 2014-06-10 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-10 14:57 - 2014-06-10 14:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-10 14:57 - 2014-06-10 14:57 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-09 15:55 - 2013-02-07 12:39 - 00000000 ____D () C:\Users\Norbert Haag\Desktop\Persönlich
2014-06-09 15:18 - 2014-06-09 15:18 - 00000000 _____ () C:\Users\Norbert Haag\defogger_reenable
2014-06-09 15:18 - 2013-11-05 13:19 - 00000000 ____D () C:\Users\Norbert Haag
2014-06-09 13:46 - 2014-06-09 13:46 - 00544502 _____ () C:\Users\Norbert Haag\Desktop\bookmarks-2014-06-09.json
2014-06-07 17:47 - 2014-02-27 16:18 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-07 17:47 - 2012-06-29 17:06 - 00000000 ____D () C:\ProgramData\Skype
2014-06-07 17:44 - 2013-02-02 16:40 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-06-07 17:13 - 2014-05-13 19:47 - 00016072 _____ () C:\Users\Norbert Haag\Desktop\Sicherungen Film Musik sonst Überblick.xlsx
2014-06-06 15:44 - 2013-08-22 16:46 - 00331948 _____ () C:\WINDOWS\setupact.log
2014-06-06 12:23 - 2012-12-09 13:29 - 00003218 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForNorbert Haag
2014-06-06 12:23 - 2012-11-29 18:32 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-06-06 12:22 - 2013-02-15 13:50 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-03 19:37 - 2013-10-09 13:53 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\vlc
2014-06-02 16:48 - 2014-06-02 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-02 16:48 - 2014-06-02 16:47 - 00004563 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_60-b19.log
2014-06-02 16:48 - 2014-01-08 11:16 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-02 16:48 - 2013-10-16 22:42 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-31 07:13 - 2014-05-14 21:21 - 00703992 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-31 07:13 - 2014-05-14 21:21 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-30 13:43 - 2014-02-05 12:24 - 00000000 ____D () C:\Users\Norbert Haag\Desktop\Transfer auf NAS
2014-05-30 13:43 - 2013-07-05 17:37 - 00000000 ____D () C:\Users\Norbert Haag\Desktop\Programme
2014-05-30 07:37 - 2014-05-30 07:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-05-30 07:37 - 2014-05-30 07:37 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-05-30 07:37 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2014-05-30 07:37 - 2013-04-11 13:41 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-05-29 17:55 - 2013-04-05 12:23 - 00000000 ____D () C:\ProgramData\AAV
2014-05-29 13:49 - 2012-11-29 12:53 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Local\PDFC
2014-05-29 12:34 - 2013-05-22 12:48 - 00000718 _____ () C:\Users\Norbert Haag\Documents\OuProxy.log
2014-05-29 09:02 - 2014-04-29 11:23 - 00002221 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2014.lnk
2014-05-26 22:16 - 2014-05-13 18:48 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\dvdcss
2014-05-26 21:58 - 2014-05-26 21:58 - 00001042 _____ () C:\Users\Public\Desktop\Roadkil's Unstoppable Copier.lnk
2014-05-26 21:58 - 2014-05-26 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roadkil.Net
2014-05-26 21:58 - 2014-05-26 21:58 - 00000000 ____D () C:\Program Files (x86)\Roadkil.Net
2014-05-26 21:57 - 2014-05-26 21:56 - 00427256 _____ (Roadkil.Net ) C:\Users\Norbert Haag\Downloads\UnstopCpy_5_2_Win2K_UP_Setup(1).exe
2014-05-26 16:58 - 2013-08-22 16:44 - 00470984 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-05-26 14:13 - 2014-05-26 14:13 - 00002081 _____ () C:\Users\Norbert Haag\Desktop\Reader for PC.lnk
2014-05-26 14:13 - 2014-05-26 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reader for pc
2014-05-26 14:13 - 2013-03-16 17:12 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Local\Sony Corporation
2014-05-26 12:25 - 2014-05-26 12:25 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-26 12:25 - 2014-05-26 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-26 12:25 - 2014-05-26 12:24 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-26 12:25 - 2014-05-26 12:24 - 00000000 ____D () C:\Program Files\iTunes
2014-05-26 12:25 - 2014-05-26 12:24 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-26 12:24 - 2014-05-26 12:24 - 00000000 ____D () C:\Program Files\iPod
2014-05-26 12:21 - 2014-05-26 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-05-26 12:21 - 2014-05-26 12:20 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-05-26 12:21 - 2013-05-21 12:48 - 00000000 ____D () C:\ProgramData\Apple
2014-05-26 08:53 - 2014-05-26 08:53 - 00098822 _____ () C:\Users\Norbert Haag\Downloads\DesktopOK_393.zip
2014-05-24 22:49 - 2013-03-01 16:52 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-24 22:49 - 2012-11-29 12:52 - 00000000 ___RD () C:\Users\Norbert Haag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-24 11:19 - 2014-05-24 11:19 - 00001085 _____ () C:\Users\Norbert Haag\Desktop\Exifsorter - Bilder Titel.lnk
2014-05-19 08:31 - 2014-06-12 15:22 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2014-05-19 08:21 - 2014-06-12 15:22 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2014-05-19 07:23 - 2014-06-12 15:22 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe
2014-05-18 18:59 - 2013-04-27 11:30 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-17 16:51 - 2014-05-17 16:41 - 405405696 _____ () C:\Users\Norbert Haag\Desktop\2001 bis 2009 Rückblick mit Fotos.iso
2014-05-17 16:40 - 2014-05-14 11:40 - 00000026 _____ () C:\Users\Norbert Haag\AppData\Local\isoworkshop.ini
2014-05-17 16:16 - 2014-04-11 19:08 - 00000000 ____D () C:\Users\Norbert Haag\Desktop\2014 Renovierung
2014-05-16 06:55 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-05-15 09:38 - 2014-05-15 09:38 - 00000000 ____D () C:\Users\Norbert Haag\Desktop\Alte Firefox-Daten
2014-05-14 21:26 - 2012-11-29 12:52 - 00000000 ___RD () C:\Users\Norbert Haag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 21:18 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-05-14 21:18 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 21:18 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 21:18 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-05-14 21:18 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-05-14 21:18 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-14 21:18 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-14 11:39 - 2014-05-14 11:39 - 00001211 _____ () C:\Users\Public\Desktop\ISO Workshop.lnk
2014-05-14 11:39 - 2014-05-14 11:39 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\dlg
2014-05-14 11:36 - 2014-05-14 11:36 - 00124928 _____ () C:\WINDOWS\system32\DlProtectSvc.exe
2014-05-14 11:36 - 2014-05-14 11:36 - 00120832 _____ () C:\WINDOWS\system32\Nlsdl64.exe

