|
Plagegeister aller Art und deren Bekämpfung: ebenfalls deutlicher LeistungsabfallWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.10.2014, 11:20 | #1 |
| ebenfalls deutlicher Leistungsabfall Liebes Trojaner-Board-Team, ich habe ähnliche Probleme wie Munich089. Da aber jeder PC anders ist, bitte ich auch mir zu helfen. Hier die Beschreibung : - langsames Hochfahren und runterfahren - langsames Öffnen von Fenstern, Dateien und Programmen - langsamer Browser Kaspersky Internet security lässt sich nicht mehr updaten, keine Verbindung zum Server LED der Festplatte zeigt an, dass sie andauernd arbeitet, auch wenn ich nichts am PC mache, Festplatten-Check war unauffällig, defogger gab keine Fehler aus Bin folglich etwas ratlos. Mir kommts so vor, als ob irgendwas im Hintergrund läuft, was die Leistung deutlich reduziert. Besten Dank vorab für Eure Hilfestellung! Waldschratt5 Hier das Ergebnis von FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-10-2014 01 Ran by Waldmann (administrator) on WALDMANN-PC on 05-10-2014 11:48:35 Running from C:\Users\Waldmann\Desktop\Downloads Loaded Profiles: Waldmann & (Available profiles: Waldmann & UpdatusUser) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe (IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe () C:\Windows\System32\WTMKM.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files (x86)\RocketDock\RocketDock.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE (Improv Electronics) C:\Program Files (x86)\Improv Electronics\Virtual Desktop Companion\BoogieBoardRip.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe (BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (Petzl) C:\Program Files (x86)\Petzl\OSByPetzl\WinPetzlController.exe (Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe () C:\Program Files (x86)\DocFetcher\docfetcher-daemon-windows.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Dropbox, Inc.) C:\Users\Waldmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Christian Löbering - PC-WELT) C:\Users\Waldmann\AppData\Roaming\PC-WEL~1\PCWPER~1.EXE (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) C:\Windows\System32\PrintCtrl.exe () C:\Program Files\ProgDVB\ProgDvbService.exe () C:\Windows\SysWOW64\PSIService.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe () C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe (PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe () C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe () C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe () C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe () C:\Windows\System32\atwtusb.exe () C:\Windows\System32\atwtusb.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Microsoft Corporation) C:\Windows\System32\FXSSVC.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe () C:\Users\Waldmann\Desktop\Downloads\Defogger.exe (Farbar) C:\Users\Waldmann\Desktop\Downloads\FRST64(1).exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [CmPCIaudio] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd HKLM\...\Run: [MacrokeyManager] => C:\Windows\system32\WTMKM.exe [10893312 2012-01-03] () HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [517912 2013-02-15] (Acronis) HKLM-x32\...\Run: [TrayServer] => C:\Program Files (x86)\MAGIX\Video_deluxe_MX\TrayServer_de.exe [90112 2008-08-07] (MAGIX AG) HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [222504 2010-12-23] (CyberLink Corp.) HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe [315478 2009-09-02] (IVT Corporation) HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-02] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [106344 2011-05-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6405376 2013-03-28] (Acronis) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105848 2013-01-10] (Acronis) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.) HKLM-x32\...\Run: [DocFetcher-Daemon] => C:\Program Files (x86)\DocFetcher\docfetcher-daemon-windows.exe [563621 2014-03-03] () HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl) HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.) HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.) Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.) HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [] => [X] HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [Firefox] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568 2014-09-28] (Mozilla Corporation) HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIJCE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [Boogie Board Rip] => C:\Program Files (x86)\Improv Electronics\Virtual Desktop Companion\BoogieBoardRip.exe [1002496 2012-09-04] (Improv Electronics) HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom) HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [496192 2014-02-25] (BillP Studios) HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [Run-OSByPetzl] => C:\Program Files (x86)\Petzl\OSByPetzl\WinPetzlController.exe [1178624 2014-06-04] (Petzl) HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation) HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Policies\system: [DisableClock] 0 HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Policies\Explorer: [NoNetworkConnections] 0 HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Policies\Explorer: [NoCommonGroups] 0 HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\MountPoints2: D - D:\AutoRun\AutoRun.exe HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\MountPoints2: {7d1c8674-c94d-11e2-8f65-001d7d01386f} - K:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1982316411-69064254-2039899064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\S-1-5-21-1982316411-69064254-2039899064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.) HKU\S-1-5-21-1982316411-69064254-2039899064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => [X] HKU\S-1-5-21-1982316411-69064254-2039899064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Firefox] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568 2014-09-28] (Mozilla Corporation) HKU\S-1-5-21-1982316411-69064254-2039899064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIJCE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1982316411-69064254-2039899064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Boogie Board Rip] => C:\Program Files (x86)\Improv Electronics\Virtual Desktop Companion\BoogieBoardRip.exe [1002496 2012-09-04] (Improv Electronics) HKU\S-1-5-21-1982316411-69064254-2039899064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom) HKU\S-1-5-21-1982316411-69064254-2039899064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [496192 2014-02-25] (BillP Studios) HKU\S-1-5-21-1982316411-69064254-2039899064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Run-OSByPetzl] => C:\Program Files (x86)\Petzl\OSByPetzl\WinPetzlController.exe [1178624 2014-06-04] (Petzl) HKU\S-1-5-21-1982316411-69064254-2039899064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation) HKU\S-1-5-21-1982316411-69064254-2039899064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableClock] 0 HKU\S-1-5-21-1982316411-69064254-2039899064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoNetworkConnections] 0 HKU\S-1-5-21-1982316411-69064254-2039899064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-21-1982316411-69064254-2039899064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoCommonGroups] 0 HKU\S-1-5-21-1982316411-69064254-2039899064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-21-1982316411-69064254-2039899064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: D - D:\AutoRun\AutoRun.exe HKU\S-1-5-21-1982316411-69064254-2039899064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {7d1c8674-c94d-11e2-8f65-001d7d01386f} - K:\HTC_Sync_Manager_PC.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\In PDF-Datei mit ScanSnap Organizer konvertieren.lnk ShortcutTarget: In PDF-Datei mit ScanSnap Organizer konvertieren.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2015 Zahlungserinnerung.lnk ShortcutTarget: Quicken 2015 Zahlungserinnerung.lnk -> C:\Windows\Installer\{44A9A647-0BBA-4776-8B61-1092EDFEA0C2}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe (Macrovision Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\Waldmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Waldmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Waldmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Waldmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pcwPerfectSearch.LNK ShortcutTarget: pcwPerfectSearch.LNK -> C:\Users\Waldmann\AppData\Roaming\PC-WELT-PerfectSearch\pcwPerfectSearch.exe (Christian Löbering - PC-WELT) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC1159ADF4534CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKCU - {D762D0F5-A284-4FB8-866B-4D3665FD1CCE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9SRC BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit) BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll (Nuance Communications, Inc.) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll (Nuance Communications, Inc.) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: DNS Error Helper -> {9B6B03F1-16CF-4491-BBBB-E872802DD717} -> No File BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Waldmann\AppData\Roaming\Mozilla\Firefox\Profiles\bnw3j0un.default-1410462397457 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll (Nuance Communications, Inc.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com () FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com () FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll (Nuance Communications, Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Waldmann\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Waldmann\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF user.js: detected! => C:\Users\Waldmann\AppData\Roaming\Mozilla\Firefox\Profiles\bnw3j0un.default-1410462397457\user.js FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-09-28] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-09-28] FF Extension: ELO Archiv-Transfer - C:\Program Files (x86)\Mozilla Firefox\extensions\EloFirefoxAddon.xpi [2014-09-28] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Modul zum Sperren von gefährlichen Webseiten - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-09-28] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtuelle Tastatur - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-09-28] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址過濾 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-09-28] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-09-28] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com FF Extension: Sicherer Zahlungsverkehr - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-09-28] Chrome: ======= CHR Profile: C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-28] CHR Extension: (Google Drive) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-28] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07] CHR Extension: (YouTube) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-28] CHR Extension: (Google-Suche) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-28] CHR Extension: (Kaspersky Protection) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-09-30] CHR Extension: (DNSHelper) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaffpnfojcdkcdimoobneboagdnnenbo [2014-02-06] CHR Extension: (Ghostery) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-01-26] CHR Extension: (Google Wallet) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-28] CHR Extension: (Google Mail) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-28] CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [] CHR HKLM-x32\...\Chrome\Extension: [gaffpnfojcdkcdimoobneboagdnnenbo] - C:\Users\Waldmann\AppData\Roaming\DNSHelper Chrome\DNSHelper.crx [2014-02-06] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AcfXAudioService; C:\Windows\SysWOW64\ACFXAU64.dll [436736 2009-04-29] (Conexant Systems, Inc.) R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO) R2 BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [1466476 2009-09-02] (IVT Corporation) [File not signed] R3 BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [192000 2009-09-02] (IVT Corporation) [File not signed] R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [137280 2014-07-23] (Nuance Communications, Inc.) R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed] R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 FoxitCloudUpdateService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation) R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [576512 2012-01-25] (Hauppauge Computer Works) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [61992 2014-02-18] (Haufe-Lexware GmbH & Co. KG) R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed] S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-07-09] (IObit) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-04-28] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-04-28] (Hewlett-Packard) [File not signed] R2 Printer Control; C:\Windows\system32\PrintCtrl.exe [79360 2011-11-11] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [File not signed] R2 ProgDVBService; C:\Program Files\ProgDVB\ProgDVBService.exe [60864 2012-01-13] () R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] () R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software) R2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [545608 2012-09-24] () R2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [553800 2012-09-24] (PacketVideo) R2 TwonkyWebDav; C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe [275272 2012-09-24] () R2 UsbService; C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [334848 2010-08-10] () [File not signed] R2 WTService; C:\Windows\system32\atwtusb.exe [582144 2012-01-03] () [File not signed] S4 x; C:\Program Files (x86)\abylonsoft\SAKeySafe\SATCtrlSerX64.exe [551976 2011-09-09] () S2 HPSLPSVC; C:\Users\Waldmann\AppData\Local\Temp\7zS1CC4\hpslpsvc64.dll [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation) R3 acfva; C:\Windows\System32\DRIVERS\ACFVA64.sys [123008 2009-09-02] (Conexant Systems Inc.) S1 ASPI32; C:\Windows\SysWow64\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec) [File not signed] S3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [36360 2009-06-17] (IVT Corporation.) S3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [36360 2009-06-17] (IVT Corporation.) S3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [36872 2009-06-17] (IVT Corporation.) R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [20488 2009-06-17] (IVT Corporation.) R3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47880 2009-08-28] (IVT Corporation.) R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24840 2009-08-26] (IVT Corporation.) R3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [34440 2009-08-26] () R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2010-04-27] (C-Media Inc) R3 dgcfltr; C:\Windows\System32\DRIVERS\ACFDCP64.sys [34944 2009-04-29] (Conexant Systems, Inc.) R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [23464 2008-12-09] (EldoS Corporation) S3 hcwAVD2; C:\Windows\System32\drivers\HCWUSB264.sys [197632 2007-07-24] (Conexant Systems, Inc.) R3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [30344 2009-08-26] (IVT Corporation.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [140352 2014-09-28] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [792128 2014-09-28] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-05] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R2 mdmxsdk; C:\Windows\System32\DRIVERS\ACFSDK64.sys [17024 2007-03-15] (Conexant) R3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-14] (Microsoft Corporation) R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows (R) Codename Longhorn DDK provider) S3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI) S3 PcaSp50; C:\Windows\System32\Drivers\PcaSp50.sys [45624 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA)) S3 PcaSp50; C:\Windows\SysWOW64\Drivers\PcaSp50.sys [52800 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA)) S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA)) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [102912 2012-03-15] (Renesas Electronics Corporation) R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [220672 2012-03-15] (Renesas Electronics Corporation) R3 S332x64; C:\Windows\System32\DRIVERS\S332x64.sys [78080 2012-02-27] (Identive ) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 STCFUx64; C:\Windows\System32\DRIVERS\STCFUx64.SYS [10368 2008-11-13] (SCM Microsystems Inc.) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-08-04] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2013-08-04] (Acronis) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software) R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [17032 2009-08-26] (IVT Corporation.) R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [43912 2009-08-28] (IVT Corporation.) R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows (R) Win 7 DDK provider) R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-08-04] (Acronis International GmbH) R3 vuhub; C:\Windows\System32\DRIVERS\vuhub.sys [47616 2007-12-17] () R2 XAudio; C:\Windows\System32\DRIVERS\ACFXAU64.sys [10240 2009-04-29] (Conexant Systems, Inc.) S0 BTHidEnum; System32\Drivers\vbtenum.sys [X] S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X] S3 MSI_MSIBIOS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-05 11:47 - 2014-10-05 11:48 - 00000000 ____D () C:\FRST 2014-10-05 11:44 - 2014-10-05 11:44 - 00000000 _____ () C:\Users\Waldmann\defogger_reenable 2014-10-03 18:37 - 2014-10-03 18:37 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\26057 2014-10-01 08:06 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-10-01 08:06 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-09-28 17:24 - 2014-09-29 08:48 - 00002349 _____ () C:\Users\Waldmann\Desktop\Sicherer Zahlungsverkehr.lnk 2014-09-28 13:50 - 2014-09-29 08:35 - 00001215 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk 2014-09-28 13:49 - 2014-09-28 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2014-09-28 13:40 - 2014-09-28 18:07 - 00792128 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-09-28 13:40 - 2014-09-28 18:07 - 00140352 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-09-28 13:37 - 2014-09-28 13:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-25 13:52 - 2014-09-25 13:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\354F2ED7.sys 2014-09-24 15:11 - 2014-09-24 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo 2014-09-24 15:11 - 2014-09-24 15:11 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo 2014-09-24 14:44 - 2014-09-24 14:44 - 00000000 ____D () C:\Program Files (x86)\MemoMaster5 2014-09-24 13:14 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-24 13:14 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-09-23 20:10 - 2014-09-23 20:10 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\hdbADS 2014-09-23 18:21 - 2014-09-23 18:21 - 00003194 _____ () C:\Windows\System32\Tasks\{DDFD18B3-A314-4F67-A409-1CBFA38834A3} 2014-09-23 13:02 - 2014-09-23 18:30 - 00000000 ____D () C:\Users\Waldmann\Documents\NetObjects Fusion 2013 2014-09-23 13:01 - 2014-09-23 13:01 - 00001403 _____ () C:\Users\Public\Desktop\NetObjects Fusion 2013.lnk 2014-09-23 12:45 - 2014-09-23 13:01 - 00000000 ____D () C:\Users\Public\Documents\NetObjects Fusion 2013 2014-09-17 13:42 - 2014-09-17 13:42 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\30922D86.sys 2014-09-16 23:00 - 2014-09-16 23:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\5725369C.sys 2014-09-15 18:52 - 2014-09-15 18:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\777239C1.sys 2014-09-15 18:04 - 2014-09-15 18:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\1B1076D8.sys 2014-09-15 16:59 - 2014-09-15 16:59 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\4D5A7B3D.sys 2014-09-15 15:53 - 2014-09-15 15:53 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\7F0C2A79.sys 2014-09-15 14:35 - 2014-09-21 15:27 - 00000000 ____D () C:\Users\Waldmann\Desktop\Weidendamm 2014-09-14 12:27 - 2014-09-14 12:27 - 00262144 _____ () C:\Windows\system32\config\elam 2014-09-13 20:03 - 2014-09-13 20:03 - 00002898 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-09-13 18:16 - 2014-09-28 13:49 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab 2014-09-13 10:26 - 2014-09-13 10:31 - 06386309 _____ () C:\Windows\SysWOW64\kavremvr 2014-09-13 10-26-49 (pid 8972).log 2014-09-12 21:21 - 2014-09-12 21:21 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\KC Softwares 2014-09-12 21:21 - 2014-09-12 21:21 - 00000000 ____D () C:\Program Files (x86)\KC Softwares 2014-09-12 21:15 - 2014-09-16 18:07 - 00000000 ____D () C:\ProgramData\Informer Technologies, Inc 2014-09-12 20:50 - 2014-09-12 21:14 - 00000000 ____D () C:\Program Files (x86)\Software Informer 2014-09-12 20:22 - 2014-09-12 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-09-12 20:21 - 2014-09-12 20:22 - 00000000 ____D () C:\Program Files\iTunes 2014-09-12 20:21 - 2014-09-12 20:22 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-09-12 20:21 - 2014-09-12 20:21 - 00000000 ____D () C:\Program Files\iPod 2014-09-12 20:18 - 2014-09-12 20:19 - 00001721 _____ () C:\Users\Waldmann\Documents\Neue Datenbank1.odb 2014-09-12 20:16 - 2014-09-12 20:17 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1 2014-09-12 20:01 - 2014-09-12 20:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-09-11 03:56 - 2014-09-16 22:59 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys 2014-09-11 03:23 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-11 03:23 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-11 03:23 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-11 03:23 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-11 03:23 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-11 03:23 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-11 03:23 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-11 03:23 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-11 03:23 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-11 03:23 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-11 03:23 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-11 03:23 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-11 03:23 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-11 03:23 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-11 03:23 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-11 03:23 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-11 03:23 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-11 03:23 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-11 03:23 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-11 03:23 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-11 03:23 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-11 03:23 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-11 03:23 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-11 03:23 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-11 03:23 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-11 03:23 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-11 03:23 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-09-11 03:23 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-11 03:23 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-11 03:23 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-11 03:23 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-11 03:23 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-11 03:23 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-11 03:23 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-11 03:23 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-11 03:23 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-09-11 03:23 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-11 03:23 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-11 03:23 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-11 03:23 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-11 03:23 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-11 03:23 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-11 03:23 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-11 03:23 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-11 03:23 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-11 03:23 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-11 03:23 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-11 03:23 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-11 03:23 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-11 03:23 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-11 03:23 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-09-11 03:23 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-11 03:23 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-11 03:23 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-11 03:23 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-11 03:23 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-09-11 03:05 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-11 03:05 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-10 13:18 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-10 13:18 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-10 13:18 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-10 13:18 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-10 13:18 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-10 13:18 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-10 13:18 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-10 13:18 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-10 13:18 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-09 14:15 - 2014-09-09 14:15 - 02273432 _____ (DataDesign AG) C:\Windows\SysWOW64\DDBACCPL.CPL 2014-09-09 14:15 - 2014-09-09 14:15 - 01659544 _____ (DataDesign AG) C:\Windows\SysWOW64\ddBACCTM.cpl ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-05 11:48 - 2012-06-10 21:27 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1982316411-69064254-2039899064-1000UA.job 2014-10-05 11:48 - 2011-11-16 20:57 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2C033427-CB53-4FBD-9F43-42FCC0E9E66B} 2014-10-05 11:46 - 2014-07-09 17:48 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-10-05 11:44 - 2014-07-05 11:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-05 11:44 - 2011-10-09 15:59 - 00000000 ____D () C:\Users\Waldmann 2014-10-05 11:42 - 2013-02-16 18:36 - 00000000 ____D () C:\ProgramData\twonkyserver 2014-10-05 11:42 - 2012-04-01 20:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-05 11:39 - 2014-07-30 17:13 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\KeePass 2014-10-05 11:39 - 2009-07-14 06:45 - 00027152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-05 11:39 - 2009-07-14 06:45 - 00027152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-05 11:38 - 2011-10-09 15:52 - 01427557 _____ () C:\Windows\WindowsUpdate.log 2014-10-05 11:33 - 2013-12-28 12:42 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-05 11:30 - 2014-08-02 12:03 - 00000000 ___RD () C:\Users\Waldmann\Dropbox 2014-10-05 11:30 - 2014-08-02 11:58 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\Dropbox 2014-10-05 11:29 - 2009-07-14 04:34 - 00000593 _____ () C:\Windows\win.ini 2014-10-05 11:28 - 2012-12-10 14:30 - 00000000 ___RD () C:\Users\Waldmann\Desktop\FAX 2014-10-05 11:28 - 2012-10-12 17:14 - 00005063 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI 2014-10-05 11:28 - 2012-10-12 17:14 - 00000092 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI 2014-10-05 11:28 - 2009-09-07 15:42 - 00001001 _____ () C:\Windows\SysWOW64\bscs.ini 2014-10-05 11:27 - 2013-12-25 14:00 - 00000000 ____D () C:\ProgramData\ProductData 2014-10-05 11:25 - 2013-12-28 12:42 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-05 11:24 - 2014-07-13 14:40 - 00005533 _____ () C:\Windows\setupact.log 2014-10-05 11:24 - 2013-08-22 17:23 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-10-05 11:24 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-05 10:58 - 2012-06-10 21:27 - 00001080 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1982316411-69064254-2039899064-1000Core.job 2014-10-03 19:19 - 2011-11-06 14:11 - 00000000 ____D () C:\Users\Waldmann\Documents\Outlook-Dateien 2014-10-03 19:00 - 2014-01-19 12:29 - 00000000 ____D () C:\Users\Waldmann\AppData\Local\CrashDumps 2014-10-03 18:46 - 2014-07-11 16:21 - 00000000 ____D () C:\Program Files (x86)\DVDFab 9 2014-10-03 18:41 - 2014-08-18 10:47 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\Skype 2014-10-03 18:40 - 2014-07-11 16:21 - 00001014 _____ () C:\Users\Public\Desktop\DVDFab 9.lnk 2014-10-03 18:40 - 2014-07-11 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 9 2014-10-03 15:15 - 2012-02-06 20:10 - 05051904 ___SH () C:\Users\Waldmann\Desktop\Thumbs.db 2014-10-03 14:57 - 2012-11-24 23:23 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\vlc 2014-10-03 12:56 - 2013-02-03 15:45 - 00000000 ____D () C:\Users\Waldmann\Desktop\ELO scan 2014-10-03 12:26 - 2011-10-10 20:19 - 00000000 ____D () C:\ProgramData\Lexware 2014-10-02 18:25 - 2011-04-12 09:43 - 00702942 _____ () C:\Windows\system32\perfh007.dat 2014-10-02 18:25 - 2011-04-12 09:43 - 00150582 _____ () C:\Windows\system32\perfc007.dat 2014-10-02 18:25 - 2009-07-14 07:13 - 01629348 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-29 08:42 - 2014-07-30 13:01 - 00471932 _____ () C:\Windows\PFRO.log 2014-09-29 08:42 - 2012-05-13 16:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-28 17:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\L2Schemas 2014-09-27 12:02 - 2012-09-16 16:05 - 00000000 ____D () C:\Users\Waldmann\Desktop\Büro 2014-09-27 12:01 - 2011-10-21 18:17 - 00000000 ____D () C:\Users\Waldmann\Documents\MemoMaster 2014-09-27 11:49 - 2012-08-15 11:33 - 00000000 ____D () C:\Users\Waldmann\Desktop\PSVB 2014-09-27 11:45 - 2011-11-01 12:03 - 00000000 ____D () C:\Users\Waldmann\Desktop\Security 2014-09-27 11:25 - 2012-10-09 12:53 - 00003830 _____ () C:\Windows\System32\Tasks\InstallShield Software-Online-Aktualisierungsprogramm 2014-09-27 11:23 - 2011-10-21 18:16 - 00000000 ____D () C:\Users\Waldmann\AppData\Local\Downloaded Installations 2014-09-25 14:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-09-24 14:44 - 2011-10-21 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MemoMaster 2014-09-24 14:19 - 2011-10-21 18:16 - 00000000 ____D () C:\Program Files (x86)\MemoMaster4 2014-09-24 14:09 - 2011-12-23 15:38 - 00000000 ___RD () C:\Users\Waldmann\Desktop\E-Praxis 2014-09-24 13:02 - 2012-04-01 20:32 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-24 13:02 - 2012-04-01 20:32 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-24 13:02 - 2011-10-25 18:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-23 13:40 - 2014-08-02 12:00 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-09-23 13:10 - 2011-10-09 16:44 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-09-23 13:01 - 2011-10-16 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetObjects 2014-09-23 12:52 - 2011-10-16 12:58 - 00000000 ____D () C:\Program Files (x86)\NetObjects 2014-09-19 12:53 - 2014-06-27 16:29 - 00002759 _____ () C:\Users\Public\Desktop\Quicken 2015.lnk 2014-09-18 12:29 - 2014-08-19 18:48 - 00000000 ____D () C:\Users\Waldmann\AppData\Local\Adobe 2014-09-16 18:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help 2014-09-15 09:06 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-09-14 12:58 - 2014-07-05 11:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-14 12:58 - 2014-07-05 11:19 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-14 12:43 - 2012-06-24 17:18 - 00000000 ___RD () C:\Users\Waldmann\Desktop\Foto-Video-Bearbeitung 2014-09-13 18:16 - 2014-07-09 17:49 - 00000000 ____D () C:\Windows\ELAMBKUP 2014-09-13 01:11 - 2009-07-14 06:45 - 00765304 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-12 21:30 - 2012-01-03 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour-Druckdienste 2014-09-12 21:30 - 2012-01-03 14:51 - 00000000 ____D () C:\Program Files\Bonjour Print Services 2014-09-12 21:27 - 2014-01-26 14:35 - 00000000 ____D () C:\Program Files (x86)\Artweaver Free 4 2014-09-12 21:27 - 2012-02-05 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Artweaver Free 2014-09-12 21:17 - 2012-04-06 12:17 - 00001918 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk 2014-09-12 21:17 - 2012-04-06 12:17 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP 2014-09-12 21:16 - 2013-02-16 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-09-12 21:16 - 2013-02-16 16:50 - 00000000 ____D () C:\Program Files\CCleaner 2014-09-12 20:59 - 2011-10-12 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2014-09-12 20:49 - 2011-10-09 16:29 - 00229480 _____ () C:\Users\Waldmann\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-12 20:30 - 2014-01-26 14:14 - 00001088 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk 2014-09-12 20:22 - 2013-08-19 10:00 - 00001802 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-09-12 20:22 - 2012-09-15 12:33 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-09-12 20:17 - 2014-02-02 14:14 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2014-09-12 19:59 - 2013-01-12 15:31 - 00000000 ____D () C:\Program Files\MySQL 2014-09-12 19:59 - 2012-02-05 22:01 - 00000449 _____ () C:\Windows\ODBCINST.INI 2014-09-12 19:58 - 2013-01-12 15:26 - 00000000 ____D () C:\Program Files (x86)\Realify PaperOffice 2014-09-11 03:22 - 2011-11-01 13:26 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-11 03:20 - 2011-11-21 17:51 - 01602692 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-11 03:18 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-11 03:06 - 2011-10-10 13:04 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-09 17:22 - 2011-10-21 17:22 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\apm 2014-09-08 20:07 - 2014-01-28 19:58 - 00000000 ____D () C:\Users\Waldmann\Desktop\Fotoordner 2014-09-08 20:06 - 2011-11-01 11:48 - 00000000 ____D () C:\Users\Waldmann\Desktop\outdoor 2014-09-07 14:18 - 2014-05-13 12:40 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\DocFetcher Files to move or delete: ==================== C:\Users\Waldmann\30593-8-CutOut-4-Pro.exe C:\Users\Waldmann\ATIH2013PP_de-DE.exe C:\Users\Waldmann\JavaSetup7u25.exe C:\Users\Waldmann\Lightroom_5_LS11_win_5_2.exe C:\Users\Waldmann\Setup (1).exe C:\Users\Waldmann\TuneUpUtilities2014 (1).exe C:\Users\Waldmann\TuneUpUtilities2014 (2).exe C:\Users\Waldmann\TuneUpUtilities2014.exe C:\Users\Waldmann\weprintwin.exe Some content of TEMP: ==================== C:\Users\Waldmann\AppData\Local\Temp\5x2hic0_.dll C:\Users\Waldmann\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0eoul0.dll C:\Users\Waldmann\AppData\Local\Temp\Foxit Reader Updater.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-26 15:58 ==================== End Of Log ============================ Geändert von Waldschratt5 (05.10.2014 um 11:26 Uhr) |