Some content of TEMP:
====================
C:\Users\Norbert Haag\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvspzev.dll
C:\Users\Norbert Haag\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Norbert Haag\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Norbert Haag\AppData\Local\Temp\Quarantine.exe
C:\Users\Norbert Haag\AppData\Local\Temp\sp64126.exe
C:\Users\Norbert Haag\AppData\Local\Temp\tmp57AC.exe
C:\Users\Norbert Haag\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Norbert Haag\AppData\Local\Temp\unrar.dll
C:\Users\Norbert Haag\AppData\Local\Temp\vlc-2.1.4-win64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-07 05:02

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-06-2014 01
Ran by Norbert Haag at 2014-06-13 07:59:49
Running from C:\Users\Norbert Haag\Downloads\Trojaner Abwehr
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7 Sticky Notes (HKLM-x32\...\{2DB7DD8E-F17B-408A-B93B-92867EF7974D}_is1) (Version:  - Fabio Martin)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Bridge 1.0 (x32 Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Creative Suite 2 (HKLM-x32\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version:  - )
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe Illustrator CS2 (x32 Version: 12.000.000 - Adobe Systems Inc.) Hidden
Adobe InDesign CS2 (x32 Version: 004.000.000 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Adobe Version Cue CS2 (x32 Version: 2.0 - Adobe Systems, Inc.) Hidden
Ahnenblatt 2.74 (HKLM-x32\...\Ahnenblatt_is1) (Version: 2.74.0.1 - Dirk Boettcher)
AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{45324571-83B7-307A-6114-DAE65A50DC8E}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Media Foundation Decoders (Version: 1.0.70329.2315 - Advanced Micro Devices, Inc.) Hidden
AmoK Exif Sorter 2.5.6 (nur deinstallieren) (HKLM-x32\...\AmoKExifSorter2) (Version:  - )
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.42 - ArcSoft)
ArcSoft TotalMedia (x32 Version: 1.0.61.25 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.38 - ArcSoft)
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Benutzerhandbuch EPSON BX630FW Series (HKLM-x32\...\EPSON BX630FW Series Useg) (Version:  - )
Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0329.2312.39738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0329.2312.39738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0329.2312.39738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0329.2312.39738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0329.2312.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0329.2312.39738 - Advanced Micro Devices, Inc.) Hidden
ClipGrab 3.4.3 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
comdirect BörsenTicker (HKLM-x32\...\de.comdirect.ticker.CD5696F93DD370A1D14916944CB4AC4A409DD315.1) (Version: 1.0.2 - comdirect Bank AG)
comdirect BörsenTicker (x32 Version: 1.0.2 - comdirect Bank AG) Hidden
CyberLink MediaEspresso 6.7 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.7.4131_47226 - CyberLink Corp.)
CyberLink MediaEspresso 6.7 (x32 Version: 6.7.4131_47226 - CyberLink Corp.) Hidden
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
CyberLink PhotoNow (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.3207 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.3.3207 - CyberLink Corp.) Hidden
CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.3625 - CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.3625 - Ihr Firmenname) Hidden