05.10.2014, 12:09 | #2 |
/// the machine /// TB-Ausbilder | ebenfalls deutlicher Leistungsabfall Hi,
__________________Addition.txt fehlt noch.
__________________ |
05.10.2014, 13:44 | #3 |
| ebenfalls deutlicher LeistungsabfallCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-10-2014 01 Ran by Waldmann at 2014-10-05 11:50:10 Running from C:\Users\Waldmann\Desktop\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 123 Photo Version 2.0 (HKLM-x32\...\{68F08E04-F190-49B4-B159-3FA7E72A4EC8}_is1) (Version: 2.0 - Harald Wittke) 64 Bit HP CIO Components Installer (Version: 17.2.1 - Hewlett-Packard) Hidden 7-Zip 9.21 (HKLM-x32\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov) aborange Searcher - Deinstallation (HKLM-x32\...\aborange Searcher_is1) (Version: 3.01 - Mathias Gerlach [aborange.de]) abylon KEYSAFE 9.30.5 (HKLM-x32\...\abylonprotectionmanagersafe_is1) (Version: 9.30.5 - abylonsoft) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated) Adobe Download Assistant (x32 Version: 1.2.5 - Adobe Systems Incorporated) Hidden Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden Anleitung für Epson Connect (HKLM-x32\...\Epson Connect Guide) (Version: - ) Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Artweaver Free 3.0 (HKLM-x32\...\{96A9A1C8-FBAD-4703-ABF1-E93AA8FE85A0}_is1) (Version: 3.0 - Boris Eyrich Software) Artweaver Free 4 (HKLM-x32\...\{6567E404-A019-4D0C-BD18-10564126A579}_is1) (Version: 4.0 - Boris Eyrich Software) Ashampoo Burning Studio 6 FREE v.6.83 (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.8.3 - Ashampoo GmbH & Co. KG) ASUS RT-AC66U Wireless Router Utilities (HKLM-x32\...\{266E41AB-D928-4AF2-A8E4-B24E31F5758C}) (Version: 4.2.6.0 - ASUS) ATI AVIVO64 Codecs (Version: 11.6.0.50930 - ATI Technologies Inc.) Hidden ATI Catalyst Install Manager (HKLM\...\{4E594F8A-B042-B61D-DADC-08822B630781}) (Version: 3.0.795.0 - ATI Technologies, Inc.) ATI Problem Report Wizard (Version: 3.0.795.0 - ATI Technologies) Hidden Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber) Audiograbber MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG) Avery Wizard 4.0 (HKLM-x32\...\{F5D84887-8A6F-4993-8560-B3AA44CB620D}) (Version: 4.0.201 - Avery) Bluesoleil 5.4.277.0 (HKLM\...\{FBBAB883-0BEE-4744-8062-281B213ADC1E}) (Version: 5.4.277.0 - IVT Corporation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bonjour-Druckdienste (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.) Buchliebhaber 8.3.0 (HKLM-x32\...\Buchliebhaber_is1) (Version: - Matthies & Klock GmbH) CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden CardMinder V3.2 (HKLM-x32\...\{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}) (Version: V3.2L10 - PFU) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0930.2237.38732 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0930.2237.38732 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2010.0930.2237.38732 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2010.0930.2237.38732 - ATI) Hidden CCC Help Chinese Standard (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Czech (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Danish (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Dutch (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help English (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Finnish (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help French (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help German (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Greek (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Hungarian (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Italian (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Japanese (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Korean (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Norwegian (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Polish (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Portuguese (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Russian (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Spanish (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Swedish (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Thai (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Turkish (x32 Version: 2010.0930.2236.38732 - ATI) Hidden ccc-core-static (x32 Version: 2010.0930.2237.38732 - Ihr Firmenname) Hidden ccc-utility64 (Version: 2010.0930.2237.38732 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2631 - CDBurnerXP) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5000 - CDBurnerXP) C-Media PCI Audio Device (HKLM\...\C-Media PCI Audio Driver) (Version: - ) Corel MediaOne (HKLM-x32\...\{3C569633-C8DE-46E2-BB8F-F65198681C2F}) (Version: 2.100.0000 - Corel Corporation) CrystalDiskInfo 6.2.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.2.1 - Crystal Dew World) Cut Out pro 4.0 (HKLM\...\Cut Out pro 4_is1) (Version: - Franzis.de) CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.4703 - CyberLink Corp.) CyberLink Blu-ray Disc Suite (x32 Version: 6.0.4703 - CyberLink Corp.) Hidden CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3620 - CyberLink Corp.) CyberLink LabelPrint (x32 Version: 2.5.3620 - CyberLink Corp.) Hidden CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4715 - CyberLink Corp.) CyberLink Power2Go (x32 Version: 6.1.4715 - CyberLink Corp.) Hidden CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2820 - CyberLink Corp.) CyberLink PowerProducer (x32 Version: 5.0.2.2820 - CyberLink Corp.) Hidden Das Alte Ägypten (HKLM-x32\...\InstallShield_{B9A9DCF2-6F0C-45F5-9E62-8BEDF9A8915F}) (Version: 1.00.0000 - NATIONAL GEOGRAPHIC) Das Alte Ägypten (x32 Version: 1.00.0000 - NATIONAL GEOGRAPHIC) Hidden DDBAC (HKLM-x32\...\{88A0F52F-A024-4268-977E-E75B1F9C67ED}) (Version: 5.3.28 - DataDesign) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version: - Microsoft) DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) DocFetcher (HKLM-x32\...\DocFetcher) (Version: 1.1.11 - ) Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.) Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.) DVDFab 8.1.3.6 (01/12/2011) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version: - Fengtao Software Inc.) DVDFab 9.1.6.8 (13/09/2014) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.) EC Software TNT Screen Capture 2.1 (HKLM-x32\...\TNT Screen Capture_is1) (Version: - EC Software) ELO Pdf Drucker (HKLM-x32\...\{C7ACA1FD-E1A7-42D1-93C2-6EBD868584E9}) (Version: 6.0 - ELO Digital Office GmbH) ELOoffice (HKLM-x32\...\{C08EF2EB-27C6-4E99-B5C3-15AE8210B614}) (Version: 9.0 - ELO Digital Office GmbH) EMDB 1.89 (HKLM-x32\...\EMDB_is1) (Version: - Wicked & Wild Inc.) Epson Benutzerhandbuch XP-600 Series (HKLM-x32\...\XP-600 Series Useg) (Version: - ) EPSON Copy Utility 3 (HKLM-x32\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.3.0.0 - ) Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation) Epson Netzwerkhandbuch XP-600 Series (HKLM-x32\...\XP-600 Series Netg) (Version: - ) Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.20.00 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON XP-600 Series Printer Uninstall (HKLM\...\EPSON XP-600 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden EVEREST Ultimate Edition v4.60 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 4.60 - Lavalys, Inc.) Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG) FirstClass® Client (HKLM-x32\...\{2869279D-7AE2-4A13-96B8-46078BA3F75B}) (Version: 11.0 (build 11.017) - Open Text Corporation.) FirstClass® Client (HKLM-x32\...\{5B35C417-2649-11D6-83D1-0050FC01225C}) (Version: 9.0 (build 9.022) - FirstClass Division, Open Text Corporation.) Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.2.802 - Foxit Corporation) Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.3.1.514 - DVDVideoSoft Ltd.) Geogrid®-Viewer (x32 Version: 6.6.0.0000 - EADS Deutschland GmbH) Hidden Google Chrome (HKCU\...\Google Chrome) (Version: 28.0.1500.72 - Google Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.) Google Earth (HKLM-x32\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Hamster Free Video Converter (HKLM\...\{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1) (Version: 2.5.8.11 - Hamster Soft) Hamster Free Video Converter (HKLM-x32\...\{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1) (Version: 2.5.2.33 - Hamster Soft) Hard Disk Low Level Format Tool 4.25 (HKLM-x32\...\Hard Disk Low Level Format Tool_is1) (Version: - HDDGURU) Hauppauge WinTV 7 (HKLM-x32\...\Hauppauge WinTV 7) (Version: v7.0.30034 (CD 2.5) - Hauppauge Computer Works) HDD-Booster v1.2 (HKLM-x32\...\HDD-Booster_is1) (Version: - ASCOMP Software GmbH) HydraVision (x32 Version: 4.2.180.0 - ATI Technologies Inc.) Hidden ImageDupeless (HKLM-x32\...\ImageDupeless) (Version: - ) iMove ActiveX Control (HKLM-x32\...\iMove ActiveX Control) (Version: - ) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.3.8.2663 - IObit) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan) iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle) Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden KC Softwares SUMo (HKLM-x32\...\KC Softwares SUMo_is1) (Version: 3.11.1.244 - KC Softwares) KeePass Password Safe 2.27 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.27 - Dominik Reichl) Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 2.0.0713 - Kyocera Mita Corporation) Lexware Info Service (x32 Version: 4.02.00.0081 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Installations Dienst (x32 Version: 3.02.00.0016 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware online banking (x32 Version: 21.01.00.0043 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Quicken 2015 (HKLM-x32\...\{f288bb70-6f00-49e5-afb1-032fd70c067e}) (Version: 22.31.0.118 - Haufe-Lexware GmbH & Co.KG) Light Image Resizer 4.6.1.0 (HKLM-x32\...\{EBE030DD-D404-4D92-85E9-8C3624820808}_is1) (Version: 4.6.1.0 - ObviousIdea) LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe) Live Update 5 (HKLM-x32\...\{36F6E986-D2D1-403C-8BD3-D95EF7BC705D}}_is1) (Version: 5.0.109 - MSI) Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.) LookInMyPC (HKLM-x32\...\LookInMyPC) (Version: - ) LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden Macro Key Manager (HKLM\...\RmTablet) (Version: 4.14 - ) MAGIX Foto & Grafik Designer 7 (HKLM-x32\...\MAGIX_MSI_Foto_Grafik_Designer_7) (Version: 7.1.2.17981 - MAGIX AG) MAGIX Foto & Grafik Designer 7 (x32 Version: 7.1.2.17981 - MAGIX AG) Hidden MAGIX Foto Manager MX Deluxe (HKLM-x32\...\MAGIX_{A01EDF83-011F-46FC-889B-16FFD2BEE968}) (Version: 9.0.1.250 - MAGIX AG) MAGIX Foto Manager MX Deluxe (Version: 9.0.1.246 - MAGIX AG) Hidden MAGIX Foto Manager MX Deluxe Update (Version: 9.0.2.256 - MAGIX AG) Hidden MAGIX Goya burnR (MSI) (HKLM-x32\...\{CFEA8991-9D3B-4652-BDCC-ADDD76AA8965}) (Version: 4.3.2.0 - MAGIX AG) MAGIX Music Maker MX (HKLM-x32\...\MAGIX_MSI_mm18) (Version: 18.0.1.11 - MAGIX AG) MAGIX Music Maker MX (x32 Version: 18.0.1.11 - MAGIX AG) Hidden MAGIX Screenshare (HKLM-x32\...\MAGIX_{BA4782C0-4124-4FA1-B15C-15333744444E}) (Version: 4.3.6.1987 - MAGIX AG) MAGIX Screenshare (Version: 4.3.6.1987 - MAGIX AG) Hidden MAGIX Slideshow Maker 2 (HKLM-x32\...\MAGIX_{7AD52089-1158-42B0-BD44-475578594E43}) (Version: 2.0.1.9 - MAGIX AG) MAGIX Slideshow Maker 2 (Version: 2.0.1.9 - MAGIX AG) Hidden MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{A93134FC-5812-4B37-BC58-7E9FF2FDF72F}) (Version: 7.0.2.6 - MAGIX AG) MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden MAGIX USB-Videowandler 2 (HKLM-x32\...\{38874054-65D0-45D0-9486-FBEFD42A2251}) (Version: 1.03.0000 - Ihr Firmenname) MAGIX Video deluxe MX (HKLM-x32\...\MAGIX_MSI_Videodeluxe18) (Version: 11.0.3.0 - MAGIX AG) MAGIX Video deluxe MX (x32 Version: 11.0.3.0 - MAGIX AG) Hidden MAGIX Video easy Retten Sie Ihre Videokassetten 6 (HKLM-x32\...\MAGIX_{4F394EC0-28F2-44D1-BAB9-42C65CA2371E}) (Version: 4.0.0.82 - MAGIX AG) MAGIX Video easy Retten Sie Ihre Videokassetten 6 (Version: 4.0.0.82 - MAGIX AG) Hidden MAGIX Web Designer 7 (HKLM-x32\...\MAGIX_MSI_Web_Designer_7) (Version: 7.1.2.17916 - MAGIX AG) MAGIX Web Designer 7 (x32 Version: 7.1.2.17916 - MAGIX AG) Hidden Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) MemoMaster 4 (HKLM-x32\...\{5CF1F472-846B-44E8-9750-A2112DA32CB6}) (Version: 4 - JBSoftware) MemoMaster 5 (HKLM-x32\...\{5FE975B7-E584-41CE-BA5E-77817F5310F1}) (Version: 5.5.0.17 - JBSoftware) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50701 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50706 - Microsoft Corporation) Hidden Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.50701 - Microsoft Corporation) Hidden Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50701 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation) Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla) Mozilla Thunderbird 24.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.2.0 (x86 de)) (Version: 24.2.0 - Mozilla) Mozilla Thunderbird 31.1.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.1.1 (x86 de)) (Version: 31.1.1 - Mozilla) MP4 To MP3 Converter V3.0 (HKLM-x32\...\MP4 To MP3 Converter_is1) (Version: - hxxp://www.MP4ToMP3Converter.net) MSI Afterburner 2.3.0 (HKLM-x32\...\Afterburner) (Version: 2.3.0 - MSI Co., LTD) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) MyDriveConnect 3.3.0.1342 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1342 - TomTom) MyMicroBalance (HKLM-x32\...\{CAF30EE3-A2E2-47BE-A37B-96524BCB3EF5}) (Version: 2.5.5 - startzentrum GmbH & Co KG) NETGEAR Powerline Utility (HKLM-x32\...\InstallShield_{2753B568-6F85-4E31-A114-A7F8D8606DDD}) (Version: 2.0.0.8 - Ihr Firmenname) NETGEAR Powerline Utility (x32 Version: 2.0.0.8 - Ihr Firmenname) Hidden NetObjects Fusion 11.0 (HKLM-x32\...\{AD5EDC6E-342F-45BC-A131-F1BDFF8FAC96}) (Version: 11 German - ) NetObjects Fusion 12.0 (HKLM-x32\...\{D3418F72-9E80-4DFE-A360-E1ADA1439062}) (Version: 12 German - NetObjects) NetObjects Fusion 12.0 (x32 Version: 12.00.5000.5041 - NetObjects) Hidden NetObjects Fusion 2013 (HKLM-x32\...\{5A70C95E-15FD-4CF8-8727-D2D4ACE1476A}) (Version: 13.0 - NetObjects) NetObjects Fusion 2013 (x32 Version: 13.00.0000.5529 - NetObjects) Hidden NVIDIA 3D Vision Controller-Treiber 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.97 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation) NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.12.0604 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation) OSByPetzl (HKLM-x32\...\OSByPetzl) (Version: 3.0.180 - Petzl distribution) OSByPetzl (x32 Version: 3.0.180 - Petzl distribution) Hidden PaperOffice 2011 DIMS (HKLM-x32\...\PaperOffice) (Version: 2011 DIMS - Realify) PaperOffice 2011 DIMS Version 4 (HKLM-x32\...\{9FCAD2AF-D93B-4AB0-8E34-A1BE867DD85E}_is1) (Version: 4 - Realify) PaperOffice Core (x32 Version: 1.0.0 - Realify Systems, Inc.) Hidden PaperOffice Excel2010 Add-On (x32 Version: 1.0.0 - Realify Systems, Inc.) Hidden PaperOffice Outlook2010 Add-On (x32 Version: 1.0.0 - Realify Systems, Inc.) Hidden PaperOffice ScanConnect (x32 Version: 1.0.0 - Realify Systems, Inc.) Hidden PaperOffice ScreenCapture (x32 Version: 1.0.0 - Realify Systems, Inc.) Hidden PaperOffice VirtualPrinter (x32 Version: 1.0.0 - Realify Systems, Inc.) Hidden PaperOffice Word2010 Add-On (x32 Version: 1.0.0 - Realify Systems, Inc.) Hidden PaperOffice.OutlookSearch.Setupx64 (Version: 1.0.0 - Default Company Name) Hidden Pazera Free MP4 to AVI Converter 1.6 (HKLM-x32\...\{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1) (Version: 1.6 - Pazera Jacek) PC-WELT-PerfectSearch 1.1 (HKLM-x32\...\{0FC5CA8B-F308-49D0-B584-815C7AED0A60}_is1) (Version: - IDG Magazine Media GmbH) PDF24 Creator 5.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) Polaroid Dust and Scratch Removal v1.0.0.15.2e (HKLM-x32\...\{7B03B4E6-E3F9-11D5-B9D9-00D0B75C082C}) (Version: Polaroid Polaroid Dust and Scratch Removal v1.0.0.15.2e - Polaroid Corporation) PowerDirector (x32 Version: 7.00.0000 - CyberLink Corp.) Hidden ProgDVB (HKLM\...\ProgDVB) (Version: 6.8x - Prog) QNAP Finder (HKLM-x32\...\QNAP_FINDER) (Version: 3.4.3.0523 - QNAP Systems, Inc.) QNAP NetBak Replicator (HKLM-x32\...\QNAP_NASNetBak) (Version: - ) Quicken 2014 (HKLM-x32\...\{E60036CF-1E46-4DFE-832F-5476574B30FF}) (Version: 21.37.00.0185 - Haufe-Lexware GmbH & Co.KG) Quicken 2015 (x32 Version: 22.35.00.0131 - Haufe-Lexware GmbH & Co.KG) Hidden Quicken Import Export Server 2015 (x32 Version: 22.31.00.0069 - Haufe-Lexware GmbH & Co.KG) Hidden Quicken Jubiläumsversion (HKLM-x32\...\{A907A713-DA24-4352-8786-96C7A6944646}) (Version: 20.36.00.0134 - Haufe-Lexware GmbH & Co.KG) QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Realify PaperOffice (HKLM-x32\...\Realify PaperOffice) (Version: 5230 - Realify Systems, Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.16.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.16.0 - Renesas Electronics Corporation) Hidden Reveal 1.2 (HKLM-x32\...\Reveal_1.2) (Version: - ) Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group) Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.) RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software) Saal Design Software (HKLM-x32\...\SaalDesignSoftware) (Version: 3.1.26 - SSW Software GmbH) Saal Design Software (x32 Version: 3.1.26 - SSW Software GmbH) Hidden Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V4.2L14 - PFU) ScanSnap Organizer (HKLM-x32\...\{E58F3B88-3B3E-4F85-9323-04789D979C15}) (Version: V3.2L15 - PFU) ScanSnap Organizer (x32 Version: 3.2.13.1 - PFU LIMITED) Hidden SeaMonkey 2.25 (x86 de) (HKLM-x32\...\SeaMonkey 2.25 (x86 de)) (Version: 2.25 - Mozilla) Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Hidden SilverFast 8.0.1r13 (32bit) (HKLM-x32\...\SilverFast 8 x86) (Version: 8.0.1r13 - LaserSoft Imaging AG) SilverFast AFL-SE 6.6.2r5 (HKLM-x32\...\SilverFast AFL-SE) (Version: - LaserSoft Imaging AG) SIW version 2011.09.16 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.09.16 - Topala Software Solutions) Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.) SmartScore X Songbook Edition (HKLM-x32\...\{1A27ACEF-BC98-44BE-BB8D-8199AF2BC62D}) (Version: 10.1.1 - Musitek) Sophos Free Encryption 2.40.0 (HKLM-x32\...\{91D5756A-86DD-4E92-9F38-33743A081060}) (Version: 2.40.0.9 - Sophos) SPR532 SmartCard Reader V1.87 (HKLM-x32\...\{063368C4-1F03-46C7-92A8-9066AF67B372}) (Version: 1.87 - SCM Microsystems Inc.) SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC) Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH) TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version: - (c) 2006-2011, Tom Thielicke IT Solutions) TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname) TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) TopMapsViewer Bayern (HKLM-x32\...\{FB1DF9D2-63C5-40E8-A536-32FB84CA9E4D}) (Version: 6.6.0.0000 - EADS Deutschland GmbH) TreeSize Free V3.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.1 - JAM Software) True Image 2013 (HKLM-x32\...\{4AA75223-6CBF-46F4-8EE4-7BF0591089F7}Visible) (Version: 16.0.6514 - Acronis) True Image 2013 (x32 Version: 16.0.6514 - Acronis) Hidden True Image 2013 Plus Pack (HKLM-x32\...\{1547FF3D-F82F-46AE-819B-78C7BB3D53EC}) (Version: 16.0.6514 - Acronis) TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software) TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden TuneUp Utilities Language Pack (de-DE) (x32 Version: 10.0.4500.45 - TuneUp Software) Hidden TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.73 - TuneUp Software) Hidden TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3020.2 - TuneUp Software) Hidden Twonky Windows Components (HKLM-x32\...\{7CC673E7-5271-409D-B196-BB76DA60300B}) (Version: 3.0.4 - PacketVideo) TwonkyManager (HKLM-x32\...\TwonkyManager) (Version: 3.0.4 (58) - PacketVideo) Ulead PhotoImpact X3 (HKLM-x32\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 1.00.0000 - Corel) Ulead PhotoImpact X3 (x32 Version: 1.00.0000 - Corel) Hidden Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft) USB ACF Modem (HKLM\...\CNXT_MODEM_USB_ACF) (Version: 2.0.21.50 - Conexant) USB Driver for Panasonic DVC (with Web Camera) (HKLM-x32\...\{82AF8AF6-6D0B-4EE6-B11F-CF9877877F69}) (Version: - ) Virtual Desktop Companion (HKLM-x32\...\{DC2A8156-36B5-4C3E-BB75-0A0AA03DD9A5}) (Version: 2.0.1 - Improv Electronics) Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 11.0.0 - Nuance Communications Inc.) Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 30.1.2014 - BillP Studios) XMedia Recode Version 3.1.9.4 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.9.4 - XMedia Recode) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1982316411-69064254-2039899064-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Waldmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1982316411-69064254-2039899064-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Waldmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1982316411-69064254-2039899064-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Waldmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1982316411-69064254-2039899064-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Waldmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1982316411-69064254-2039899064-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Waldmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1982316411-69064254-2039899064-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Waldmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1982316411-69064254-2039899064-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Waldmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1982316411-69064254-2039899064-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Waldmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1982316411-69064254-2039899064-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Waldmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 16-09-2014 16:05:31 DDBAC wird installiert 16-09-2014 16:10:57 Windows Update 23-09-2014 10:20:25 Windows-Sicherung 23-09-2014 10:31:31 Windows Update 23-09-2014 16:21:48 Phase 5 HTML-Editor wird installiert 23-09-2014 18:11:21 Phase 5 HTML-Editor wird entfernt 24-09-2014 12:21:17 Windows Update 24-09-2014 12:39:52 Installed MemoMaster 5. 29-09-2014 06:22:39 Windows-Sicherung 30-09-2014 11:41:04 Windows Update 01-10-2014 19:16:41 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {00EAEF0A-931A-4E58-A973-458C0025E683} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-07-09] (IObit) Task: {01164AAA-6ECB-422C-A0AD-88AC73A48B8A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {09A0EEF1-7C32-462C-8D08-F45B7C181ECB} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {0E26FAB2-1E99-429E-B4ED-BA2B80F640E3} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe Task: {0F0B2E92-F1E7-4791-9926-F5CE7790BA71} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software) Task: {25EF93DA-CA4C-4F1D-990E-626628BC97A6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-28] (Google Inc.) Task: {265952ED-66D1-4823-837B-D749564983FF} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated) Task: {29F0AA25-DCD8-4196-8CD1-856DEA232B56} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd) Task: {38212132-F3AA-490C-9BF1-0B055387B6C8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {42A56287-0F3C-4AC5-A8C2-EBC16FE92C6B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated) Task: {4FA825F7-49EA-4201-B36A-1767F1D4D621} - System32\Tasks\{A3193B0B-0602-42A1-84CA-03F5DB9C1415} => C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2010-11-15] (CyberLink Corp.) Task: {50FC5AAF-195E-4221-B797-939FB46008A5} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {524F99FC-1B4C-459E-9490-FFEC5EB8C2C5} - System32\Tasks\{C90F6733-B774-4D7C-8B7B-9AF565160B53} => C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2010-11-15] (CyberLink Corp.) Task: {59CB6B13-BDDF-48E9-8BE9-4C41C656ABE3} - System32\Tasks\{DA4561AA-9D1D-4E17-8A35-E5063C6765B3} => Firefox.exe hxxp://ui.skype.com/ui/0/6.18.0.106/de/go/help.faq.installer?LastError=1618 Task: {73CF6EE9-09F0-4BF1-B92E-EE28FCEC5C48} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {8358CD7B-7519-4268-AEAF-3653422511D0} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft) Task: {85B04647-7A6C-4EDD-A376-F593595D0A8A} - System32\Tasks\Google Updater and Installer => C:\Users\Waldmann\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-10] (Google Inc.) Task: {8FD65BF4-B98C-4970-9B1B-53593EEADE77} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [2013-10-17] (Haufe-Lexware GmbH & Co. KG) Task: {B01B97C7-60C8-4D30-ABCC-8B40C76D396D} - System32\Tasks\{FB097542-21C2-4E1E-9277-B761910B43AA} => C:\Users\Waldmann\Desktop\RealifyPaperOffice2011setup.exe Task: {C980C1E1-332F-4505-8961-E5615429A265} - System32\Tasks\InstallShield Software-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [2004-04-17] (InstallShield Software Corporation) Task: {CB00DD13-FA6E-4B1D-8629-50D4E1D1B913} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation) Task: {CD78004A-AAA1-45B6-B70E-C741D9A456EE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1982316411-69064254-2039899064-1000UA => C:\Users\Waldmann\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-10] (Google Inc.) Task: {D8F9E7DF-9C94-4F54-8AB6-FF913DF02F0E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-28] (Google Inc.) Task: {E3C4EF5A-5F8D-4573-A89C-6786722E83E9} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe Task: {EA627A73-F100-4D43-9F99-E74ECFFB823C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1982316411-69064254-2039899064-1000Core => C:\Users\Waldmann\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-10] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1982316411-69064254-2039899064-1000Core.job => C:\Users\Waldmann\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1982316411-69064254-2039899064-1000UA.job => C:\Users\Waldmann\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2009-09-02 09:46 - 2009-09-02 09:46 - 00022016 _____ () C:\Windows\System32\BsTrace.dll 2013-08-22 17:22 - 2013-01-18 17:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2009-09-02 09:46 - 2009-09-02 09:46 - 00022016 _____ () C:\Windows\system32\BsTrace.dll 2008-03-07 13:54 - 2008-03-07 13:54 - 17892352 _____ () C:\Windows\system32\BsLangInDepRes.dll 2009-09-02 09:46 - 2009-09-02 09:46 - 00009728 _____ () C:\Windows\system32\BsHelpCSps.dll 2009-09-02 09:46 - 2009-09-02 09:46 - 00044544 _____ () C:\Windows\system32\BlueSoleilCSps.dll 2013-03-27 22:39 - 2013-03-27 22:39 - 00021824 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\x64\ti_managers_proxy_stub.dll 2012-02-05 13:35 - 2012-01-03 15:28 - 10893312 _____ () C:\Windows\System32\WTMKM.exe 2011-10-10 21:44 - 2007-09-02 14:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe 2014-03-03 15:58 - 2014-03-03 15:58 - 00563621 _____ () C:\Program Files (x86)\DocFetcher\docfetcher-daemon-windows.exe 2012-01-13 20:56 - 2012-01-13 20:56 - 00060864 _____ () C:\Program Files\ProgDVB\ProgDVBService.exe 2012-01-13 20:56 - 2012-01-13 20:56 - 00166336 _____ () C:\Program Files\ProgDVB\Scheduler.dll 2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 _____ () C:\Windows\SysWOW64\PSIService.exe 2014-07-16 10:24 - 2014-07-16 10:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll 2012-09-24 14:59 - 2012-09-24 14:59 - 00545608 _____ () C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe 2012-09-24 14:59 - 2012-09-24 14:59 - 00275272 _____ () C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe 2012-09-24 15:02 - 2012-09-24 15:02 - 01692488 _____ () C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe 2013-09-23 18:03 - 2010-08-10 15:37 - 00334848 ____R () C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe 2012-02-05 13:35 - 2012-01-03 16:06 - 00582144 _____ () C:\Windows\system32\atwtusb.exe 2014-10-05 11:42 - 2014-10-05 11:42 - 00050477 _____ () C:\Users\Waldmann\Desktop\Downloads\Defogger.exe 2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll 2009-09-02 09:43 - 2009-09-02 09:43 - 00114808 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\setup.dll 2011-10-10 21:44 - 2007-09-02 14:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll 2012-02-05 22:16 - 2011-08-23 10:04 - 00057344 _____ () C:\Program Files (x86)\WinTV\TVServer\libhdhomerun.dll 2014-02-02 17:04 - 2014-02-18 05:46 - 00643948 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll 2009-09-02 09:48 - 2009-09-02 09:48 - 00144384 _____ () C:\Windows\system32\BsProfilefunc.dll 2013-03-28 00:37 - 2013-03-28 00:37 - 13627872 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll 2013-01-10 13:43 - 2013-01-10 13:43 - 00014360 _____ () C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll 2011-10-14 20:51 - 2003-03-26 18:46 - 00135168 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll 2011-10-14 20:51 - 2006-10-12 15:14 - 00036864 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuUpdater.dll 2011-10-14 20:51 - 2007-02-16 15:06 - 00045056 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuUpdater0407.dll 2011-10-14 20:51 - 2007-06-26 20:27 - 00167936 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll 2014-10-05 11:30 - 2014-10-05 11:30 - 00043008 _____ () c:\users\waldmann\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0eoul0.dll 2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Waldmann\AppData\Roaming\Dropbox\bin\libcef.dll 2012-09-24 15:02 - 2012-09-24 15:02 - 00176968 _____ () C:\Program Files (x86)\Twonky\TwonkyServer\wmdrmdll.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 01135616 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMSWrap.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00656896 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ContentDirectoryPresenter.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00105472 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMCDP.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00098816 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\FolderCDP.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00077312 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MetadataFramework.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00520234 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\sqlite3.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00450560 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MoodExtractor.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 05717504 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMImgExtractor.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00029184 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AutoChaptering.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00147456 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexpat.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoThumb.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 04671488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avcodec-52.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00070656 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avutil-50.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00686080 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avformat-52.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00152064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\swscale-0.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00027648 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AudioExtractor.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00063488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ID3Driver.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00366592 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\tag.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00289792 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libThumbnail.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00023040 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RichInfoDriver.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoExtractor.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ThumbnailMaker.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00133120 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoMetadataDriver.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00290304 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libKeyFrame.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\SECMetaDriver.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ImageExtractor.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\photoDriver.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00399826 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexif-12.dll.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00013824 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\TextExtractor.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00031232 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\Autobackup.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00054784 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RosettaAllShare.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00044032 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\us.dll 2013-03-27 22:09 - 2013-03-27 22:09 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll 2014-09-28 13:37 - 2014-09-28 13:37 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-04-20 01:42 - 2014-04-20 01:42 - 00699072 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll 2014-04-20 01:42 - 2014-04-20 01:42 - 00468672 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll 2014-04-20 01:42 - 2014-04-20 01:42 - 00347328 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com\nponlinebanking.dll 2013-03-27 22:36 - 2013-03-27 22:36 - 00021312 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: x => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CardMinder Viewer.lnk => C:\Windows\pss\CardMinder Viewer.lnk.CommonStartup MSCONFIG\startupreg: Run-OSByPetzl => C:\Program Files (x86)\Petzl\OSByPetzl\WinPetzlController.exe MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun ========================= Accounts: ========================== Administrator (S-1-5-21-1982316411-69064254-2039899064-500 - Administrator - Disabled) Gast (S-1-5-21-1982316411-69064254-2039899064-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-1982316411-69064254-2039899064-1002 - Limited - Enabled) UpdatusUser (S-1-5-21-1982316411-69064254-2039899064-1040 - Limited - Enabled) => C:\Users\UpdatusUser Waldmann (S-1-5-21-1982316411-69064254-2039899064-1000 - Administrator - Enabled) => C:\Users\Waldmann ==================== Faulty Device Manager Devices ============= Name: Deskjet 6980 series Description: Deskjet 6980 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Officejet Pro 8500 A910 Description: Officejet Pro 8500 A910 Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (10/05/2014 11:30:01 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/05/2014 11:28:22 AM) (Source: Microsoft Fax) (EventID: 32112) (User: ) Description: Es können keine Faxe archiviert und keine eingehenden Faxe weitergeleitet werden, da im Faxdienst Probleme mit dem Archivspeicherort aufgetreten sind. Der Dienst kann auf den Ordner "C:\Users\Waldmann\Desktop\FAX" oder einige darin enthaltene Unterordner nicht zugreifen. Sie können den Speicherort des Archivordners auf der Eigenschaftenseite des Faxdruckers oder im Faxdienst-Manager ändern. Weitere Informationen erhalten Sie unter Problembandlung in der Hilfe zum Faxdienst. Win32-Fehlercode: 2 Dieser Fehlercode gibt die Ursache des Fehlers an. Ein detaillierter Windows-Fehlerbericht bezüglich des Problems wurde generiert. Error: (10/05/2014 11:21:35 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm explorer.exe, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 2130 Startzeit: 01cfe07b48a906f3 Endzeit: 99 Anwendungspfad: C:\Windows\explorer.exe Berichts-ID: fd4d4593-4c70-11e4-b8fb-001d7d01386f Error: (10/05/2014 11:03:52 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 750 Startzeit: 01cfdf29a6d7a801 Endzeit: 237 Anwendungspfad: C:\Windows\Explorer.EXE Berichts-ID: 61d18fdd-4c6e-11e4-b8fb-001d7d01386f Error: (10/04/2014 00:31:40 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 18939 Error: (10/04/2014 00:31:40 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 18939 Error: (10/04/2014 00:31:40 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/04/2014 00:31:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 17675 Error: (10/04/2014 00:31:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 17675 Error: (10/04/2014 00:31:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (10/05/2014 11:33:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (10/05/2014 11:33:29 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (10/05/2014 11:33:29 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: %%126 Error: (10/05/2014 11:28:27 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: ASPI32 BTHidMgr Error: (10/05/2014 11:26:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (10/05/2014 11:26:57 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMScheduler erreicht. Error: (10/05/2014 11:26:32 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (10/05/2014 11:26:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Lexware Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (10/05/2014 11:26:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Lexware Update Service erreicht. Error: (10/05/2014 11:25:45 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Handsfree Headset Service" ist vom Dienst "Bluetooth-Unterstützungsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Microsoft Office Sessions: ========================= Error: (10/05/2014 11:30:01 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/05/2014 11:28:22 AM) (Source: Microsoft Fax) (EventID: 32112) (User: ) Description: C:\Users\Waldmann\Desktop\FAX2 Error: (10/05/2014 11:21:35 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: explorer.exe6.1.7601.17567213001cfe07b48a906f399C:\Windows\explorer.exefd4d4593-4c70-11e4-b8fb-001d7d01386f Error: (10/05/2014 11:03:52 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Explorer.EXE6.1.7601.1756775001cfdf29a6d7a801237C:\Windows\Explorer.EXE61d18fdd-4c6e-11e4-b8fb-001d7d01386f Error: (10/04/2014 00:31:40 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 18939 Error: (10/04/2014 00:31:40 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 18939 Error: (10/04/2014 00:31:40 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/04/2014 00:31:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 17675 Error: (10/04/2014 00:31:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 17675 Error: (10/04/2014 00:31:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second CodeIntegrity Errors: =================================== Date: 2014-09-29 08:33:51.491 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-29 08:33:51.489 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-29 08:33:42.222 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-29 08:33:42.220 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-29 08:31:23.706 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-29 08:31:23.694 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-29 08:31:22.363 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-29 08:31:22.362 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-29 08:31:11.682 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-29 08:31:11.680 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU E6850 @ 3.00GHz Percentage of memory in use: 66% Total physical RAM: 4094.49 MB Available physical RAM: 1362.31 MB Total Pagefile: 8187.16 MB Available Pagefile: 5069.95 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (1. Festplatte 500GB) (Fixed) (Total:465.76 GB) (Free:155.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: (2.Festplatte ) (Fixed) (Total:298.09 GB) (Free:86.51 GB) NTFS Drive h: (Dock FP 1) (Fixed) (Total:1863.01 GB) (Free:807.48 GB) NTFS Drive i: (HD-HXU3) (Fixed) (Total:931.51 GB) (Free:638.6 GB) NTFS Drive j: (MY BOOK) (Fixed) (Total:465.65 GB) (Free:417.78 GB) FAT32 Drive l: (Dock FP 2) (Fixed) (Total:1863.01 GB) (Free:1604.74 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9CD19CD1) Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 298.1 GB) (Disk ID: DFBADFBA) Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 931.5 GB) (Disk ID: D07A4C4D) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 0D760311) Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ======================================================== Disk: 4 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 6DE05E0F) Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ======================================================== Disk: 5 (Size: 465.8 GB) (Disk ID: 44FDFE06) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C) ==================== End Of Log ============================ |
06.10.2014, 11:02 | #4 |
/// the machine /// TB-Ausbilder | ebenfalls deutlicher Leistungsabfall hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
06.10.2014, 12:41 | #5 |
| ebenfalls deutlicher Leistungsabfall Hier das Combofix-Ergebnis: Code:
ATTFilter ComboFix 14-10-04.01 - Waldmann 06.10.2014 12:57:21.1.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.4094.1944 [GMT 2:00] ausgeführt von:: c:\users\Waldmann\Desktop\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886} FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\users\Waldmann\30593-8-CutOut-4-Pro.exe c:\users\Waldmann\AppData\Local\assembly\tmp c:\users\Waldmann\AppData\Local\assembly\tmp\7I0Z5YLN\__AssemblyInfo__.ini c:\users\Waldmann\AppData\Local\assembly\tmp\7I0Z5YLN\PaperOffice.Word2010AddIn.DLL c:\users\Waldmann\AppData\Local\assembly\tmp\8EJWZYY8\__AssemblyInfo__.ini c:\users\Waldmann\AppData\Local\assembly\tmp\8EJWZYY8\PaperOffice.Core.Library.DLL c:\users\Waldmann\AppData\Local\assembly\tmp\P7DG8SOD\__AssemblyInfo__.ini c:\users\Waldmann\AppData\Local\assembly\tmp\P7DG8SOD\MySQL.ForExcel.DLL c:\windows\Installer\{44A9A647-0BBA-4776-8B61-1092EDFEA0C2}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe c:\windows\IsUn0407.exe c:\windows\PFRO.log c:\windows\security\Database\tmp.edb . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_x . . ((((((((((((((((((((((( Dateien erstellt von 2014-09-06 bis 2014-10-06 )))))))))))))))))))))))))))))) . . 2014-10-05 09:47 . 2014-10-05 09:51 -------- d-----w- C:\FRST 2014-10-03 16:37 . 2014-10-03 16:37 -------- d-----w- c:\users\Waldmann\AppData\Roaming\26057 2014-10-01 06:06 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll 2014-10-01 06:06 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll 2014-09-28 11:40 . 2014-09-28 16:07 792128 ----a-w- c:\windows\system32\drivers\klif.sys 2014-09-28 11:40 . 2014-09-28 16:07 140352 ----a-w- c:\windows\system32\drivers\klflt.sys 2014-09-25 11:52 . 2014-09-25 11:52 122584 ----a-w- c:\windows\system32\drivers\354F2ED7.sys 2014-09-24 13:11 . 2014-09-24 13:11 -------- d-----w- c:\program files (x86)\CrystalDiskInfo 2014-09-24 12:44 . 2014-09-24 12:44 -------- d-----w- c:\program files (x86)\MemoMaster5 2014-09-24 11:14 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll 2014-09-24 11:14 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2014-09-23 18:10 . 2014-09-23 18:10 -------- d-----w- c:\users\Waldmann\AppData\Roaming\hdbADS 2014-09-17 11:42 . 2014-09-17 11:42 122584 ----a-w- c:\windows\system32\drivers\30922D86.sys 2014-09-16 21:00 . 2014-09-16 21:00 122584 ----a-w- c:\windows\system32\drivers\5725369C.sys 2014-09-15 16:52 . 2014-09-15 16:52 122584 ----a-w- c:\windows\system32\drivers\777239C1.sys 2014-09-15 16:04 . 2014-09-15 16:04 122584 ----a-w- c:\windows\system32\drivers\1B1076D8.sys 2014-09-15 14:59 . 2014-09-15 14:59 122584 ----a-w- c:\windows\system32\drivers\4D5A7B3D.sys 2014-09-15 13:53 . 2014-09-15 13:53 122584 ----a-w- c:\windows\system32\drivers\7F0C2A79.sys 2014-09-13 16:16 . 2014-09-28 11:49 -------- d-----w- c:\program files (x86)\Kaspersky Lab 2014-09-12 19:21 . 2014-09-12 19:21 -------- d-----w- c:\users\Waldmann\AppData\Roaming\KC Softwares 2014-09-12 19:21 . 2014-09-12 19:21 -------- d-----w- c:\program files (x86)\KC Softwares 2014-09-12 19:15 . 2014-09-16 16:07 -------- d-----w- c:\programdata\Informer Technologies, Inc 2014-09-12 18:50 . 2014-09-12 19:14 -------- d-----w- c:\program files (x86)\Software Informer 2014-09-12 18:21 . 2014-09-12 18:22 -------- d-----w- c:\program files\iTunes 2014-09-12 18:21 . 2014-09-12 18:22 -------- d-----w- c:\program files (x86)\iTunes 2014-09-12 18:21 . 2014-09-12 18:21 -------- d-----w- c:\program files\iPod 2014-09-12 18:01 . 2014-09-12 18:01 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird 2014-09-12 09:43 . 2014-09-12 09:43 227728 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll 2014-09-11 01:56 . 2014-09-16 20:59 122584 ----a-w- c:\windows\system32\drivers\48230029.sys 2014-09-11 01:05 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2014-09-11 01:05 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll 2014-09-10 11:18 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll 2014-09-10 11:18 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll 2014-09-10 11:18 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2014-09-10 11:18 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2014-09-10 11:18 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll 2014-09-10 11:18 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll 2014-09-10 11:18 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll 2014-09-10 11:18 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2014-09-10 11:18 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2014-09-09 12:15 . 2014-09-09 12:15 2273432 ----a-w- c:\windows\SysWow64\DDBACCPL.CPL 2014-09-09 12:15 . 2014-09-09 12:15 1659544 ----a-w- c:\windows\SysWow64\ddBACCTM.cpl . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-10-06 11:24 . 2014-07-05 09:22 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-09-24 11:02 . 2012-04-01 18:32 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-09-24 11:02 . 2011-10-25 16:19 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-09-15 07:06 . 2010-11-21 03:27 278152 ------w- c:\windows\system32\MpSigStub.exe 2014-09-11 01:06 . 2011-10-10 11:04 101694776 ----a-w- c:\windows\system32\MRT.exe 2014-09-09 02:05 . 2014-10-03 09:46 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A007C529-CA0F-4488-B912-09B75C97D16D}\mpengine.dll 2014-08-23 02:07 . 2014-08-28 08:38 404480 ----a-w- c:\windows\system32\gdi32.dll 2014-08-23 01:45 . 2014-08-28 08:38 311808 ----a-w- c:\windows\SysWow64\gdi32.dll 2014-08-23 00:59 . 2014-08-28 08:38 3163648 ----a-w- c:\windows\system32\win32k.sys 2014-08-20 06:17 . 2014-08-20 06:17 122584 ----a-w- c:\windows\system32\drivers\51EA032D.sys 2014-08-19 14:20 . 2014-08-19 14:20 53248 ----a-r- c:\users\Waldmann\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2014-08-18 09:40 . 