CyberLink PowerDirector Express (HKLM-x32\...\InstallShield_{EDE721EC-870A-11D8-9D75-000129760D75}) (Version: 6.5.4515 - CyberLink Corp.)
CyberLink PowerDirector Express (x32 Version: 6.5.4515 - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2415 - CyberLink Corp.)
CyberLink PowerProducer (x32 Version: 5.0.2.2415 - CyberLink Corp.) Hidden
CyberLink WaveEditor 2 (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.3206 - CyberLink Corp.)
CyberLink WaveEditor 2 (x32 Version: 2.0.3206 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version:  - Microsoft)
DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.2 - DivX, Inc.)
Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
Download Protect (HKCU\...\{132401a7-2006-4342-b43c-ccf5f02c2b01}) (Version:  - Download Protect)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
EPSON BX630FW Series Printer Uninstall (HKLM\...\EPSON BX630FW Series) (Version:  - SEIKO EPSON Corporation)
Epson Easy Photo Print 2 (HKLM-x32\...\{FFF841F3-9A15-4F61-BD16-C19F132E5A27}) (Version: 2.3.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
Evernote v. 4.6.5 (HKLM-x32\...\{F47455A0-B827-11E2-870C-984BE15F174E}) (Version: 4.6.5.8353 - Evernote Corp.)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\Firebird SQL Server D) (Version: 2.0.1.13 - MAGIX AG)
FUJIFILM MyFinePix Studio 4.2 (HKLM-x32\...\MyFinePix Studio_is1) (Version:  - )
Garmin BaseCamp (HKLM-x32\...\{EBAC8FD4-28EC-46F7-BF9E-89D6E6673001}) (Version: 4.2.5 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{AFA301E1-B410-4F1B-B1C0-2E92FDCD94AD}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin MapSource (HKLM-x32\...\{58FA5D40-E35A-47ED-8AFA-68CCC758559E}) (Version: 6.15.11 - Garmin Ltd or its subsidiaries)
Garmin TOPO Deutschland v3 (HKLM-x32\...\{AE255C55-E0CF-4591-AA86-CAA19AA32C53}) (Version: 3.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Trip and Waypoint Manager v5 (HKLM-x32\...\{414A373B-59DF-4102-94CA-9FE9A74CBDDA}) (Version: 5.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.0 - Google Inc.) Hidden
Hardcopy (HKLM-x32\...\Hardcopy) (Version: 2013.02.01 - www.hardcopy.de)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{B64F0818-316F-4237-8CB4-35BC2DA784C2}) (Version: 5.1.12.1 - Hewlett-Packard Company)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{A351CC1B-C92C-4F37-8109-9F6D33ACF5EF}) (Version: 1.1.1.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{6357258D-2BF9-49E7-A9EF-0C609D52C46D}) (Version: 2.0.6.1 - Hewlett-Packard Company)
HP ESU for Microsoft Windows 8 (HKLM-x32\...\{2F8A00FC-1F12-44B2-AA37-F9A358EDC161}) (Version: 1.2.2 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1113.1_WHQL - Sonix)
HP Hotkey Support (HKLM-x32\...\{7F7E2060-7212-4A53-9875-55173E4BA3F0}) (Version: 5.0.21.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company)
HP Quick Start (HKLM-x32\...\{BB27C290-AB30-4D9E-A5D1-88745AAE42E9}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{3F728815-C7E8-40EA-8D1A-F7B8E2382325}) (Version: 3.4.10.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{C4E9E8A4-EEC4-4F9E-B140-520A8B75F430}) (Version: 2.4.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HPISDataManager (HKLM-x32\...\{A682ACFC-C295-44F9-B745-6656B3272E7D}) (Version: 1.0.0.27 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6435.0 - IDT)
ImageMixer 3 SE Ver.4 Transfer Utility (HKLM-x32\...\{CAE4E520-4695-4A96-8661-B62FA5FB669E}) (Version: 3.03.005 - PIXELA)
ImageMixer 3 SE Ver.4 Video Tools (HKLM-x32\...\{AE6ECFF9-FD33-48A3-B4AC-89263CC393A8}) (Version: 3.03.009 - PIXELA)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