2014-08-18 09:40 122584 ----a-w- c:\windows\system32\drivers\18A42697.sys 2014-08-17 09:00 . 2014-08-17 09:00 122584 ----a-w- c:\windows\system32\drivers\7CE9670C.sys 2014-08-15 11:14 . 2014-08-15 11:14 122584 ----a-w- c:\windows\system32\drivers\222119E5.sys 2014-08-14 11:04 . 2014-08-14 11:04 122584 ----a-w- c:\windows\system32\drivers\04BF2A9F.sys 2014-08-12 19:49 . 2014-08-12 19:49 122584 ----a-w- c:\windows\system32\drivers\288D2B89.sys 2014-08-12 18:59 . 2014-08-12 18:59 122584 ----a-w- c:\windows\system32\drivers\212152F9.sys 2014-08-12 16:46 . 2014-08-12 16:46 122584 ----a-w- c:\windows\system32\drivers\73DA3D8E.sys 2014-08-12 15:36 . 2014-08-12 15:36 122584 ----a-w- c:\windows\system32\drivers\51036E83.sys 2014-08-11 09:56 . 2014-08-11 09:56 122584 ----a-w- c:\windows\system32\drivers\30E43262.sys 2014-08-10 17:05 . 2014-08-10 17:05 122584 ----a-w- c:\windows\system32\drivers\7E701508.sys 2014-08-10 14:13 . 2014-08-10 14:13 122584 ----a-w- c:\windows\system32\drivers\4D4B1173.sys 2014-08-08 08:19 . 2014-08-08 08:19 122584 ----a-w- c:\windows\system32\drivers\6C5358AB.sys 2014-08-06 06:11 . 2014-08-06 06:11 122584 ----a-w- c:\windows\system32\drivers\4EB73D9F.sys 2014-08-05 14:26 . 2014-08-05 14:26 122584 ----a-w- c:\windows\system32\drivers\65B26EF2.sys 2014-08-05 10:29 . 2014-08-05 10:29 122584 ----a-w- c:\windows\system32\drivers\41F41CE2.sys 2014-08-01 13:36 . 2014-08-01 13:36 122584 ----a-w- c:\windows\system32\drivers\0494225D.sys 2014-07-30 04:50 . 2014-07-30 04:50 122584 ----a-w- c:\windows\system32\drivers\3A280DC0.sys 2014-07-30 03:41 . 2014-07-30 03:41 122584 ----a-w- c:\windows\system32\drivers\3A927666.sys 2014-07-28 12:52 . 2014-07-28 12:52 6112072 ----a-w- c:\windows\system32\usbaaplrc.dll 2014-07-28 12:52 . 2014-07-28 12:52 54784 ----a-w- c:\windows\system32\drivers\usbaapl64.sys 2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll 2014-07-24 21:47 . 2014-07-24 21:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll 2014-07-20 23:18 . 2014-07-20 23:18 122584 ----a-w- c:\windows\system32\drivers\2B5F69F6.sys 2014-07-20 22:26 . 2014-07-20 22:26 122584 ----a-w- c:\windows\system32\drivers\1DEC0C82.sys 2014-07-20 08:57 . 2014-07-20 08:57 122584 ----a-w- c:\windows\system32\drivers\1AFE2A7D.sys 2014-07-18 13:57 . 2014-07-18 13:57 122584 ----a-w- c:\windows\system32\drivers\3C64766E.sys 2014-07-18 12:38 . 2014-07-18 12:38 122584 ----a-w- c:\windows\system32\drivers\6D7C27CA.sys 2014-07-17 18:13 . 2014-07-17 18:13 122584 ----a-w- c:\windows\system32\drivers\3230552D.sys 2014-07-16 08:24 . 2013-09-13 18:05 40760 ----a-w- c:\windows\system32\TURegOpt.exe 2014-07-16 08:24 . 2014-07-21 19:29 29496 ----a-w- c:\windows\system32\authuitu.dll 2014-07-16 08:24 . 2014-07-21 19:29 25400 ----a-w- c:\windows\SysWow64\authuitu.dll 2014-07-16 08:24 . 2014-07-21 19:29 43320 ----a-w- c:\windows\system32\uxtuneup.dll 2014-07-16 08:24 . 2014-07-21 19:29 36152 ----a-w- c:\windows\SysWow64\uxtuneup.dll 2014-07-15 20:51 . 2014-07-15 20:51 122584 ----a-w- c:\windows\system32\drivers\72064232.sys 2014-07-15 19:39 . 2014-07-15 19:39 122584 ----a-w- c:\windows\system32\drivers\1C1C2246.sys 2014-07-14 16:14 . 2014-07-14 16:14 122584 ----a-w- c:\windows\system32\drivers\6287518E.sys 2014-07-14 11:34 . 2014-07-14 11:34 122584 ----a-w- c:\windows\system32\drivers\57347B99.sys 2014-07-14 02:02 . 2014-08-14 09:58 1216000 ----a-w- c:\windows\system32\rpcrt4.dll 2014-07-14 01:40 . 2014-08-14 09:58 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll 2014-07-09 02:03 . 2014-08-14 09:59 7168 ----a-w- c:\windows\system32\KBDYAK.DLL 2014-07-09 02:03 . 2014-08-14 09:59 7168 ----a-w- c:\windows\system32\KBDTAT.DLL 2014-07-09 02:03 . 2014-08-14 09:59 7168 ----a-w- c:\windows\system32\KBDRU1.DLL 2014-07-09 02:03 . 2014-08-14 09:59 6656 ----a-w- c:\windows\system32\KBDRU.DLL 2014-07-09 02:03 . 2014-08-14 09:59 7168 ----a-w- c:\windows\system32\KBDBASH.DLL 2014-07-09 01:31 . 2014-08-14 09:59 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL 2014-07-09 01:31 . 2014-08-14 09:59 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{609C0837-8DD3-4F9B-AAC5-446F36BC0353}] 2014-07-23 14:54 613952 ----a-w- c:\program files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 21:08 131480 ----a-w- c:\users\Waldmann\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 21:08 131480 ----a-w- c:\users\Waldmann\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"] @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 21:08 131480 ----a-w- c:\users\Waldmann\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"] @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 21:08 131480 ----a-w- c:\users\Waldmann\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 21:08 131480 ----a-w- c:\users\Waldmann\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"] @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 21:08 131480 ----a-w- c:\users\Waldmann\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 21:08 131480 ----a-w- c:\users\Waldmann\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"] @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 21:08 131480 ----a-w- c:\users\Waldmann\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-10-12 2068856] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIJCE.EXE" [2012-02-29 283232] "Boogie Board Rip"="c:\program files (x86)\Improv Electronics\Virtual Desktop Companion\BoogieBoardRip.exe" [2012-09-04 1002496] "TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2013-08-27 248208] "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2014-02-25 496192] "Run-OSByPetzl"="c:\program files (x86)\Petzl\OSByPetzl\WinPetzlController.exe" [2014-06-04 1178624] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "TrayServer"="c:\program files (x86)\MAGIX\Video_deluxe_MX\TrayServer_de.exe" [2008-08-07 90112] "UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-12-23 222504] "BtTray"="c:\program files (x86)\IVT Corporation\BlueSoleil\BtTray.exe" [2009-09-02 315478] "AllShareAgent"="c:\program files (x86)\Samsung\AllShare\AllShareAgent.exe" [2012-03-01 285072] "RUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" [2011-05-17 106344] "TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2013-03-27 6405376] "AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2013-01-10 1105848] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816] "DocFetcher-Daemon"="c:\program files (x86)\DocFetcher\docfetcher-daemon-windows.exe" [2014-03-03 563621] "KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2014-07-06 2117632] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-12 204136] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2011-10-12 2068856] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] . c:\users\Waldmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Waldmann\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-13 36414624] OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552] pcwPerfectSearch.LNK - c:\users\Waldmann\AppData\Roaming\PC-WELT-PerfectSearch\pcwPerfectSearch.exe -a [2014-9-2 384000] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ In PDF-Datei mit ScanSnap Organizer konvertieren.lnk - c:\program files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2011-10-14 24576] ScanSnap Manager.lnk - c:\program files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe [2011-10-14 1159168] Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-12-6 565464] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) "EnableSecureUIAPath"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableClock"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoCommonGroups"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux3"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime "atwtusb"=atwtusb.exe beta "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "QNAP_NASNetBak"=c:\program files (x86)\QNAP\NetBak\NetBak.exe /min "Realify_PaperOffice_Core"="c:\program files (x86)\Realify PaperOffice\PaperOffice.Core.exe" "PDFPrint"=c:\program files (x86)\PDF24\pdf24.exe "Corel File Shell Monitor"=c:\program files (x86)\Corel\Corel MediaOne\CorelIOMonitor.exe "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" "Ulead AutoDetector v2"=c:\program files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe "Live Update 5"=c:\program files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe /reminder "LexwareInfoService"=c:\program files (x86)\Lexware\Update Manager\LxUpdateManager.exe /autostart "DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe" -r "c:\programdata\Nuance\NaturallySpeaking13\Ereg.ini" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 AcfXAudioService;AcfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x] R2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] R3 BthAudioHF;BthAudioHF-Dienst;c:\windows\system32\DRIVERS\BthAudioHF.sys;c:\windows\SYSNATIVE\DRIVERS\BthAudioHF.sys [x] R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x] R3 hcwAVD2;Hauppauge PVR USB2 AVS Video Capture;c:\windows\system32\drivers\HCWUSB264.sys;c:\windows\SYSNATIVE\drivers\HCWUSB264.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x] R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x] R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys;c:\windows\SYSNATIVE\DRIVERS\PcaSp60.sys [x] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x] R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [x] R3 STCFUx64;STC DFU Driver;c:\windows\system32\DRIVERS\STCFUx64.SYS;c:\windows\SYSNATIVE\DRIVERS\STCFUx64.SYS [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys;c:\windows\SYSNATIVE\Drivers\BtHidBus.sys [x] S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x] S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x] S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x] S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x] S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x] S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x] S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x] S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x] S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x] S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AVP15.0.0;Kaspersky Anti-Virus Service 15.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [x] S2 DragonLoggerService;Dragon Logger service;c:\program files (x86)\Common Files\Nuance\loggerservice.exe;c:\program files (x86)\Common Files\Nuance\loggerservice.exe [x] S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x] S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x] S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x] S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [x] S2 HauppaugeTVServer;HauppaugeTVServer;c:\program files (x86)\WinTV\TVServer\HauppaugeTVServer.exe;c:\program files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [x] S2 Lexware_Update_Service;Lexware Update Service;c:\program files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe;c:\program files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x] S2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe;c:\windows\SYSNATIVE\PrintCtrl.exe [x] S2 ProgDVBService;ProgDVB Scheduler Service;c:\program files\ProgDVB\ProgDVBService.exe;c:\program files\ProgDVB\ProgDVBService.exe [x] S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [x] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x] S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x] S2 TwonkyProxy;TwonkyProxy;c:\program files (x86)\Twonky\TwonkyServer\twonkyproxy.exe;c:\program files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [x] S2 TwonkyServer;TwonkyServer;c:\program files (x86)\Twonky\TwonkyServer\twonkystarter.exe;c:\program files (x86)\Twonky\TwonkyServer\twonkystarter.exe [x] S2 TwonkyWebDav;TwonkyWebDav;c:\program files (x86)\Twonky\TwonkyServer\twonkywebdav.exe;c:\program files (x86)\Twonky\TwonkyServer\twonkywebdav.exe [x] S2 UsbService;ASUS Virtual MFP Service;c:\program files (x86)\ASUS\Printer Utilities\UsbService64.exe;c:\program files (x86)\ASUS\Printer Utilities\UsbService64.exe [x] S2 WTService;WTService;c:\windows\system32\atwtusb.exe;c:\windows\SYSNATIVE\atwtusb.exe [x] S3 acfva;acfva;c:\windows\system32\DRIVERS\ACFVA64.sys;c:\windows\SYSNATIVE\DRIVERS\ACFVA64.sys [x] S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x] S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys;c:\windows\SYSNATIVE\Drivers\btnetBus.sys [x] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x] S3 dgcfltr;DGC Filter Driver;c:\windows\system32\DRIVERS\ACFDCP64.sys;c:\windows\SYSNATIVE\DRIVERS\ACFDCP64.sys [x] S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys;c:\windows\SYSNATIVE\Drivers\IvtBtBus.sys [x] S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x] S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3hub.sys [x] S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3xhc.sys [x] S3 S332x64;SPRx3x USB SmartCard Reader;c:\windows\system32\DRIVERS\S332x64.sys;c:\windows\SYSNATIVE\DRIVERS\S332x64.sys [x] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x] S3 vuhub;Virtual Usb Hub;c:\windows\system32\DRIVERS\vuhub.sys;c:\windows\SYSNATIVE\DRIVERS\vuhub.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - MBAMSWISSARMY . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-11-22 12:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-09-25 11:53 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2014-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 11:02] . 2014-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-28 10:42] . 2014-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-28 10:42] . 2014-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1982316411-69064254-2039899064-1000Core.job - c:\users\Waldmann\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-10 19:27] . 2014-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1982316411-69064254-2039899064-1000UA.job - c:\users\Waldmann\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-10 19:27] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}] 2014-07-09 15:29 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{609C0837-8DD3-4F9B-AAC5-446F36BC0353}] 2014-07-23 14:54 646208 ----a-w- c:\program files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 21:08 164760 ----a-w- c:\users\Waldmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 21:08 164760 ----a-w- c:\users\Waldmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"] @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 21:08 164760 ----a-w- c:\users\Waldmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"] @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 21:08 164760 ----a-w- c:\users\Waldmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 21:08 164760 ----a-w- c:\users\Waldmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"] @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 21:08 164760 ----a-w- c:\users\Waldmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 21:08 164760 ----a-w- c:\users\Waldmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"] @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 21:08 164760 ----a-w- c:\users\Waldmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError] @="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}" [HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}] 2013-03-27 22:53 2827832 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress] @="{00F848DC-B1D4-4892-9C25-CAADC86A215D}" [HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}] 2013-03-27 22:53 2827832 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk] @="{71573297-552E-46fc-BE3D-3DFAF88D47B7}" [HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}] 2013-03-27 22:53 2827832 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CmPCIaudio"="c:\windows\Syswow64\CMICNFG3.dll" [2010-04-27 8151040] "MacrokeyManager"="WTMKM.exe" [2012-01-03 10893312] "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2013-02-15 517912] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . ------- Zusätzlicher Suchlauf ------- . uStart Page = about:blank uLocal Page = c:\windows\system32\blank.htm mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm mDefault_Page_URL = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Zu Anti-Banner hinzufügen - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm IE: {{0221703C-6E84-4915-9960-593A66B3D84E} - c:\program files (x86)\ELOoffice\EloArcConnect.exe IE: {{39FC0E7F-84EA-4962-AB58-33913BC63CAB} - c:\program files (x86)\ELOoffice\EloInternetExplorer.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Waldmann\AppData\Roaming\Mozilla\Firefox\Profiles\bnw3j0un.default-1410462397457\ FF - user.js: plugin.state.npcontentblocker - 2 FF - user.js: plugin.state.nponlinebanking - 2 FF - user.js: plugin.state.npvkplugin - 2 FF - user.js: plugin.state.anti_banner_native_proxy - 2 FF - user.js: plugin.state.url_advisor - 2 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . BHO-{9B6B03F1-16CF-4491-BBBB-E872802DD717} - (no file) c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2015 Zahlungserinnerung.lnk - c:\windows\Installer\{44A9A647-0BBA-4776-8B61-1092EDFEA0C2}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) AddRemove-QNAP_NASNetBak - c:\windows\system32\qnapuninstall.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FotoManager.9.alb" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="MAGIXviewer.eps" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="MAGIXviewer.gif" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="MAGIXviewer.iff" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="MAGIXviewer.pcd" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (LocalSystem) "Progid"="MAGIXviewer.png" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="MAGIXviewer.tga" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="MAGIXviewer.tif" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="MAGIXviewer.tiff" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.15" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:00000004 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\ Malwarebytes Anti-Malware \mbam.exe c:\windows\SysWOW64\PSIService.exe c:\program files (x86)\Twonky\TwonkyServer\TwonkyServer.exe c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe . ************************************************************************** . Zeit der Fertigstellung: 2014-10-06 13:36:45 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2014-10-06 11:36 . Vor Suchlauf: 27 Verzeichnis(se), 178.270.912.512 Bytes frei Nach Suchlauf: 32 Verzeichnis(se), 177.695.100.928 Bytes frei . - - End Of File - - EAC60D1898B592F5B870486C5BB7CA51 A36C5E4F47E84449FF07ED3517B43A31 |
07.10.2014, 10:08 | #6 |
/// the machine /// TB-Ausbilder | ebenfalls deutlicher Leistungsabfall Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> ebenfalls deutlicher Leistungsabfall |
07.10.2014, 19:01 | #7 |
| ebenfalls deutlicher Leistungsabfall Also alles ausgeführt: mbam meldete keine Bedrohung gefunden, kein mbam.txt (habe seit letzer Hilfe von euch im Frühjahr die premium Version auf dem PC und in regelmäßiger Anwendung) adwCleaner: Code:
ATTFilter # AdwCleaner v3.311 - Bericht erstellt am 07/10/2014 um 19:08:24 # Aktualisiert 30/09/2014 von Xplode # Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits) # Benutzername : Waldmann - WALDMANN-PC # Gestartet von : C:\Users\Waldmann\Desktop\Downloads\AdwCleaner_3.311.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Datei Gelöscht : C:\Users\Waldmann\AppData\Roaming\Mozilla\Firefox\Profiles\bnw3j0un.default-1410462397457\user.js ***** [ Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9B6B03F1-16CF-4491-BBBB-E872802DD717} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9B6B03F1-16CF-4491-BBBB-E872802DD717} Schlüssel Gelöscht : HKCU\Software\OCS ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17280 -\\ Mozilla Firefox v32.0.3 (x86 de) [ Datei : C:\Users\Waldmann\AppData\Roaming\Mozilla\Firefox\Profiles\bnw3j0un.default-1410462397457\prefs.js ] [ Datei : C:\Users\Waldmann\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_498495\prefs.js ] -\\ Google Chrome v37.0.2062.124 [ Datei : C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1632 octets] - [06/02/2014 22:39:50] AdwCleaner[R1].txt - [2741 octets] - [12/03/2014 15:45:19] AdwCleaner[R2].txt - [1306 octets] - [10/04/2014 18:04:09] AdwCleaner[R3].txt - [1903 octets] - [07/05/2014 13:11:44] AdwCleaner[R4].txt - [1635 octets] - [19/06/2014 18:20:23] AdwCleaner[R5].txt - [2178 octets] - [30/07/2014 19:01:24] AdwCleaner[R6].txt - [2193 octets] - [07/10/2014 18:59:17] AdwCleaner[R7].txt - [2253 octets] - [07/10/2014 19:07:25] AdwCleaner[S0].txt - [1653 octets] - [06/02/2014 22:42:52] AdwCleaner[S1].txt - [2634 octets] - [12/03/2014 15:47:15] AdwCleaner[S2].txt - [1964 octets] - [07/05/2014 14:14:00] AdwCleaner[S3].txt - [1650 octets] - [19/06/2014 18:22:20] AdwCleaner[S4].txt - [2193 octets] - [30/07/2014 20:36:20] AdwCleaner[S5].txt - [2128 octets] - [07/10/2014 19:08:24] ########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [2188 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.1 (10.06.2014:1) OS: Windows 7 Ultimate x64 Ran by Waldmann on 07.10.2014 at 19:25:50,30 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] "C:\Windows\wininit.ini" ~~~ Folders Successfully deleted: [Folder] "C:\Program Files (x86)\software informer" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 07.10.2014 at 19:37:02,99 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01 Ran by Waldmann (administrator) on WALDMANN-PC on 07-10-2014 19:43:41 Running from C:\Users\Waldmann\Desktop\Downloads Loaded Profile: Waldmann (Available profiles: Waldmann & UpdatusUser) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Windows\System32\WTMKM.exe () C:\Program Files (x86)\RocketDock\RocketDock.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE (Improv Electronics) C:\Program Files (x86)\Improv Electronics\Virtual Desktop Companion\BoogieBoardRip.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (Petzl) C:\Program Files (x86)\Petzl\OSByPetzl\WinPetzlController.exe (Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dropbox, Inc.) C:\Users\Waldmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe (Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe () C:\Program Files (x86)\DocFetcher\docfetcher-daemon-windows.exe (Christian Löbering - PC-WELT) C:\Users\Waldmann\AppData\Roaming\PC-WEL~1\PCWPER~1.EXE (Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) C:\Windows\System32\PrintCtrl.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe () C:\Program Files\ProgDVB\ProgDvbService.exe () C:\Windows\SysWOW64\PSIService.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe () C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe (PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe () C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe () C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe () C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe () C:\Windows\System32\atwtusb.exe () C:\Windows\System32\atwtusb.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Microsoft Corporation) C:\Windows\System32\FXSSVC.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpshare.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe (IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [CmPCIaudio] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd HKLM\...\Run: [MacrokeyManager] => C:\Windows\system32\WTMKM.exe [10893312 2012-01-03] () HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [517912 2013-02-15] (Acronis) HKLM-x32\...\Run: [TrayServer] => C:\Program Files (x86)\MAGIX\Video_deluxe_MX\TrayServer_de.exe [90112 2008-08-07] (MAGIX AG) HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [222504 2010-12-23] (CyberLink Corp.) HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe [315478 2009-09-02] (IVT Corporation) HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-02] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [106344 2011-05-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6405376 2013-03-28] (Acronis) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105848 2013-01-10] (Acronis) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.) HKLM-x32\...\Run: [DocFetcher-Daemon] => C:\Program Files (x86)\DocFetcher\docfetcher-daemon-windows.exe [563621 2014-03-03] () HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl) HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.) HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.) HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIJCE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [Boogie Board Rip] => C:\Program Files (x86)\Improv Electronics\Virtual Desktop Companion\BoogieBoardRip.exe [1002496 2012-09-04] (Improv Electronics) HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom) HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [496192 2014-02-25] (BillP Studios) HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [Run-OSByPetzl] => C:\Program Files (x86)\Petzl\OSByPetzl\WinPetzlController.exe [1178624 2014-06-04] (Petzl) HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation) HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Policies\system: [DisableClock] 0 HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Policies\Explorer: [NoNetworkConnections] 0 HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Policies\Explorer: [NoCommonGroups] 0 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\In PDF-Datei mit ScanSnap Organizer konvertieren.lnk ShortcutTarget: In PDF-Datei mit ScanSnap Organizer konvertieren.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\Waldmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Waldmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Waldmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Waldmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pcwPerfectSearch.LNK ShortcutTarget: pcwPerfectSearch.LNK -> C:\Users\Waldmann\AppData\Roaming\PC-WELT-PerfectSearch\pcwPerfectSearch.exe (Christian Löbering - PC-WELT) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC1159ADF4534CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKCU - {D762D0F5-A284-4FB8-866B-4D3665FD1CCE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9SRC BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit) BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll (Nuance Communications, Inc.) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll (Nuance Communications, Inc.) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Waldmann\AppData\Roaming\Mozilla\Firefox\Profiles\bnw3j0un.default-1410462397457 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll (Nuance Communications, Inc.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com () FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com () FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll (Nuance Communications, Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Waldmann\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Waldmann\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-09-28] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-09-28] FF Extension: ELO Archiv-Transfer - C:\Program Files (x86)\Mozilla Firefox\extensions\EloFirefoxAddon.xpi [2014-09-28] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Modul zum Sperren von gefährlichen Webseiten - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-09-28] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtuelle Tastatur - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-09-28] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址過濾 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-09-28] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-09-28] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com FF Extension: Sicherer Zahlungsverkehr - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-09-28] Chrome: ======= CHR HomePage: Default -> CHR Profile: C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-28] CHR Extension: (Google Drive) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-28] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07] CHR Extension: (YouTube) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-28] CHR Extension: (Google-Suche) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-28] CHR Extension: (Kaspersky Protection) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-09-30] CHR Extension: (DNSHelper) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaffpnfojcdkcdimoobneboagdnnenbo [2014-02-06] CHR Extension: (Ghostery) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-01-26] CHR Extension: (Google Wallet) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-28] CHR Extension: (Google Mail) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-28] CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [] CHR HKLM-x32\...\Chrome\Extension: [gaffpnfojcdkcdimoobneboagdnnenbo] - C:\Users\Waldmann\AppData\Roaming\DNSHelper Chrome\DNSHelper.crx [2014-02-06] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AcfXAudioService; C:\Windows\SysWOW64\ACFXAU64.dll [436736 2009-04-29] (Conexant Systems, Inc.) R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO) R2 BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [1466476 2009-09-02] (IVT Corporation) [File not signed] R3 BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [192000 2009-09-02] (IVT Corporation) [File not signed] R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [137280 2014-07-23] (Nuance Communications, Inc.) R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed] R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 FoxitCloudUpdateService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation) R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [576512 2012-01-25] (Hauppauge Computer Works) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [61992 2014-02-18] (Haufe-Lexware GmbH & Co. KG) R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed] S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-07-09] (IObit) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-04-28] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-04-28] (Hewlett-Packard) [File not signed] R2 Printer Control; C:\Windows\system32\PrintCtrl.exe [79360 2011-11-11] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [File not signed] R2 ProgDVBService; C:\Program Files\ProgDVB\ProgDVBService.exe [60864 2012-01-13] () R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] () R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software) R2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [545608 2012-09-24] () R2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [553800 2012-09-24] (PacketVideo) R2 TwonkyWebDav; C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe [275272 2012-09-24] () R2 UsbService; C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [334848 2010-08-10] () [File not signed] R2 WTService; C:\Windows\system32\atwtusb.exe [582144 2012-01-03] () [File not signed] S2 HPSLPSVC; C:\Users\Waldmann\AppData\Local\Temp\7zS1CC4\hpslpsvc64.dll [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation) R3 acfva; C:\Windows\System32\DRIVERS\ACFVA64.sys [123008 2009-09-02] (Conexant Systems Inc.) S1 ASPI32; C:\Windows\SysWow64\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec) [File not signed] S3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [36360 2009-06-17] (IVT Corporation.) S3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [36360 2009-06-17] (IVT Corporation.) S3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [36872 2009-06-17] (IVT Corporation.) R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [20488 2009-06-17] (IVT Corporation.) R3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47880 2009-08-28] (IVT Corporation.) R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24840 2009-08-26] (IVT Corporation.) R3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [34440 2009-08-26] () R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2010-04-27] (C-Media Inc) R3 dgcfltr; C:\Windows\System32\DRIVERS\ACFDCP64.sys [34944 2009-04-29] (Conexant Systems, Inc.) R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [23464 2008-12-09] (EldoS Corporation) S3 hcwAVD2; C:\Windows\System32\drivers\HCWUSB264.sys [197632 2007-07-24] (Conexant Systems, Inc.) R3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [30344 2009-08-26] (IVT Corporation.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [140352 2014-09-28] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [792128 2014-09-28] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\7D514FBF.sys [122584 2014-10-07] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R2 mdmxsdk; C:\Windows\System32\DRIVERS\ACFSDK64.sys [17024 2007-03-15] (Conexant) R3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-14] (Microsoft Corporation) R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows (R) Codename Longhorn DDK provider) S3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI) S3 PcaSp50; C:\Windows\System32\Drivers\PcaSp50.sys [45624 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA)) S3 PcaSp50; C:\Windows\SysWOW64\Drivers\PcaSp50.sys [52800 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA)) S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA)) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [102912 2012-03-15] (Renesas Electronics Corporation) R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [220672 2012-03-15] (Renesas Electronics Corporation) R3 S332x64; C:\Windows\System32\DRIVERS\S332x64.sys [78080 2012-02-27] (Identive ) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 STCFUx64; C:\Windows\System32\DRIVERS\STCFUx64.SYS [10368 2008-11-13] (SCM Microsystems Inc.) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-08-04] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2013-08-04] (Acronis) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software) R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [17032 2009-08-26] (IVT Corporation.) R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [43912 2009-08-28] (IVT Corporation.) R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows (R) Win 7 DDK provider) R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-08-04] (Acronis International GmbH) R3 vuhub; C:\Windows\System32\DRIVERS\vuhub.sys [47616 2007-12-17] () R2 XAudio; C:\Windows\System32\DRIVERS\ACFXAU64.sys [10240 2009-04-29] (Conexant Systems, Inc.) S0 BTHidEnum; System32\Drivers\vbtenum.sys [X] S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 MSI_MSIBIOS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-07 19:37 - 2014-10-07 19:38 - 00000758 _____ () C:\Users\Waldmann\Desktop\JRT.txt 2014-10-07 19:14 - 2014-10-07 19:14 - 00000310 _____ () C:\Windows\PFRO.log 2014-10-07 19:08 - 2014-10-07 19:08 - 00002268 _____ () C:\Users\Waldmann\Desktop\AdwCleaner[S5].txt 2014-10-07 17:23 - 2014-10-07 19:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\7D514FBF.sys 2014-10-07 17:18 - 2014-10-07 17:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\092446CF.sys 2014-10-06 13:36 - 2014-10-06 13:36 - 00048108 _____ () C:\ComboFix.txt 2014-10-06 12:54 - 2014-10-06 13:36 - 00000000 ____D () C:\ComboFix 2014-10-06 12:54 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-10-06 12:54 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-10-06 12:54 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-10-06 12:54 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-10-06 12:54 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-10-06 12:54 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-10-06 12:54 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-10-06 12:54 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-10-06 12:53 - 2014-10-06 13:36 - 00000000 ____D () C:\Qoobox 2014-10-06 12:53 - 2014-10-06 13:33 - 00000000 ____D () C:\Windows\erdnt 2014-10-06 12:47 - 2014-10-06 12:47 - 05582481 ____R (Swearware) C:\Users\Waldmann\Desktop\ComboFix.exe 2014-10-05 11:50 - 2014-10-05 11:51 - 00073537 _____ () C:\Users\Waldmann\Desktop\Addition.txt 2014-10-05 11:48 - 2014-10-05 11:51 - 00063411 _____ () C:\Users\Waldmann\Desktop\FRST.txt 2014-10-05 11:47 - 2014-10-07 19:43 - 00000000 ____D () C:\FRST 2014-10-05 11:44 - 2014-10-05 11:44 - 00000000 _____ () C:\Users\Waldmann\defogger_reenable 2014-10-03 18:37 - 2014-10-03 18:37 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\26057 2014-10-01 08:06 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-10-01 08:06 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-09-28 17:24 - 2014-09-29 08:48 - 00002349 _____ () C:\Users\Waldmann\Desktop\Sicherer Zahlungsverkehr.lnk 2014-09-28 13:50 - 2014-09-29 08:35 - 00001215 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk 2014-09-28 13:49 - 2014-09-28 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2014-09-28 13:40 - 2014-09-28 18:07 - 00792128 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-09-28 13:40 - 2014-09-28 18:07 - 00140352 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-09-28 13:37 - 2014-09-28 13:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-25 13:52 - 2014-09-25 13:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\354F2ED7.sys 2014-09-24 15:11 - 2014-09-24 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo 2014-09-24 15:11 - 2014-09-24 15:11 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo 2014-09-24 14:44 - 2014-09-24 14:44 - 00000000 ____D () C:\Program Files (x86)\MemoMaster5 2014-09-24 13:14 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-24 13:14 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-09-23 20:10 - 2014-09-23 20:10 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\hdbADS 2014-09-23 18:21 - 2014-09-23 18:21 - 00003194 _____ () C:\Windows\System32\Tasks\{DDFD18B3-A314-4F67-A409-1CBFA38834A3} 2014-09-23 13:02 - 2014-09-23 18:30 - 00000000 ____D () C:\Users\Waldmann\Documents\NetObjects Fusion 2013 2014-09-23 13:01 - 2014-09-23 13:01 - 00001403 _____ () C:\Users\Public\Desktop\NetObjects Fusion 2013.lnk 2014-09-23 12:45 - 2014-09-23 13:01 - 00000000 ____D () C:\Users\Public\Documents\NetObjects Fusion 2013 2014-09-17 13:42 - 2014-09-17 13:42 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\30922D86.sys 2014-09-16 23:00 - 2014-09-16 23:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\5725369C.sys 2014-09-15 18:52 - 2014-09-15 18:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\777239C1.sys 2014-09-15 18:04 - 2014-09-15 18:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\1B1076D8.sys 2014-09-15 16:59 - 2014-09-15 16:59 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\4D5A7B3D.sys 2014-09-15 15:53 - 2014-09-15 15:53 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\7F0C2A79.sys 2014-09-15 14:35 - 2014-09-21 15:27 - 00000000 ____D () C:\Users\Waldmann\Desktop\Weidendamm 2014-09-14 12:27 - 2014-09-14 12:27 - 00262144 _____ () C:\Windows\system32\config\elam 2014-09-13 20:03 - 2014-09-13 20:03 - 00003402 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-09-13 18:16 - 2014-09-28 13:49 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab 2014-09-13 10:26 - 2014-09-13 10:31 - 06386309 _____ () C:\Windows\SysWOW64\kavremvr 2014-09-13 10-26-49 (pid 8972).log 2014-09-12 21:21 - 2014-09-12 21:21 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\KC Softwares 2014-09-12 21:21 - 2014-09-12 21:21 - 00000000 ____D () C:\Program Files (x86)\KC Softwares 2014-09-12 21:15 - 2014-09-16 18:07 - 00000000 ____D () C:\ProgramData\Informer Technologies, Inc 2014-09-12 20:22 - 2014-09-12 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-09-12 20:21 - 2014-09-12 20:22 - 00000000 ____D () C:\Program Files\iTunes 2014-09-12 20:21 - 2014-09-12 20:22 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-09-12 20:21 - 2014-09-12 20:21 - 00000000 ____D () C:\Program Files\iPod 2014-09-12 20:18 - 2014-09-12 20:19 - 00001721 _____ () C:\Users\Waldmann\Documents\Neue Datenbank1.odb 2014-09-12 20:16 - 2014-09-12 20:17 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1 2014-09-12 20:01 - 2014-09-12 20:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-09-11 03:56 - 2014-09-16 22:59 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys 2014-09-11 03:23 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-11 03:23 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-11 03:23 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-11 03:23 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-11 03:23 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-11 03:23 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-11 03:23 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-11 03:23 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-11 03:23 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-11 03:23 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-11 03:23 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-11 03:23 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-11 03:23 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-11 03:23 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-11 03:23 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-11 03:23 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-11 03:23 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-11 03:23 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-11 03:23 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-11 03:23 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-11 03:23 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-11 03:23 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-11 03:23 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-11 03:23 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-11 03:23 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-11 03:23 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-11 03:23 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-09-11 03:23 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-11 03:23 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-11 03:23 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-11 03:23 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-11 03:23 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-11 03:23 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-11 03:23 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-11 03:23 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-11 03:23 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-09-11 03:23 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-11 03:23 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-11 03:23 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-11 03:23 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-11 03:23 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-11 03:23 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-11 03:23 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-11 03:23 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-11 03:23 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-11 03:23 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-11 03:23 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-11 03:23 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-11 03:23 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-11 03:23 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-11 03:23 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-09-11 03:23 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-11 03:23 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-11 03:23 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-11 03:23 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-11 03:23 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-09-11 03:05 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-11 03:05 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-10 13:18 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-10 13:18 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-10 13:18 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-10 13:18 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-10 13:18 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-10 13:18 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-10 13:18 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-10 13:18 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-10 13:18 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-09 14:15 - 2014-09-09 14:15 - 02273432 _____ (DataDesign AG) C:\Windows\SysWOW64\DDBACCPL.CPL 2014-09-09 14:15 - 2014-09-09 14:15 - 01659544 _____ (DataDesign AG) C:\Windows\SysWOW64\ddBACCTM.cpl ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-07 19:48 - 2012-06-10 21:27 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1982316411-69064254-2039899064-1000UA.job 2014-10-07 19:47 - 2013-02-16 18:36 - 00000000 ____D () C:\ProgramData\twonkyserver 2014-10-07 19:42 - 2012-04-01 20:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-07 19:41 - 2014-07-09 17:48 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-10-07 19:39 - 2011-11-16 20:57 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2C033427-CB53-4FBD-9F43-42FCC0E9E66B} 2014-10-07 19:35 - 2013-12-28 12:42 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-07 19:34 - 2013-12-28 12:42 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-07 19:33 - 2009-07-14 06:45 - 00027152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-07 19:33 - 2009-07-14 06:45 - 00027152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-07 19:27 - 2014-01-19 12:29 - 00000000 ____D () C:\Users\Waldmann\AppData\Local\CrashDumps 2014-10-07 19:23 - 2012-10-12 17:14 - 00005063 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI 2014-10-07 19:23 - 2012-10-12 17:14 - 00000092 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI 2014-10-07 19:23 - 2009-09-07 15:42 - 00001001 _____ () C:\Windows\SysWOW64\bscs.ini 2014-10-07 19:22 - 2014-02-06 22:39 - 00000000 ____D () C:\AdwCleaner 2014-10-07 19:20 - 2014-08-02 12:03 - 00000000 ___RD () C:\Users\Waldmann\Dropbox 2014-10-07 19:20 - 2014-08-02 11:58 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\Dropbox 2014-10-07 19:19 - 2013-12-25 14:00 - 00000000 ____D () C:\ProgramData\ProductData 2014-10-07 19:19 - 2012-12-10 14:30 - 00000000 ___RD () C:\Users\Waldmann\Desktop\FAX 2014-10-07 19:19 - 2009-07-14 04:34 - 00000593 _____ () C:\Windows\win.ini 2014-10-07 19:18 - 2011-11-06 14:11 - 00000000 ____D () C:\Users\Waldmann\Documents\Outlook-Dateien 2014-10-07 19:16 - 2014-07-13 14:40 - 00005645 _____ () C:\Windows\setupact.log 2014-10-07 19:16 - 2013-08-22 17:23 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-10-07 19:16 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-07 19:09 - 2011-10-09 15:52 - 01587904 _____ () C:\Windows\WindowsUpdate.log 2014-10-06 22:59 - 2012-06-10 21:27 - 00001080 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1982316411-69064254-2039899064-1000Core.job 2014-10-06 18:47 - 