inSSIDer 3 (HKLM-x32\...\{A80CEA4E-74C1-4F9F-806B-E1D9AFC01768}) (Version: 3.0.7.48 - MetaGeek, LLC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.6.1002 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
ISO Workshop 5.3 (HKLM-x32\...\ISO Workshop_is1) (Version:  - Glorylogic)
iTunes (HKLM\...\{1CF5754A-545B-4360-BFDE-2847BC728DFC}) (Version: 11.2.0.115 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.)
MAGIX 3D Maker (embeded) (HKLM-x32\...\MAGIX 3D Maker D) (Version: 6.0.0.3 - MAGIX AG)
MAGIX Foto Manager 8 6.0.1.457 (D) (HKLM-x32\...\MAGIX Foto Manager 8 D) (Version: 6.0.1.457 - MAGIX AG)
MAGIX Fotobuch 3.6 (HKLM-x32\...\MAGIX Fotobuch) (Version: 3.6 - MAGIX AG)
MAGIX Fotos auf CD & DVD 8 deluxe 8.0.0.14 (D) (HKLM-x32\...\MAGIX Fotos auf CD & DVD 8 deluxe D) (Version: 8.0.0.14 - MAGIX AG)
MAGIX Online Druck Service 3.4.3.0 (D) (HKLM-x32\...\MAGIX Online Druck Service D) (Version: 3.4.3.0 - MAGIX AG)
MAGIX Screenshare 4.3.6.1987 (D) (HKLM-x32\...\MAGIX Screenshare D) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Xtreme Foto Designer 6 6.0.25.0 (D) (HKLM-x32\...\MAGIX Xtreme Foto Designer 6 D) (Version: 6.0.25.0 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.190 - McAfee, Inc.)
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7943 - Memeo Inc.)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Music Transfer Utility Ver.1 (HKLM-x32\...\{9E520B22-546E-4AD3-8958-7D1EB8587AB1}) (Version: 1.00.005 - PIXELA)
MyDriveConnect 3.3.0.1318 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1318 - TomTom)
Netzwerkhandbuch EPSON BX630FW Series (HKLM-x32\...\EPSON BX630FW Series Netg) (Version:  - )
Newblue Art Effects for PowerDirector (HKLM\...\NewBlue Art Effects for PowerDirector) (Version: 2.0 - NewBlue)
NSU (HKLM-x32\...\{323F7AD9-1F4D-49E1-973B-80E1B6F1623A}) (Version: 1.00.1000 - Medion AG)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.49 - PDF Complete, Inc)
Picture Collage Maker 3.3.7 (HKLM-x32\...\{D53599B0-AA76-4CC6-B9EF-CC2F27B56F24}_is1) (Version: 3.3.7 - PearlMountain Technology Co., Ltd)
PowerDirector (Version: 11.0 - Ihr Firmenname) Hidden
Protegere (HKLM-x32\...\Protegere) (Version:  - )
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.209 - Qualcomm Atheros Communications)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Reader for PC (HKLM-x32\...\{8A3072C3-8EA3-4CDE-B342-88E67FAB06E5}) (Version: 2.3.00.03130 - Sony Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Roadkil's Unstoppable Copier Version 5.2 (HKLM-x32\...\{A306FD29-7D3A-4287-91AC-9A0180931395}_is1) (Version:  - Roadkil.Net)
SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.4.201403101311 - Sony Mobile Communications AB)
Sony PC Companion 2.10.188 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.188 - Sony)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.10.89 - Akademische Arbeitsgemeinschaft)
Suite Specific (x32 Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TraXEx 4.0 (HKLM-x32\...\TraXEx_is1) (Version: 4.0.4.0 - Alexander Miehlke Softwareentwicklung)
UltraISO Premium V9.6 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Validity Fingerprint Sensor Driver (HKLM\...\{93581599-ECF1-4DCD-BE36-BD969A6C8DB5}) (Version: 4.4.213.0 - Validity Sensors, Inc.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CF}) (Version: 15.0.10039 - WinZip Computing, S.L. )
WISO Mein Geld 2014 Standard (HKLM-x32\...\WISO Mein Geld 2014 Standard) (Version:  - Buhl Data Service GmbH)
WISO Mein Geld 2014 Standard (x32 Version: 16.0.1.0 - Buhl Data Service GmbH) Hidden