2013-02-03 15:45 - 00000000 ____D () C:\Users\Waldmann\Desktop\ELO scan 2014-10-06 14:21 - 2011-10-10 20:19 - 00000000 ____D () C:\ProgramData\Lexware 2014-10-06 13:45 - 2014-07-05 11:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-06 13:36 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-10-06 13:25 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-10-06 13:16 - 2009-07-14 04:34 - 28835840 _____ () C:\Windows\system32\config\system.bak 2014-10-06 13:16 - 2009-07-14 04:34 - 110362624 _____ () C:\Windows\system32\config\software.bak 2014-10-06 13:16 - 2009-07-14 04:34 - 01048576 _____ () C:\Windows\system32\config\default.bak 2014-10-06 13:16 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\security.bak 2014-10-06 13:16 - 2009-07-14 04:34 - 00065536 _____ () C:\Windows\system32\config\sam.bak 2014-10-06 13:12 - 2011-10-09 15:59 - 00000000 ____D () C:\Users\Waldmann 2014-10-06 13:07 - 2011-10-19 17:02 - 00000000 ____D () C:\ProgramData\TEMP 2014-10-06 12:50 - 2013-02-04 19:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-10-05 11:39 - 2014-07-30 17:13 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\KeePass 2014-10-03 18:46 - 2014-07-11 16:21 - 00000000 ____D () C:\Program Files (x86)\DVDFab 9 2014-10-03 18:41 - 2014-08-18 10:47 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\Skype 2014-10-03 18:40 - 2014-07-11 16:21 - 00001014 _____ () C:\Users\Public\Desktop\DVDFab 9.lnk 2014-10-03 18:40 - 2014-07-11 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 9 2014-10-03 15:15 - 2012-02-06 20:10 - 05051904 ___SH () C:\Users\Waldmann\Desktop\Thumbs.db 2014-10-03 14:57 - 2012-11-24 23:23 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\vlc 2014-10-02 18:25 - 2011-04-12 09:43 - 00702942 _____ () C:\Windows\system32\perfh007.dat 2014-10-02 18:25 - 2011-04-12 09:43 - 00150582 _____ () C:\Windows\system32\perfc007.dat 2014-10-02 18:25 - 2009-07-14 07:13 - 01629348 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-29 08:42 - 2012-05-13 16:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-28 17:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\L2Schemas 2014-09-27 12:02 - 2012-09-16 16:05 - 00000000 ____D () C:\Users\Waldmann\Desktop\Büro 2014-09-27 12:01 - 2011-10-21 18:17 - 00000000 ____D () C:\Users\Waldmann\Documents\MemoMaster 2014-09-27 11:49 - 2012-08-15 11:33 - 00000000 ____D () C:\Users\Waldmann\Desktop\PSVB 2014-09-27 11:45 - 2011-11-01 12:03 - 00000000 ____D () C:\Users\Waldmann\Desktop\Security 2014-09-27 11:25 - 2012-10-09 12:53 - 00003830 _____ () C:\Windows\System32\Tasks\InstallShield Software-Online-Aktualisierungsprogramm 2014-09-27 11:23 - 2011-10-21 18:16 - 00000000 ____D () C:\Users\Waldmann\AppData\Local\Downloaded Installations 2014-09-25 14:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-09-24 14:44 - 2011-10-21 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MemoMaster 2014-09-24 14:19 - 2011-10-21 18:16 - 00000000 ____D () C:\Program Files (x86)\MemoMaster4 2014-09-24 14:09 - 2011-12-23 15:38 - 00000000 ___RD () C:\Users\Waldmann\Desktop\E-Praxis 2014-09-24 13:02 - 2012-04-01 20:32 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-24 13:02 - 2012-04-01 20:32 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-24 13:02 - 2011-10-25 18:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-23 13:40 - 2014-08-02 12:00 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-09-23 13:10 - 2011-10-09 16:44 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-09-23 13:01 - 2011-10-16 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetObjects 2014-09-23 12:52 - 2011-10-16 12:58 - 00000000 ____D () C:\Program Files (x86)\NetObjects 2014-09-19 12:53 - 2014-06-27 16:29 - 00002759 _____ () C:\Users\Public\Desktop\Quicken 2015.lnk 2014-09-18 12:29 - 2014-08-19 18:48 - 00000000 ____D () C:\Users\Waldmann\AppData\Local\Adobe 2014-09-16 18:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help 2014-09-15 09:06 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-09-14 12:58 - 2014-07-05 11:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-14 12:58 - 2014-07-05 11:19 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-14 12:43 - 2012-06-24 17:18 - 00000000 ___RD () C:\Users\Waldmann\Desktop\Foto-Video-Bearbeitung 2014-09-13 18:16 - 2014-07-09 17:49 - 00000000 ____D () C:\Windows\ELAMBKUP 2014-09-13 01:11 - 2009-07-14 06:45 - 00765304 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-12 21:30 - 2012-01-03 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour-Druckdienste 2014-09-12 21:30 - 2012-01-03 14:51 - 00000000 ____D () C:\Program Files\Bonjour Print Services 2014-09-12 21:27 - 2014-01-26 14:35 - 00000000 ____D () C:\Program Files (x86)\Artweaver Free 4 2014-09-12 21:27 - 2012-02-05 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Artweaver Free 2014-09-12 21:17 - 2012-04-06 12:17 - 00001918 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk 2014-09-12 21:17 - 2012-04-06 12:17 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP 2014-09-12 21:16 - 2013-02-16 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-09-12 21:16 - 2013-02-16 16:50 - 00000000 ____D () C:\Program Files\CCleaner 2014-09-12 20:59 - 2011-10-12 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2014-09-12 20:49 - 2011-10-09 16:29 - 00229480 _____ () C:\Users\Waldmann\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-12 20:30 - 2014-01-26 14:14 - 00001088 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk 2014-09-12 20:22 - 2013-08-19 10:00 - 00001802 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-09-12 20:22 - 2012-09-15 12:33 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-09-12 20:17 - 2014-02-02 14:14 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2014-09-12 19:59 - 2013-01-12 15:31 - 00000000 ____D () C:\Program Files\MySQL 2014-09-12 19:59 - 2012-02-05 22:01 - 00000449 _____ () C:\Windows\ODBCINST.INI 2014-09-12 19:58 - 2013-01-12 15:26 - 00000000 ____D () C:\Program Files (x86)\Realify PaperOffice 2014-09-11 03:22 - 2011-11-01 13:26 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-11 03:20 - 2011-11-21 17:51 - 01602692 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-11 03:18 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-11 03:06 - 2011-10-10 13:04 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-09 17:22 - 2011-10-21 17:22 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\apm 2014-09-08 20:07 - 2014-01-28 19:58 - 00000000 ____D () C:\Users\Waldmann\Desktop\Fotoordner 2014-09-08 20:06 - 2011-11-01 11:48 - 00000000 ____D () C:\Users\Waldmann\Desktop\outdoor 2014-09-07 14:18 - 2014-05-13 12:40 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\DocFetcher Files to move or delete: ==================== C:\Users\Waldmann\ATIH2013PP_de-DE.exe C:\Users\Waldmann\JavaSetup7u25.exe C:\Users\Waldmann\Lightroom_5_LS11_win_5_2.exe C:\Users\Waldmann\Setup (1).exe C:\Users\Waldmann\TuneUpUtilities2014 (1).exe C:\Users\Waldmann\TuneUpUtilities2014 (2).exe C:\Users\Waldmann\TuneUpUtilities2014.exe C:\Users\Waldmann\weprintwin.exe Some content of TEMP: ==================== C:\Users\Waldmann\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxz250m.dll C:\Users\Waldmann\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-06 14:55 ==================== End Of Log ============================ |
07.10.2014, 19:03 | #8 |
| ebenfalls deutlicher Leistungsabfall Der Text enthielt zuviele Zeichen, deshalb hier noch die Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01 Ran by Waldmann at 2014-10-07 19:48:52 Running from C:\Users\Waldmann\Desktop\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 123 Photo Version 2.0 (HKLM-x32\...\{68F08E04-F190-49B4-B159-3FA7E72A4EC8}_is1) (Version: 2.0 - Harald Wittke) 64 Bit HP CIO Components Installer (Version: 17.2.1 - Hewlett-Packard) Hidden 7-Zip 9.21 (HKLM-x32\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov) aborange Searcher - Deinstallation (HKLM-x32\...\aborange Searcher_is1) (Version: 3.01 - Mathias Gerlach [aborange.de]) abylon KEYSAFE 9.30.5 (HKLM-x32\...\abylonprotectionmanagersafe_is1) (Version: 9.30.5 - abylonsoft) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated) Adobe Download Assistant (x32 Version: 1.2.5 - Adobe Systems Incorporated) Hidden Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden Anleitung für Epson Connect (HKLM-x32\...\Epson Connect Guide) (Version: - ) Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Artweaver Free 3.0 (HKLM-x32\...\{96A9A1C8-FBAD-4703-ABF1-E93AA8FE85A0}_is1) (Version: 3.0 - Boris Eyrich Software) Artweaver Free 4 (HKLM-x32\...\{6567E404-A019-4D0C-BD18-10564126A579}_is1) (Version: 4.0 - Boris Eyrich Software) Ashampoo Burning Studio 6 FREE v.6.83 (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.8.3 - Ashampoo GmbH & Co. KG) ASUS RT-AC66U Wireless Router Utilities (HKLM-x32\...\{266E41AB-D928-4AF2-A8E4-B24E31F5758C}) (Version: 4.2.6.0 - ASUS) ATI AVIVO64 Codecs (Version: 11.6.0.50930 - ATI Technologies Inc.) Hidden ATI Catalyst Install Manager (HKLM\...\{4E594F8A-B042-B61D-DADC-08822B630781}) (Version: 3.0.795.0 - ATI Technologies, Inc.) ATI Problem Report Wizard (Version: 3.0.795.0 - ATI Technologies) Hidden Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber) Audiograbber MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG) Avery Wizard 4.0 (HKLM-x32\...\{F5D84887-8A6F-4993-8560-B3AA44CB620D}) (Version: 4.0.201 - Avery) Bluesoleil 5.4.277.0 (HKLM\...\{FBBAB883-0BEE-4744-8062-281B213ADC1E}) (Version: 5.4.277.0 - IVT Corporation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bonjour-Druckdienste (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.) Buchliebhaber 8.3.0 (HKLM-x32\...\Buchliebhaber_is1) (Version: - Matthies & Klock GmbH) CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden CardMinder V3.2 (HKLM-x32\...\{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}) (Version: V3.2L10 - PFU) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0930.2237.38732 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0930.2237.38732 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2010.0930.2237.38732 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2010.0930.2237.38732 - ATI) Hidden CCC Help Chinese Standard (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Czech (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Danish (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Dutch (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help English (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Finnish (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help French (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help German (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Greek (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Hungarian (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Italian (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Japanese (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Korean (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Norwegian (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Polish (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Portuguese (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Russian (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Spanish (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Swedish (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Thai (x32 Version: 2010.0930.2236.38732 - ATI) Hidden CCC Help Turkish (x32 Version: 2010.0930.2236.38732 - ATI) Hidden ccc-core-static (x32 Version: 2010.0930.2237.38732 - Ihr Firmenname) Hidden ccc-utility64 (Version: 2010.0930.2237.38732 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2631 - CDBurnerXP) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5000 - CDBurnerXP) C-Media PCI Audio Device (HKLM\...\C-Media PCI Audio Driver) (Version: - ) Corel MediaOne (HKLM-x32\...\{3C569633-C8DE-46E2-BB8F-F65198681C2F}) (Version: 2.100.0000 - Corel Corporation) CrystalDiskInfo 6.2.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.2.1 - Crystal Dew World) Cut Out pro 4.0 (HKLM\...\Cut Out pro 4_is1) (Version: - Franzis.de) CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.4703 - CyberLink Corp.) CyberLink Blu-ray Disc Suite (x32 Version: 6.0.4703 - CyberLink Corp.) Hidden CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3620 - CyberLink Corp.) CyberLink LabelPrint (x32 Version: 2.5.3620 - CyberLink Corp.) Hidden CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4715 - CyberLink Corp.) CyberLink Power2Go (x32 Version: 6.1.4715 - CyberLink Corp.) Hidden CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2820 - CyberLink Corp.) CyberLink PowerProducer (x32 Version: 5.0.2.2820 - CyberLink Corp.) Hidden Das Alte Ägypten (HKLM-x32\...\InstallShield_{B9A9DCF2-6F0C-45F5-9E62-8BEDF9A8915F}) (Version: 1.00.0000 - NATIONAL GEOGRAPHIC) Das Alte Ägypten (x32 Version: 1.00.0000 - NATIONAL GEOGRAPHIC) Hidden DDBAC (HKLM-x32\...\{88A0F52F-A024-4268-977E-E75B1F9C67ED}) (Version: 5.3.28 - DataDesign) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version: - Microsoft) DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) DocFetcher (HKLM-x32\...\DocFetcher) (Version: 1.1.11 - ) Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.) Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.) DVDFab 8.1.3.6 (01/12/2011) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version: - Fengtao Software Inc.) DVDFab 9.1.6.8 (13/09/2014) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.) EC Software TNT Screen Capture 2.1 (HKLM-x32\...\TNT Screen Capture_is1) (Version: - EC Software) ELO Pdf Drucker (HKLM-x32\...\{C7ACA1FD-E1A7-42D1-93C2-6EBD868584E9}) (Version: 6.0 - ELO Digital Office GmbH) ELOoffice (HKLM-x32\...\{C08EF2EB-27C6-4E99-B5C3-15AE8210B614}) (Version: 9.0 - ELO Digital Office GmbH) EMDB 1.89 (HKLM-x32\...\EMDB_is1) (Version: - Wicked & Wild Inc.) Epson Benutzerhandbuch XP-600 Series (HKLM-x32\...\XP-600 Series Useg) (Version: - ) EPSON Copy Utility 3 (HKLM-x32\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.3.0.0 - ) Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation) Epson Netzwerkhandbuch XP-600 Series (HKLM-x32\...\XP-600 Series Netg) (Version: - ) Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.20.00 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON XP-600 Series Printer Uninstall (HKLM\...\EPSON XP-600 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden EVEREST Ultimate Edition v4.60 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 4.60 - Lavalys, Inc.) Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG) FirstClass® Client (HKLM-x32\...\{2869279D-7AE2-4A13-96B8-46078BA3F75B}) (Version: 11.0 (build 11.017) - Open Text Corporation.) FirstClass® Client (HKLM-x32\...\{5B35C417-2649-11D6-83D1-0050FC01225C}) (Version: 9.0 (build 9.022) - FirstClass Division, Open Text Corporation.) Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.2.802 - Foxit Corporation) Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.3.1.514 - DVDVideoSoft Ltd.) Geogrid®-Viewer (x32 Version: 6.6.0.0000 - EADS Deutschland GmbH) Hidden Google Chrome (HKCU\...\Google Chrome) (Version: 28.0.1500.72 - Google Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.) Google Earth (HKLM-x32\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Hamster Free Video Converter (HKLM\...\{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1) (Version: 2.5.8.11 - Hamster Soft) Hamster Free Video Converter (HKLM-x32\...\{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1) (Version: 2.5.2.33 - Hamster Soft) Hard Disk Low Level Format Tool 4.25 (HKLM-x32\...\Hard Disk Low Level Format Tool_is1) (Version: - HDDGURU) Hauppauge WinTV 7 (HKLM-x32\...\Hauppauge WinTV 7) (Version: v7.0.30034 (CD 2.5) - Hauppauge Computer Works) HDD-Booster v1.2 (HKLM-x32\...\HDD-Booster_is1) (Version: - ASCOMP Software GmbH) HydraVision (x32 Version: 4.2.180.0 - ATI Technologies Inc.) Hidden ImageDupeless (HKLM-x32\...\ImageDupeless) (Version: - ) iMove ActiveX Control (HKLM-x32\...\iMove ActiveX Control) (Version: - ) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.3.8.2663 - IObit) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan) iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle) Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden KC Softwares SUMo (HKLM-x32\...\KC Softwares SUMo_is1) (Version: 3.11.1.244 - KC Softwares) KeePass Password Safe 2.27 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.27 - Dominik Reichl) Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 2.0.0713 - Kyocera Mita Corporation) Lexware Info Service (x32 Version: 4.02.00.0081 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Installations Dienst (x32 Version: 3.02.00.0016 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware online banking (x32 Version: 21.01.00.0043 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Quicken 2015 (HKLM-x32\...\{f288bb70-6f00-49e5-afb1-032fd70c067e}) (Version: 22.31.0.118 - Haufe-Lexware GmbH & Co.KG) Light Image Resizer 4.6.1.0 (HKLM-x32\...\{EBE030DD-D404-4D92-85E9-8C3624820808}_is1) (Version: 4.6.1.0 - ObviousIdea) LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe) Live Update 5 (HKLM-x32\...\{36F6E986-D2D1-403C-8BD3-D95EF7BC705D}}_is1) (Version: 5.0.109 - MSI) Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.) LookInMyPC (HKLM-x32\...\LookInMyPC) (Version: - ) LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden Macro Key Manager (HKLM\...\RmTablet) (Version: 4.14 - ) MAGIX Foto & Grafik Designer 7 (HKLM-x32\...\MAGIX_MSI_Foto_Grafik_Designer_7) (Version: 7.1.2.17981 - MAGIX AG) MAGIX Foto & Grafik Designer 7 (x32 Version: 7.1.2.17981 - MAGIX AG) Hidden MAGIX Foto Manager MX Deluxe (HKLM-x32\...\MAGIX_{A01EDF83-011F-46FC-889B-16FFD2BEE968}) (Version: 9.0.1.250 - MAGIX AG) MAGIX Foto Manager MX Deluxe (Version: 9.0.1.246 - MAGIX AG) Hidden MAGIX Foto Manager MX Deluxe Update (Version: 9.0.2.256 - MAGIX AG) Hidden MAGIX Goya burnR (MSI) (HKLM-x32\...\{CFEA8991-9D3B-4652-BDCC-ADDD76AA8965}) (Version: 4.3.2.0 - MAGIX AG) MAGIX Music Maker MX (HKLM-x32\...\MAGIX_MSI_mm18) (Version: 18.0.1.11 - MAGIX AG) MAGIX Music Maker MX (x32 Version: 18.0.1.11 - MAGIX AG) Hidden MAGIX Screenshare (HKLM-x32\...\MAGIX_{BA4782C0-4124-4FA1-B15C-15333744444E}) (Version: 4.3.6.1987 - MAGIX AG) MAGIX Screenshare (Version: 4.3.6.1987 - MAGIX AG) Hidden MAGIX Slideshow Maker 2 (HKLM-x32\...\MAGIX_{7AD52089-1158-42B0-BD44-475578594E43}) (Version: 2.0.1.9 - MAGIX AG) MAGIX Slideshow Maker 2 (Version: 2.0.1.9 - MAGIX AG) Hidden MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{A93134FC-5812-4B37-BC58-7E9FF2FDF72F}) (Version: 7.0.2.6 - MAGIX AG) MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden MAGIX USB-Videowandler 2 (HKLM-x32\...\{38874054-65D0-45D0-9486-FBEFD42A2251}) (Version: 1.03.0000 - Ihr Firmenname) MAGIX Video deluxe MX (HKLM-x32\...\MAGIX_MSI_Videodeluxe18) (Version: 11.0.3.0 - MAGIX AG) MAGIX Video deluxe MX (x32 Version: 11.0.3.0 - MAGIX AG) Hidden MAGIX Video easy Retten Sie Ihre Videokassetten 6 (HKLM-x32\...\MAGIX_{4F394EC0-28F2-44D1-BAB9-42C65CA2371E}) (Version: 4.0.0.82 - MAGIX AG) MAGIX Video easy Retten Sie Ihre Videokassetten 6 (Version: 4.0.0.82 - MAGIX AG) Hidden MAGIX Web Designer 7 (HKLM-x32\...\MAGIX_MSI_Web_Designer_7) (Version: 7.1.2.17916 - MAGIX AG) MAGIX Web Designer 7 (x32 Version: 7.1.2.17916 - MAGIX AG) Hidden Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) MemoMaster 4 (HKLM-x32\...\{5CF1F472-846B-44E8-9750-A2112DA32CB6}) (Version: 4 - JBSoftware) MemoMaster 5 (HKLM-x32\...\{5FE975B7-E584-41CE-BA5E-77817F5310F1}) (Version: 5.5.0.17 - JBSoftware) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50701 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50706 - Microsoft Corporation) Hidden Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.50701 - Microsoft Corporation) Hidden Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50701 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation) Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla) Mozilla Thunderbird 24.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.2.0 (x86 de)) (Version: 24.2.0 - Mozilla) Mozilla Thunderbird 31.1.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.1.1 (x86 de)) (Version: 31.1.1 - Mozilla) MP4 To MP3 Converter V3.0 (HKLM-x32\...\MP4 To MP3 Converter_is1) (Version: - hxxp://www.MP4ToMP3Converter.net) MSI Afterburner 2.3.0 (HKLM-x32\...\Afterburner) (Version: 2.3.0 - MSI Co., LTD) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) MyDriveConnect 3.3.0.1342 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1342 - TomTom) MyMicroBalance (HKLM-x32\...\{CAF30EE3-A2E2-47BE-A37B-96524BCB3EF5}) (Version: 2.5.5 - startzentrum GmbH & Co KG) NETGEAR Powerline Utility (HKLM-x32\...\InstallShield_{2753B568-6F85-4E31-A114-A7F8D8606DDD}) (Version: 2.0.0.8 - Ihr Firmenname) NETGEAR Powerline Utility (x32 Version: 2.0.0.8 - Ihr Firmenname) Hidden NetObjects Fusion 11.0 (HKLM-x32\...\{AD5EDC6E-342F-45BC-A131-F1BDFF8FAC96}) (Version: 11 German - ) NetObjects Fusion 12.0 (HKLM-x32\...\{D3418F72-9E80-4DFE-A360-E1ADA1439062}) (Version: 12 German - NetObjects) NetObjects Fusion 12.0 (x32 Version: 12.00.5000.5041 - NetObjects) Hidden NetObjects Fusion 2013 (HKLM-x32\...\{5A70C95E-15FD-4CF8-8727-D2D4ACE1476A}) (Version: 13.0 - NetObjects) NetObjects Fusion 2013 (x32 Version: 13.00.0000.5529 - NetObjects) Hidden NVIDIA 3D Vision Controller-Treiber 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.97 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation) NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.12.0604 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation) OSByPetzl (HKLM-x32\...\OSByPetzl) (Version: 3.0.180 - Petzl distribution) OSByPetzl (x32 Version: 3.0.180 - Petzl distribution) Hidden PaperOffice 2011 DIMS (HKLM-x32\...\PaperOffice) (Version: 2011 DIMS - Realify) PaperOffice 2011 DIMS Version 4 (HKLM-x32\...\{9FCAD2AF-D93B-4AB0-8E34-A1BE867DD85E}_is1) (Version: 4 - Realify) PaperOffice Core (x32 Version: 1.0.0 - Realify Systems, Inc.) Hidden PaperOffice Excel2010 Add-On (x32 Version: 1.0.0 - Realify Systems, Inc.) Hidden PaperOffice Outlook2010 Add-On (x32 Version: 1.0.0 - Realify Systems, Inc.) Hidden PaperOffice ScanConnect (x32 Version: 1.0.0 - Realify Systems, Inc.) Hidden PaperOffice ScreenCapture (x32 Version: 1.0.0 - Realify Systems, Inc.) Hidden PaperOffice VirtualPrinter (x32 Version: 1.0.0 - Realify Systems, Inc.) Hidden PaperOffice Word2010 Add-On (x32 Version: 1.0.0 - Realify Systems, Inc.) Hidden PaperOffice.OutlookSearch.Setupx64 (Version: 1.0.0 - Default Company Name) Hidden Pazera Free MP4 to AVI Converter 1.6 (HKLM-x32\...\{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1) (Version: 1.6 - Pazera Jacek) PC-WELT-PerfectSearch 1.1 (HKLM-x32\...\{0FC5CA8B-F308-49D0-B584-815C7AED0A60}_is1) (Version: - IDG Magazine Media GmbH) PDF24 Creator 5.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) Polaroid Dust and Scratch Removal v1.0.0.15.2e (HKLM-x32\...\{7B03B4E6-E3F9-11D5-B9D9-00D0B75C082C}) (Version: Polaroid Polaroid Dust and Scratch Removal v1.0.0.15.2e - Polaroid Corporation) PowerDirector (x32 Version: 7.00.0000 - CyberLink Corp.) Hidden ProgDVB (HKLM\...\ProgDVB) (Version: 6.8x - Prog) QNAP Finder (HKLM-x32\...\QNAP_FINDER) (Version: 3.4.3.0523 - QNAP Systems, Inc.) QNAP NetBak Replicator (HKLM-x32\...\QNAP_NASNetBak) (Version: - ) Quicken 2014 (HKLM-x32\...\{E60036CF-1E46-4DFE-832F-5476574B30FF}) (Version: 21.37.00.0185 - Haufe-Lexware GmbH & Co.KG) Quicken 2015 (x32 Version: 22.35.00.0131 - Haufe-Lexware GmbH & Co.KG) Hidden Quicken Import Export Server 2015 (x32 Version: 22.31.00.0069 - Haufe-Lexware GmbH & Co.KG) Hidden Quicken Jubiläumsversion (HKLM-x32\...\{A907A713-DA24-4352-8786-96C7A6944646}) (Version: 20.36.00.0134 - Haufe-Lexware GmbH & Co.KG) QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Realify PaperOffice (HKLM-x32\...\Realify PaperOffice) (Version: 5230 - Realify Systems, Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.16.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.16.0 - Renesas Electronics Corporation) Hidden Reveal 1.2 (HKLM-x32\...\Reveal_1.2) (Version: - ) Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group) Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.) RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software) Saal Design Software (HKLM-x32\...\SaalDesignSoftware) (Version: 3.1.26 - SSW Software GmbH) Saal Design Software (x32 Version: 3.1.26 - SSW Software GmbH) Hidden Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V4.2L14 - PFU) ScanSnap Organizer (HKLM-x32\...\{E58F3B88-3B3E-4F85-9323-04789D979C15}) (Version: V3.2L15 - PFU) ScanSnap Organizer (x32 Version: 3.2.13.1 - PFU LIMITED) Hidden SeaMonkey 2.25 (x86 de) (HKLM-x32\...\SeaMonkey 2.25 (x86 de)) (Version: 2.25 - Mozilla) Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Hidden SilverFast 8.0.1r13 (32bit) (HKLM-x32\...\SilverFast 8 x86) (Version: 8.0.1r13 - LaserSoft Imaging AG) SilverFast AFL-SE 6.6.2r5 (HKLM-x32\...\SilverFast AFL-SE) (Version: - LaserSoft Imaging AG) SIW version 2011.09.16 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.09.16 - Topala Software Solutions) Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.) SmartScore X Songbook Edition (HKLM-x32\...\{1A27ACEF-BC98-44BE-BB8D-8199AF2BC62D}) (Version: 10.1.1 - Musitek) Sophos Free Encryption 2.40.0 (HKLM-x32\...\{91D5756A-86DD-4E92-9F38-33743A081060}) (Version: 2.40.0.9 - Sophos) SPR532 SmartCard Reader V1.87 (HKLM-x32\...\{063368C4-1F03-46C7-92A8-9066AF67B372}) (Version: 1.87 - SCM Microsystems Inc.) SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC) Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH) TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version: - (c) 2006-2011, Tom Thielicke IT Solutions) TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname) TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) TopMapsViewer Bayern (HKLM-x32\...\{FB1DF9D2-63C5-40E8-A536-32FB84CA9E4D}) (Version: 6.6.0.0000 - EADS Deutschland GmbH) TreeSize Free V3.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.1 - JAM Software) True Image 2013 (HKLM-x32\...\{4AA75223-6CBF-46F4-8EE4-7BF0591089F7}Visible) (Version: 16.0.6514 - Acronis) True Image 2013 (x32 Version: 16.0.6514 - Acronis) Hidden True Image 2013 Plus Pack (HKLM-x32\...\{1547FF3D-F82F-46AE-819B-78C7BB3D53EC}) (Version: 16.0.6514 - Acronis) TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software) TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden TuneUp Utilities Language Pack (de-DE) (x32 Version: 10.0.4500.45 - TuneUp Software) Hidden TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.73 - TuneUp Software) Hidden TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3020.2 - TuneUp Software) Hidden Twonky Windows Components (HKLM-x32\...\{7CC673E7-5271-409D-B196-BB76DA60300B}) (Version: 3.0.4 - PacketVideo) TwonkyManager (HKLM-x32\...\TwonkyManager) (Version: 3.0.4 (58) - PacketVideo) Ulead PhotoImpact X3 (HKLM-x32\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 1.00.0000 - Corel) Ulead PhotoImpact X3 (x32 Version: 1.00.0000 - Corel) Hidden Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft) USB ACF Modem (HKLM\...\CNXT_MODEM_USB_ACF) (Version: 2.0.21.50 - Conexant) USB Driver for Panasonic DVC (with Web Camera) (HKLM-x32\...\{82AF8AF6-6D0B-4EE6-B11F-CF9877877F69}) (Version: - ) Virtual Desktop Companion (HKLM-x32\...\{DC2A8156-36B5-4C3E-BB75-0A0AA03DD9A5}) (Version: 2.0.1 - Improv Electronics) Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 11.0.0 - Nuance Communications Inc.) Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 30.1.2014 - BillP Studios) XMedia Recode Version 3.1.9.4 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.9.4 - XMedia Recode) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1982316411-69064254-2039899064-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Waldmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1982316411-69064254-2039899064-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Waldmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1982316411-69064254-2039899064-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Waldmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1982316411-69064254-2039899064-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Waldmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1982316411-69064254-2039899064-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Waldmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1982316411-69064254-2039899064-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Waldmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1982316411-69064254-2039899064-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Waldmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1982316411-69064254-2039899064-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Waldmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1982316411-69064254-2039899064-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Waldmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 29-09-2014 06:22:39 Windows-Sicherung 30-09-2014 11:41:04 Windows Update 01-10-2014 19:16:41 Windows Update 06-10-2014 10:46:43 Windows-Sicherung 07-10-2014 15:31:17 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2014-10-06 13:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {00EAEF0A-931A-4E58-A973-458C0025E683} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-07-09] (IObit) Task: {01164AAA-6ECB-422C-A0AD-88AC73A48B8A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {09A0EEF1-7C32-462C-8D08-F45B7C181ECB} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {0E26FAB2-1E99-429E-B4ED-BA2B80F640E3} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe Task: {0F0B2E92-F1E7-4791-9926-F5CE7790BA71} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software) Task: {25EF93DA-CA4C-4F1D-990E-626628BC97A6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-28] (Google Inc.) Task: {265952ED-66D1-4823-837B-D749564983FF} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated) Task: {29F0AA25-DCD8-4196-8CD1-856DEA232B56} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd) Task: {38212132-F3AA-490C-9BF1-0B055387B6C8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {42A56287-0F3C-4AC5-A8C2-EBC16FE92C6B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated) Task: {4FA825F7-49EA-4201-B36A-1767F1D4D621} - System32\Tasks\{A3193B0B-0602-42A1-84CA-03F5DB9C1415} => C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2010-11-15] (CyberLink Corp.) Task: {50FC5AAF-195E-4221-B797-939FB46008A5} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {524F99FC-1B4C-459E-9490-FFEC5EB8C2C5} - System32\Tasks\{C90F6733-B774-4D7C-8B7B-9AF565160B53} => C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2010-11-15] (CyberLink Corp.) Task: {59CB6B13-BDDF-48E9-8BE9-4C41C656ABE3} - System32\Tasks\{DA4561AA-9D1D-4E17-8A35-E5063C6765B3} => Firefox.exe hxxp://ui.skype.com/ui/0/6.18.0.106/de/go/help.faq.installer?LastError=1618 Task: {73CF6EE9-09F0-4BF1-B92E-EE28FCEC5C48} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {8358CD7B-7519-4268-AEAF-3653422511D0} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft) Task: {85B04647-7A6C-4EDD-A376-F593595D0A8A} - System32\Tasks\Google Updater and Installer => C:\Users\Waldmann\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-10] (Google Inc.) Task: {8FD65BF4-B98C-4970-9B1B-53593EEADE77} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [2013-10-17] (Haufe-Lexware GmbH & Co. KG) Task: {B01B97C7-60C8-4D30-ABCC-8B40C76D396D} - System32\Tasks\{FB097542-21C2-4E1E-9277-B761910B43AA} => C:\Users\Waldmann\Desktop\RealifyPaperOffice2011setup.exe Task: {C980C1E1-332F-4505-8961-E5615429A265} - System32\Tasks\InstallShield Software-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [2004-04-17] (InstallShield Software Corporation) Task: {CB00DD13-FA6E-4B1D-8629-50D4E1D1B913} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation) Task: {CD78004A-AAA1-45B6-B70E-C741D9A456EE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1982316411-69064254-2039899064-1000UA => C:\Users\Waldmann\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-10] (Google Inc.) Task: {D8F9E7DF-9C94-4F54-8AB6-FF913DF02F0E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-28] (Google Inc.) Task: {E3C4EF5A-5F8D-4573-A89C-6786722E83E9} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe Task: {EA627A73-F100-4D43-9F99-E74ECFFB823C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1982316411-69064254-2039899064-1000Core => C:\Users\Waldmann\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-10] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1982316411-69064254-2039899064-1000Core.job => C:\Users\Waldmann\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1982316411-69064254-2039899064-1000UA.job => C:\Users\Waldmann\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-08-22 17:22 - 2013-01-18 17:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2009-09-02 09:46 - 2009-09-02 09:46 - 00022016 _____ () C:\Windows\System32\BsTrace.dll 2012-02-05 13:35 - 2012-01-03 15:28 - 10893312 _____ () C:\Windows\System32\WTMKM.exe 2011-10-10 21:44 - 2007-09-02 14:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe 2014-03-03 15:58 - 2014-03-03 15:58 - 00563621 _____ () C:\Program Files (x86)\DocFetcher\docfetcher-daemon-windows.exe 2012-01-13 20:56 - 2012-01-13 20:56 - 00060864 _____ () C:\Program Files\ProgDVB\ProgDVBService.exe 2012-01-13 20:56 - 2012-01-13 20:56 - 00166336 _____ () C:\Program Files\ProgDVB\Scheduler.dll 2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 _____ () C:\Windows\SysWOW64\PSIService.exe 2014-07-16 10:24 - 2014-07-16 10:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll 2009-09-02 09:46 - 2009-09-02 09:46 - 00022016 _____ () C:\Windows\system32\BsTrace.dll 2008-03-07 13:54 - 2008-03-07 13:54 - 17892352 _____ () C:\Windows\system32\BsLangInDepRes.dll 2009-09-02 09:46 - 2009-09-02 09:46 - 00009728 _____ () C:\Windows\system32\BsHelpCSps.dll 2009-09-02 09:46 - 2009-09-02 09:46 - 00044544 _____ () C:\Windows\system32\BlueSoleilCSps.dll 2012-09-24 14:59 - 2012-09-24 14:59 - 00545608 _____ () C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe 2012-09-24 14:59 - 2012-09-24 14:59 - 00275272 _____ () C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe 2012-09-24 15:02 - 2012-09-24 15:02 - 01692488 _____ () C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe 2013-09-23 18:03 - 2010-08-10 15:37 - 00334848 ____R () C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe 2012-02-05 13:35 - 2012-01-03 16:06 - 00582144 _____ () C:\Windows\system32\atwtusb.exe 2013-03-27 22:39 - 2013-03-27 22:39 - 00021824 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\x64\ti_managers_proxy_stub.dll 2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2011-10-10 21:44 - 2007-09-02 14:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll 2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll 2014-02-02 17:04 - 2014-02-18 05:46 - 00643948 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll 2009-09-02 09:43 - 2009-09-02 09:43 - 00114808 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\setup.dll 2011-10-14 20:51 - 2003-03-26 18:46 - 00135168 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll 2011-10-14 20:51 - 2006-10-12 15:14 - 00036864 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuUpdater.dll 2011-10-14 20:51 - 2007-02-16 15:06 - 00045056 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuUpdater0407.dll 2011-10-14 20:51 - 2007-06-26 20:27 - 00167936 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll 2014-10-07 19:20 - 2014-10-07 19:20 - 00043008 _____ () c:\users\waldmann\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxz250m.dll 2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Waldmann\AppData\Roaming\Dropbox\bin\libcef.dll 2009-09-02 09:48 - 2009-09-02 09:48 - 00144384 _____ () C:\Windows\system32\BsProfilefunc.dll 2013-03-28 00:37 - 2013-03-28 00:37 - 13627872 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll 2013-01-10 13:43 - 2013-01-10 13:43 - 00014360 _____ () C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll 2012-02-05 22:16 - 2011-08-23 10:04 - 00057344 _____ () C:\Program Files (x86)\WinTV\TVServer\libhdhomerun.dll 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf 2013-02-14 16:46 - 2013-02-14 16:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll 2012-09-24 15:02 - 2012-09-24 15:02 - 00176968 _____ () C:\Program Files (x86)\Twonky\TwonkyServer\wmdrmdll.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 01135616 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMSWrap.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00656896 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ContentDirectoryPresenter.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00105472 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMCDP.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00098816 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\FolderCDP.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00077312 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MetadataFramework.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00520234 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\sqlite3.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00450560 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MoodExtractor.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 05717504 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMImgExtractor.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00029184 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AutoChaptering.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00147456 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexpat.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoThumb.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 04671488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avcodec-52.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00070656 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avutil-50.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00686080 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avformat-52.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00152064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\swscale-0.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00027648 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AudioExtractor.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00063488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ID3Driver.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00366592 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\tag.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00289792 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libThumbnail.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00023040 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RichInfoDriver.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoExtractor.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ThumbnailMaker.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00133120 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoMetadataDriver.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00290304 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libKeyFrame.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\SECMetaDriver.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ImageExtractor.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\photoDriver.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00399826 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexif-12.dll.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00013824 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\TextExtractor.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00031232 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\Autobackup.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00054784 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RosettaAllShare.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00044032 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\us.dll 2013-03-27 22:09 - 2013-03-27 22:09 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll 2014-09-28 13:37 - 2014-09-28 13:37 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-04-20 01:42 - 2014-04-20 01:42 - 00699072 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll 2014-04-20 01:42 - 2014-04-20 01:42 - 00468672 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll 2014-04-20 01:42 - 2014-04-20 01:42 - 00347328 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com\nponlinebanking.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: x => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CardMinder Viewer.lnk => C:\Windows\pss\CardMinder Viewer.lnk.CommonStartup MSCONFIG\startupreg: Run-OSByPetzl => C:\Program Files (x86)\Petzl\OSByPetzl\WinPetzlController.exe MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun ========================= Accounts: ========================== Administrator (S-1-5-21-1982316411-69064254-2039899064-500 - Administrator - Disabled) Gast (S-1-5-21-1982316411-69064254-2039899064-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-1982316411-69064254-2039899064-1002 - Limited - Enabled) UpdatusUser (S-1-5-21-1982316411-69064254-2039899064-1040 - Limited - Enabled) => C:\Users\UpdatusUser Waldmann (S-1-5-21-1982316411-69064254-2039899064-1000 - Administrator - Enabled) => C:\Users\Waldmann ==================== Faulty Device Manager Devices ============= Name: Deskjet 6980 series Description: Deskjet 6980 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Officejet Pro 8500 A910 Description: Officejet Pro 8500 A910 Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: USB-Massenspeichergerät Description: USB-Massenspeichergerät Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: Kompatibles USB-Speichergerät Service: USBSTOR Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (10/07/2014 07:42:34 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors: ============= Microsoft Office Sessions: ========================= Error: (10/07/2014 07:42:34 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Waldmann\Desktop\Security\MalWare Jäger Programme\esetsmartinstaller_enu.exe CodeIntegrity Errors: =================================== Date: 2014-10-06 13:12:44.023 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-10-06 13:12:43.943 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-09-29 08:33:51.491 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-29 08:33:51.489 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-29 08:33:42.222 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-29 08:33:42.220 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-29 08:31:23.706 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-29 08:31:23.694 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-29 08:31:22.363 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-29 08:31:22.362 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU E6850 @ 3.00GHz Percentage of memory in use: 68% Total physical RAM: 4094.49 MB Available physical RAM: 1278.63 MB Total Pagefile: 8187.16 MB Available Pagefile: 5126.37 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (1. Festplatte 500GB) (Fixed) (Total:465.76 GB) (Free:167.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: (2.Festplatte ) (Fixed) (Total:298.09 GB) (Free:88.35 GB) NTFS Drive i: (HD-HXU3) (Fixed) (Total:931.51 GB) (Free:638.6 GB) NTFS Drive j: (MY BOOK) (Fixed) (Total:465.65 GB) (Free:418.82 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9CD19CD1) Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 298.1 GB) (Disk ID: DFBADFBA) Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 931.5 GB) (Disk ID: D07A4C4D) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (Size: 465.8 GB) (Disk ID: 44FDFE06) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C) ==================== End Of Log ============================ |
08.10.2014, 12:52 | #9 |
/// the machine /// TB-Ausbilder | ebenfalls deutlicher LeistungsabfallESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
09.10.2014, 12:57 | #10 |