==================== Restore Points  =========================

26-05-2014 12:11:38 Installed Reader for PC.
02-06-2014 14:47:06 Installed Java 7 Update 60
11-06-2014 09:40:04 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {10D61BE7-FEA1-4A2A-858F-EE23CE3312D7} - \02f210d6-f6c3-429f-a3bf-a5f16f19c2e1-3 No Task File <==== ATTENTION
Task: {1BA1AC96-1139-4FC4-90DE-72FE170A6755} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {1E83152F-F069-483D-94CA-94B2935518B2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-06-12] (Microsoft Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {28163569-7842-4623-9AD8-90C46A89C148} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {29485FA1-1B63-4ABD-9D3B-6F63303F462E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-10] (Google Inc.)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {49B092D1-E41C-4E9E-A6C1-A4B9A45500DA} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {4A059E0A-03D4-4FBB-A424-D517B85E2C50} - \EPUpdater No Task File <==== ATTENTION
Task: {4AEBBE0E-0E14-4F56-A2AC-E095CC95200E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {50BC8A03-52B8-4B5C-BE0E-A87D51D1D1C6} - \PC Health Advisor Defrag No Task File <==== ATTENTION
Task: {538A3468-11D3-4D4B-8C5C-87353C6FE929} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {58DAEEE9-BE54-4D80-84CD-F0DAC81E81F6} - \ParetoLogic Registration3 No Task File <==== ATTENTION
Task: {59AD864D-F0AE-4F78-AACF-596943A9948F} - \02f210d6-f6c3-429f-a3bf-a5f16f19c2e1-5 No Task File <==== ATTENTION
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73512D35-5A7D-4A07-A61B-33BF551D70B3} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7C3ACEED-3541-444E-853D-581F0AF83EE9} - \02f210d6-f6c3-429f-a3bf-a5f16f19c2e1-4 No Task File <==== ATTENTION
Task: {82D9D8A4-E3D4-4B2D-A827-ED4A0B681C71} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-10] (Google Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {89E2F9E5-886F-4DFB-BC8D-B97B5B80E9FE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {92425016-98F9-414D-BAE1-C1740E99F378} - \02f210d6-f6c3-429f-a3bf-a5f16f19c2e1-2 No Task File <==== ATTENTION
Task: {98E1640F-5926-4CBE-B6BB-5B53187B8DFD} - \PC Health Advisor No Task File <==== ATTENTION
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A25C4D46-DA8B-4372-9282-76EFB8E07835} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2013-05-31] (CyberLink)
Task: {A8E95D02-FAC6-4ECB-A781-E418FF201BF8} - \02f210d6-f6c3-429f-a3bf-a5f16f19c2e1-1 No Task File <==== ATTENTION
Task: {AE6E5732-B74E-427E-A1E3-5E2634A8FE3A} - System32\Tasks\hcdll2_ex_Win32 => C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe [2012-11-08] ()
Task: {B0B004F0-DA18-4D56-BE9F-BD26A5F31647} - System32\Tasks\HPCeeScheduleForNorbert Haag => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {B306BE8F-77A1-455F-B62A-E58C41628D3A} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {D8D25A27-707E-4F5A-B274-1E7BC34670FE} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DA722C46-0374-4CE8-A4BA-432F4823449E} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {DBE3B809-7F0F-44D6-9729-BDE8E9A6D45E} - \ParetoLogic Update Version3 No Task File <==== ATTENTION
Task: {DC0BAF41-25A4-45B4-B679-6082674460DD} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {DF323EF3-0934-4B81-97E4-DC2279BF9313} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {ECE551D1-BFF8-4352-ABB5-EA80357A1DCD} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {FA6CCCF3-B402-4E29-AD4A-4FD423D1A997} - System32\Tasks\hcdll2_ex_x64 => C:\Program Files (x86)\Hardcopy\hcdll2_ex_x64.exe [2012-11-08] ()
Task: {FF6548E0-A167-4EDF-833B-53BB63663808} - \BitGuard No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForNorbert Haag.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2014-05-14 11:36 - 2014-05-14 11:36 - 00120832 _____ () C:\WINDOWS\system32\Nlsdl64.exe
2014-05-14 11:36 - 2014-05-14 11:36 - 00124928 _____ () C:\Windows\System32\DlProtectSvc.exe
2005-04-06 17:53 - 2005-04-06 17:53 - 03502080 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
2013-03-07 18:22 - 2009-02-16 16:02 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-07-26 13:25 - 2013-03-06 14:42 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-02-16 13:03 - 2012-07-30 10:28 - 00125504 _____ () C:\Program Files (x86)\Hardcopy\HcDLL2_38_x64.dll
2013-02-16 13:03 - 2012-11-08 08:39 - 00037440 _____ () C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
2013-02-16 13:03 - 2012-11-08 08:38 - 00044608 _____ () C:\Program Files (x86)\Hardcopy\hcdll2_ex_x64.exe
2012-12-14 03:42 - 2012-12-14 03:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-26 12:30 - 2011-10-20 22:22 - 01789440 _____ () C:\Program Files (x86)\Medion AG\NSU\NSU.exe
2012-02-10 23:26 - 2012-02-10 23:26 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2013-02-06 20:19 - 2013-02-06 20:19 - 00142336 _____ () C:\Program Files (x86)\comdirect BörsenTicker\comdirect BörsenTicker.exe
2005-04-06 17:52 - 2005-04-06 17:52 - 00028791 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\hpi.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00057453 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\verify.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00102515 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\java.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00053364 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\zip.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00057455 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\net.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00032880 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\nio.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00434255 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\ps-rw-vc-v8_58.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 01019904 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\ps-vc-v8_58.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-16 13:03 - 2012-07-05 15:56 - 00052800 _____ () C:\Program Files (x86)\Hardcopy\hardcopy_05.dll
2013-02-16 13:03 - 2012-07-30 10:27 - 00116800 _____ () C:\Program Files (x86)\Hardcopy\HcDLL2_38_Win32.dll
2013-07-26 12:30 - 2011-07-01 11:46 - 00806912 _____ () C:\Program Files (x86)\Medion AG\NSU\LIBEAY32.dll
2013-10-21 09:33 - 2013-10-21 09:33 - 00026520 _____ () C:\Program Files (x86)\MyDrive Connect\DeviceDetection.dll
2013-10-21 09:33 - 2013-10-21 09:33 - 00082840 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterBase.dll
2013-10-21 09:33 - 2013-10-21 09:33 - 00337816 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterProxy.dll
2013-05-20 11:24 - 2008-09-18 22:14 - 00364544 ____N () C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\pxl_m17n_tool.dll
2014-06-11 22:48 - 2014-06-11 22:48 - 00043008 _____ () C:\Users\Norbert Haag\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvspzev.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Norbert Haag\AppData\Roaming\Dropbox\bin\libcef.dll
2013-02-16 13:03 - 2013-01-28 08:15 - 02920952 _____ () C:\Program Files (x86)\Hardcopy\HcDllS.dll
2014-05-11 11:09 - 2014-05-11 11:09 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-04-27 20:36 - 2014-04-27 20:36 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\7b676a821669300b7d99da8e03e8f110\PSIClient.ni.dll
2012-06-29 16:38 - 2013-10-25 17:12 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\HPRDC.OS:$WIMMOUNTDATA
AlternateDataStreams: C:\Users\Norbert Haag\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

HKLM\...\StartupApproved\StartupFolder: => "TraXEx 4.0.lnk"
HKLM\...\StartupApproved\Run: => "BtvStack"
HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "Memeo Instant Backup"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKLM\...\StartupApproved\Run32: => "Reader Application Helper"
HKCU\...\StartupApproved\Run: => "Power2GoExpress8"
HKCU\...\StartupApproved\Run: => "MyTomTomSA.exe"
HKCU\...\StartupApproved\Run: => "Sony PC Companion"
HKCU\...\StartupApproved\Run: => "ABBYY Screenshot Reader Bonus"

==================== Faulty Device Manager Devices =============

Name: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS Adapter
Description: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/13/2014 07:42:33 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (06/13/2014 05:28:58 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (06/12/2014 10:58:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20714688

Error: (06/12/2014 10:58:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20714688

Error: (06/12/2014 10:58:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/12/2014 04:09:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (06/12/2014 04:09:55 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (06/12/2014 04:09:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (06/12/2014 04:09:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (06/12/2014 04:09:41 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.


System errors:
=============
Error: (06/12/2014 05:12:48 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (06/12/2014 04:01:43 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (06/12/2014 09:09:58 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (06/11/2014 11:04:23 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (06/11/2014 10:47:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update raving reyven" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/11/2014 01:30:31 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (06/11/2014 00:01:18 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (06/10/2014 10:42:34 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (06/10/2014 10:35:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update raving reyven" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/10/2014 10:32:46 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4


Microsoft Office Sessions:
=========================
Error: (06/13/2014 07:42:33 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (06/13/2014 05:28:58 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (06/12/2014 10:58:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20714688

Error: (06/12/2014 10:58:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20714688

Error: (06/12/2014 10:58:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/12/2014 04:09:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Norbert Haag\Downloads\Trojaner Abwehr\esetsmartinstaller_deu.exe

Error: (06/12/2014 04:09:55 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Norbert Haag\Downloads\Trojaner Abwehr\esetsmartinstaller_deu.exe

Error: (06/12/2014 04:09:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Norbert Haag\Downloads\Trojaner Abwehr\esetsmartinstaller_deu.exe

Error: (06/12/2014 04:09:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Norbert Haag\Downloads\Trojaner Abwehr\esetsmartinstaller_deu.exe

Error: (06/12/2014 04:09:41 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Norbert Haag\Downloads\Trojaner Abwehr\esetsmartinstaller_deu.exe


CodeIntegrity Errors:
===================================
  Date: 2014-06-12 08:54:06.368
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-08 09:31:55.709
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-06 10:36:53.045
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-06 10:36:52.972
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-06 10:36:52.910
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-06 10:36:52.742
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-06 10:36:52.631
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-06 10:36:52.461
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-06 10:36:52.314
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-04 11:11:22.712
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Percentage of memory in use: 37%
Total physical RAM: 8075.59 MB
Available physical RAM: 5039.76 MB
Total Pagefile: 9355.59 MB
Available Pagefile: 6142.79 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:675.29 GB) (Free:492.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.96 GB) FAT32
Drive g: (HP_RECOVERY) (Fixed) (Total:21.05 GB) (Free:3.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 4D8DCA1E)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=675 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

==================== End Of Log ============================

[/CODE]

schrauber · 13.06.2014, 21:18

Java updaten.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

nobiruhr · 15.06.2014, 16:46

Hallo schrauber,

alles erledigt, habe nur noch eine Frage zu:
Secunia Online Software

Die Empfehlung verweist auf einen Link von 2010.
Unter Windows 8 scheint die SW nicht oder nicht richtig zu laufen.
Gibt es Alternativen ?

Nochmals herzlichen Dank

Ruhrnobi

schrauber · 16.06.2014, 09:26

Versuch mal den FileHippo Updatechecker

16.06.2014, 09:26	#12
schrauber /// the machine /// TB-Ausbilder	Download Protect in Firefox läßt sich nicht dauerhaft entfernen - Windows 8.1 Versuch mal den FileHippo Updatechecker __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Download Protect in Firefox läßt sich nicht dauerhaft entfernen - Windows 8.1

Log-Analyse und Auswertung: Download Protect in Firefox läßt sich nicht dauerhaft entfernen - Windows 8.1