| ebenfalls deutlicher Leistungsabfall Hier das Eset Ergebnis: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=7d0a7ed23ff7984ba84af27114c6fbcd # engine=20502 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-10-08 10:37:27 # local_time=2014-10-09 12:37:27 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 33856 164437697 0 0 # scanned=933019 # found=41 # cleaned=0 # scan_time=28646 sh=FED7CAA2E24771B66065C8D30131FC8037B6BD2A ft=1 fh=b41296876ed186e5 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Waldmann\AppData\Local\Temp\OCS\ocs_v71b.exe.vir" sh=CAA6CFAE1F30654C284122F1603F55C4F4C78F63 ft=1 fh=c0faa9faf13b7117 vn="Win32/AdWare.Linkular.AH Anwendung" ac=I fn="C:\Program Files (x86)\ObviousIdea\Image Resizer 4\PowerPack.exe" sh=B7124CC73ACC00EE123B0A34223B191861A319B7 ft=1 fh=729e44fbb707eff6 vn="Variante von Win32/RemoteAdmin.RemoteExec.AA potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\SIW\siw.exe" sh=5DB0A9B9EC93254C15BF6D7C553B0232B0615273 ft=1 fh=cf89c6ff9c0b335e vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\Users\Waldmann\Desktop\Downloads\cdbxp_setup_4.5.4.5000.exe" sh=D667CBBC557EBB418E9134BA4A61E3F3D3BD4ECD ft=1 fh=c71c001110b3f691 vn="Variante von Win32/Injected.F Trojaner" ac=I fn="C:\Users\Waldmann\Desktop\Downloads\COMPUTER_BILD-Download-Manager_fuer_apsetup(1).exe" sh=D667CBBC557EBB418E9134BA4A61E3F3D3BD4ECD ft=1 fh=c71c001110b3f691 vn="Variante von Win32/Injected.F Trojaner" ac=I fn="C:\Users\Waldmann\Desktop\Downloads\COMPUTER_BILD-Download-Manager_fuer_apsetup.exe" sh=3C7B7DF8D98A0B85608F99A8F04D8D1515504B09 ft=1 fh=7ecef916d1a4178e vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Waldmann\Desktop\Downloads\CrystalDiskInfo6_2_1-en(1).exe" sh=3C7B7DF8D98A0B85608F99A8F04D8D1515504B09 ft=1 fh=7ecef916d1a4178e vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Waldmann\Desktop\Downloads\CrystalDiskInfo6_2_1-en(2).exe" sh=AC542885B1E027BD9703CE5C68ED4747FBDEBDEC ft=1 fh=0f58e914b2b00861 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Waldmann\Desktop\Downloads\Dropbox - CHIP-Installer.exe" sh=FA5200A7B82CF82B80B70BE6AAA18E98FA3CC00A ft=1 fh=d6a09a7ee51dc1d1 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Waldmann\Desktop\Downloads\FreeStudio(1).exe" sh=8DBC6C78D2C8FC88DDF05A9E6ACA4355C971B4DF ft=1 fh=8c9ca47f4234cb72 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Waldmann\Desktop\Downloads\FreeStudio.exe" sh=9CDD87BC95DEA954665CB7F22579E04FC360077A ft=1 fh=9319ecaed0a22c9b vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Waldmann\Desktop\Downloads\FreeYouTubeToMP3Converter-3.12.20.1230.exe" sh=2522784C963A2EADD24459E2784D5AFC23936A31 ft=1 fh=dfb362c668efa061 vn="Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Waldmann\Desktop\Downloads\IMF_setup.exe" sh=DDAC41E8E2FC1EB85F54DB12DD89E2662BD59F05 ft=1 fh=807ca52377d78412 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Waldmann\Desktop\Downloads\Kaspersky Internet Security 2014 - CHIP-Installer.exe" sh=4CDBCED60C208A7E9814114FBF929E1CF700FA8F ft=1 fh=0c495fd76b29f313 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Waldmann\Desktop\Downloads\KeePass 2 - CHIP-Installer.exe" sh=15BC262F05045AC2C02443ACA6800077315E45A3 ft=1 fh=eb61fa410c53f67f vn="Win32/AdWare.Linkular.AH Anwendung" ac=I fn="C:\Users\Waldmann\Desktop\Downloads\light_image_resizer4_setup(1).exe" sh=15BC262F05045AC2C02443ACA6800077315E45A3 ft=1 fh=eb61fa410c53f67f vn="Win32/AdWare.Linkular.AH Anwendung" ac=I fn="C:\Users\Waldmann\Desktop\Downloads\light_image_resizer4_setup.exe" sh=9D9AC9676577B46F12C48CD94091D69E1B9F8261 ft=1 fh=74bc3bfe123025c9 vn="Variante von Win32/InstallCore.OZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Waldmann\Desktop\Downloads\setup-picture-relate-262-de_CB-DL-Manager.exe" sh=8AE0F9AF2388EEFFBE8E3D65E458181F31590E6F ft=1 fh=2084bf259e9b77f4 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Waldmann\Desktop\Downloads\SpeedTest - CHIP-Downloader.exe" sh=200D8ED8BDD5D39CAFEEFF0E5ACAF98C3CDE070E ft=0 fh=0000000000000000 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Edgar\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\eBay.lnk" sh=A34E769233D34564B59EC544AC1222728E934596 ft=1 fh=23bee09c901cc422 vn="Win32/MCH potenziell unsichere Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Edgar\Desktop\Brennen\kisi2010.exe" sh=60682744A7B8BFCB88FD08AAAD51C4072BF19385 ft=1 fh=2059c6368aaf1a3a vn="Variante von Win32/Toolbar.Conduit.I evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Edgar\Desktop\Brennen\ripsetup.exe" sh=17A789708147A14DF46B4BE052E8E8632992552A ft=1 fh=66a7f666214a4c2b vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Edgar\Desktop\Utilities\unlocker1.8.9.exe" sh=5AD0133FA32C4AA1A05D913C76D6A6905C881C5A ft=1 fh=664e0ba6fa63f516 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Edgar\Eigene Dateien\Downloads\Integrated_BrotherSoft_TB.exe" sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Edgar\Lokale Einstellungen\Anwendungsdaten\ConduitEngine\ConduitEngine.dll" sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Edgar\Lokale Einstellungen\Anwendungsdaten\Winload\tbWinl.dll" sh=84027C2009493B24DE0BF01F3690E077B1534364 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Edgar\Lokale Einstellungen\Temp\tbff.xpi" sh=307890233C423BE013062E1213C6631E29E7AF6A ft=1 fh=a3af1910562c9ea5 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Edgar\Lokale Einstellungen\Temp\tbinst.exe" sh=FA2F36C91B9C4B9C534B692B057726B287410079 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Edgar\Lokale Einstellungen\Temp\ct2319825\chrome\winload.jar" sh=F8077DD45F59D8964156896E305312CD109D75F8 ft=1 fh=07b2413872c62cbb vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="E:\Programme\AskBarDis\bar\bin\askBar.dll" sh=664270A860DDB3D6F23F617D0615070330A71A30 ft=1 fh=192f7aaecaa32147 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\Conduit\Community Alerts\Alert.dll" sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\ConduitEngine\ConduitEngine.dll" sh=818C7E39B85258055360D8E520BA4B85F950148C ft=1 fh=9775bb1a8ef37e63 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\Foxit\tbFox1.dll" sh=94D5565E9B5689A07E4BB922A2B61319AAC66C0E ft=1 fh=ab0efd8dab3b5270 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\Foxit\tbFoxi.dll" sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\Winload\tbWinl.dll" sh=2E2E59E70FC0E460002D2687FE1413386174A362 ft=0 fh=0000000000000000 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="H:\WALDMANN-PC\Backup Set 2014-09-15 134249\Backup Files 2014-09-15 134249\Backup files 187.zip" sh=9DE48E2F1E721841BE8FA15C6DEB27DB2A9D3BF9 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="H:\WALDMANN-PC\Backup Set 2014-09-15 134249\Backup Files 2014-09-15 134249\Backup files 53.zip" sh=55894297E99607B64574C13E659FEDC03D1128F8 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="H:\WALDMANN-PC\Backup Set 2014-09-15 134249\Backup Files 2014-09-15 134249\Backup files 54.zip" sh=7AC489E0F1285027F8ABCD116740977CBE4256FE ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="H:\WALDMANN-PC\Backup Set 2014-09-15 134249\Backup Files 2014-09-15 134249\Backup files 55.zip" sh=DAFA2A8C29A205394C69ED531D302AFB8E4244FC ft=0 fh=0000000000000000 vn="Variante von Win32/InstallCore.OZ evtl. unerwünschte Anwendung" ac=I fn="H:\WALDMANN-PC\Backup Set 2014-09-15 134249\Backup Files 2014-09-15 134249\Backup files 56.zip" sh=C2BBBCD012E0CFB24807EDFB7D659E9C32319D21 ft=1 fh=448aed5638fbf773 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="J:\System Volume Information\_restore{5905C3E4-1B38-4D46-8E64-2898CE5C9750}\RP341\A0143673.exe" Code:
ATTFilter Results of screen317's Security Check version 0.99.87 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky Internet Security Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` SpywareBlaster 5.0 Secunia PSI (3.0.0.9016) TuneUp Utilities 2014 TuneUp Utilities Language Pack (de-DE) TuneUp Utilities 2014 (de-DE) TuneUp Utilities Language Pack (de-DE) TuneUp Utilities 2014 Java 7 Update 55 Java version out of Date! Adobe Flash Player 15.0.0.152 Adobe Reader XI Mozilla Firefox (32.0.3) Mozilla Thunderbird (31.1.1) Google Chrome 37.0.2062.120 Google Chrome 37.0.2062.124 ````````Process Check: objlist.exe by Laurent```````` WinPatrol winpatrol.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe Kaspersky Lab Kaspersky Internet Security 15.0.0 avp.exe Kaspersky Lab Kaspersky Internet Security 15.0.0 avpui.exe Kaspersky Lab Kaspersky Internet Security 15.0.0 klwtblfs.exe BillP Studios WinPatrol WinPatrol.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01 Ran by Waldmann (administrator) on WALDMANN-PC on 09-10-2014 13:47:02 Running from C:\Users\Waldmann\Desktop\Downloads Loaded Profile: Waldmann (Available profiles: Waldmann & UpdatusUser) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe (IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) C:\Windows\System32\PrintCtrl.exe () C:\Program Files\ProgDVB\ProgDvbService.exe () C:\Windows\SysWOW64\PSIService.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe () C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe (PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe () C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe () C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe () C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe () C:\Windows\System32\WTMKM.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe () C:\Program Files (x86)\RocketDock\RocketDock.exe () C:\Windows\System32\atwtusb.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE (Improv Electronics) C:\Program Files (x86)\Improv Electronics\Virtual Desktop Companion\BoogieBoardRip.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe (BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (Petzl) C:\Program Files (x86)\Petzl\OSByPetzl\WinPetzlController.exe () C:\Windows\System32\atwtusb.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Microsoft Corporation) C:\Windows\System32\FXSSVC.exe (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Dropbox, Inc.) C:\Users\Waldmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe (Christian Löbering - PC-WELT) C:\Users\Waldmann\AppData\Roaming\PC-WEL~1\PCWPER~1.EXE (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe () C:\Program Files (x86)\DocFetcher\docfetcher-daemon-windows.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe (IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe () C:\Users\Waldmann\Desktop\Downloads\SecurityCheck.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [CmPCIaudio] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd HKLM\...\Run: [MacrokeyManager] => C:\Windows\system32\WTMKM.exe [10893312 2012-01-03] () HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [517912 2013-02-15] (Acronis) HKLM-x32\...\Run: [TrayServer] => C:\Program Files (x86)\MAGIX\Video_deluxe_MX\TrayServer_de.exe [90112 2008-08-07] (MAGIX AG) HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [222504 2010-12-23] (CyberLink Corp.) HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe [315478 2009-09-02] (IVT Corporation) HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-02] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [106344 2011-05-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6405376 2013-03-28] (Acronis) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105848 2013-01-10] (Acronis) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.) HKLM-x32\...\Run: [DocFetcher-Daemon] => C:\Program Files (x86)\DocFetcher\docfetcher-daemon-windows.exe [563621 2014-03-03] () HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl) HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.) HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.) HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIJCE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [Boogie Board Rip] => C:\Program Files (x86)\Improv Electronics\Virtual Desktop Companion\BoogieBoardRip.exe [1002496 2012-09-04] (Improv Electronics) HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom) HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [496192 2014-02-25] (BillP Studios) HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [Run-OSByPetzl] => C:\Program Files (x86)\Petzl\OSByPetzl\WinPetzlController.exe [1178624 2014-06-04] (Petzl) HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation) HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Policies\system: [DisableClock] 0 HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Policies\Explorer: [NoNetworkConnections] 0 HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Policies\Explorer: [NoCommonGroups] 0 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\In PDF-Datei mit ScanSnap Organizer konvertieren.lnk ShortcutTarget: In PDF-Datei mit ScanSnap Organizer konvertieren.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\Waldmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Waldmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Waldmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Waldmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pcwPerfectSearch.LNK ShortcutTarget: pcwPerfectSearch.LNK -> C:\Users\Waldmann\AppData\Roaming\PC-WELT-PerfectSearch\pcwPerfectSearch.exe (Christian Löbering - PC-WELT) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC1159ADF4534CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKCU - {D762D0F5-A284-4FB8-866B-4D3665FD1CCE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9SRC BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit) BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll (Nuance Communications, Inc.) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll (Nuance Communications, Inc.) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Waldmann\AppData\Roaming\Mozilla\Firefox\Profiles\bnw3j0un.default-1410462397457 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll (Nuance Communications, Inc.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com () FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com () FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll (Nuance Communications, Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Waldmann\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Waldmann\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-09-28] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-09-28] FF Extension: ELO Archiv-Transfer - C:\Program Files (x86)\Mozilla Firefox\extensions\EloFirefoxAddon.xpi [2014-09-28] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-09-28] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-09-28] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-09-28] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-09-28] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-09-28] Chrome: ======= CHR HomePage: Default -> CHR Profile: C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-28] CHR Extension: (Google Drive) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-28] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07] CHR Extension: (YouTube) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-28] CHR Extension: (Google-Suche) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-28] CHR Extension: (Kaspersky Protection) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-09-30] CHR Extension: (DNSHelper) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaffpnfojcdkcdimoobneboagdnnenbo [2014-02-06] CHR Extension: (Ghostery) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-01-26] CHR Extension: (Google Wallet) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-28] CHR Extension: (Google Mail) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-28] CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [] CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [] CHR HKLM-x32\...\Chrome\Extension: [gaffpnfojcdkcdimoobneboagdnnenbo] - C:\Users\Waldmann\AppData\Roaming\DNSHelper Chrome\DNSHelper.crx [2014-02-06] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AcfXAudioService; C:\Windows\SysWOW64\ACFXAU64.dll [436736 2009-04-29] (Conexant Systems, Inc.) R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO) R2 BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [1466476 2009-09-02] (IVT Corporation) [File not signed] R3 BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [192000 2009-09-02] (IVT Corporation) [File not signed] R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [137280 2014-07-23] (Nuance Communications, Inc.) R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed] R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 FoxitCloudUpdateService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation) R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [576512 2012-01-25] (Hauppauge Computer Works) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [61992 2014-02-18] (Haufe-Lexware GmbH & Co. KG) R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed] S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-07-09] (IObit) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-04-28] (Hewlett-Packard) [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-04-28] (Hewlett-Packard) [File not signed] R2 Printer Control; C:\Windows\system32\PrintCtrl.exe [79360 2011-11-11] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [File not signed] R2 ProgDVBService; C:\Program Files\ProgDVB\ProgDVBService.exe [60864 2012-01-13] () R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] () R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software) R2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [545608 2012-09-24] () R2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [553800 2012-09-24] (PacketVideo) R2 TwonkyWebDav; C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe [275272 2012-09-24] () R2 UsbService; C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [334848 2010-08-10] () [File not signed] R2 WTService; C:\Windows\system32\atwtusb.exe [582144 2012-01-03] () [File not signed] S2 HPSLPSVC; C:\Users\Waldmann\AppData\Local\Temp\7zS1CC4\hpslpsvc64.dll [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation) R3 acfva; C:\Windows\System32\DRIVERS\ACFVA64.sys [123008 2009-09-02] (Conexant Systems Inc.) S1 ASPI32; C:\Windows\SysWow64\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec) [File not signed] S3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [36360 2009-06-17] (IVT Corporation.) S3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [36360 2009-06-17] (IVT Corporation.) S3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [36872 2009-06-17] (IVT Corporation.) R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [20488 2009-06-17] (IVT Corporation.) R3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47880 2009-08-28] (IVT Corporation.) R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24840 2009-08-26] (IVT Corporation.) R3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [34440 2009-08-26] () R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2010-04-27] (C-Media Inc) R3 dgcfltr; C:\Windows\System32\DRIVERS\ACFDCP64.sys [34944 2009-04-29] (Conexant Systems, Inc.) R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [23464 2008-12-09] (EldoS Corporation) S3 hcwAVD2; C:\Windows\System32\drivers\HCWUSB264.sys [197632 2007-07-24] (Conexant Systems, Inc.) R3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [30344 2009-08-26] (IVT Corporation.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-10-08] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-10-08] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-08] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R2 mdmxsdk; C:\Windows\System32\DRIVERS\ACFSDK64.sys [17024 2007-03-15] (Conexant) R3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-14] (Microsoft Corporation) R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows (R) Codename Longhorn DDK provider) S3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI) S3 PcaSp50; C:\Windows\System32\Drivers\PcaSp50.sys [45624 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA)) S3 PcaSp50; C:\Windows\SysWOW64\Drivers\PcaSp50.sys [52800 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA)) S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA)) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [102912 2012-03-15] (Renesas Electronics Corporation) R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [220672 2012-03-15] (Renesas Electronics Corporation) R3 S332x64; C:\Windows\System32\DRIVERS\S332x64.sys [78080 2012-02-27] (Identive ) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 STCFUx64; C:\Windows\System32\DRIVERS\STCFUx64.SYS [10368 2008-11-13] (SCM Microsystems Inc.) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-08-04] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2013-08-04] (Acronis) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software) R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [17032 2009-08-26] (IVT Corporation.) R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [43912 2009-08-28] (IVT Corporation.) R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows (R) Win 7 DDK provider) R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-08-04] (Acronis International GmbH) R3 vuhub; C:\Windows\System32\DRIVERS\vuhub.sys [47616 2007-12-17] () R2 XAudio; C:\Windows\System32\DRIVERS\ACFXAU64.sys [10240 2009-04-29] (Conexant Systems, Inc.) S0 BTHidEnum; System32\Drivers\vbtenum.sys [X] S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 MSI_MSIBIOS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-07 20:12 - 2014-10-07 20:12 - 00000000 ____D () C:\Program Files\NetSpeedMonitor 2014-10-07 19:37 - 2014-10-07 19:38 - 00000758 _____ () C:\Users\Waldmann\Desktop\JRT.txt 2014-10-07 19:14 - 2014-10-07 19:14 - 00000310 _____ () C:\Windows\PFRO.log 2014-10-07 19:08 - 2014-10-07 19:08 - 00002268 _____ () C:\Users\Waldmann\Desktop\AdwCleaner[S5].txt 2014-10-07 17:23 - 2014-10-07 19:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\7D514FBF.sys 2014-10-07 17:18 - 2014-10-07 17:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\092446CF.sys 2014-10-06 13:36 - 2014-10-06 13:36 - 00048108 _____ () C:\ComboFix.txt 2014-10-06 12:54 - 2014-10-06 13:36 - 00000000 ____D () C:\ComboFix 2014-10-06 12:54 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-10-06 12:54 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-10-06 12:54 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-10-06 12:54 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-10-06 12:54 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-10-06 12:54 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-10-06 12:54 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-10-06 12:54 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-10-06 12:53 - 2014-10-06 13:36 - 00000000 ____D () C:\Qoobox 2014-10-06 12:53 - 2014-10-06 13:33 - 00000000 ____D () C:\Windows\erdnt 2014-10-06 12:47 - 2014-10-06 12:47 - 05582481 ____R (Swearware) C:\Users\Waldmann\Desktop\ComboFix.exe 2014-10-05 11:47 - 2014-10-09 13:47 - 00000000 ____D () C:\FRST 2014-10-05 11:44 - 2014-10-05 11:44 - 00000000 _____ () C:\Users\Waldmann\defogger_reenable 2014-10-03 18:37 - 2014-10-03 18:37 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\26057 2014-10-01 08:06 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-10-01 08:06 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-09-28 17:24 - 2014-09-29 08:48 - 00002349 _____ () C:\Users\Waldmann\Desktop\Sicherer Zahlungsverkehr.lnk 2014-09-28 13:50 - 2014-09-29 08:35 - 00001215 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk 2014-09-28 13:49 - 2014-09-28 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2014-09-28 13:40 - 2014-10-08 15:18 - 00793800 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-09-28 13:40 - 2014-10-08 15:18 - 00141320 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-09-28 13:37 - 2014-09-28 13:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-25 13:52 - 2014-09-25 13:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\354F2ED7.sys 2014-09-24 15:11 - 2014-09-24 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo 2014-09-24 15:11 - 2014-09-24 15:11 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo 2014-09-24 14:44 - 2014-09-24 14:44 - 00000000 ____D () C:\Program Files (x86)\MemoMaster5 2014-09-24 13:14 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-24 13:14 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-09-23 20:10 - 2014-09-23 20:10 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\hdbADS 2014-09-23 18:21 - 2014-09-23 18:21 - 00003194 _____ () C:\Windows\System32\Tasks\{DDFD18B3-A314-4F67-A409-1CBFA38834A3} 2014-09-23 13:02 - 2014-09-23 18:30 - 00000000 ____D () C:\Users\Waldmann\Documents\NetObjects Fusion 2013 2014-09-23 13:01 - 2014-09-23 13:01 - 00001403 _____ () C:\Users\Public\Desktop\NetObjects Fusion 2013.lnk 2014-09-23 12:45 - 2014-09-23 13:01 - 00000000 ____D () C:\Users\Public\Documents\NetObjects Fusion 2013 2014-09-17 13:42 - 2014-09-17 13:42 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\30922D86.sys 2014-09-16 23:00 - 2014-09-16 23:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\5725369C.sys 2014-09-15 18:52 - 2014-09-15 18:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\777239C1.sys 2014-09-15 18:04 - 2014-09-15 18:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\1B1076D8.sys 2014-09-15 16:59 - 2014-09-15 16:59 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\4D5A7B3D.sys 2014-09-15 15:53 - 2014-09-15 15:53 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\7F0C2A79.sys 2014-09-15 14:35 - 2014-09-21 15:27 - 00000000 ____D () C:\Users\Waldmann\Desktop\Weidendamm 2014-09-14 12:27 - 2014-09-14 12:27 - 00262144 _____ () C:\Windows\system32\config\elam 2014-09-13 20:03 - 2014-09-13 20:03 - 00003654 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-09-13 18:16 - 2014-09-28 13:49 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab 2014-09-13 10:26 - 2014-09-13 10:31 - 06386309 _____ () C:\Windows\SysWOW64\kavremvr 2014-09-13 10-26-49 (pid 8972).log 2014-09-12 21:21 - 2014-09-12 21:21 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\KC Softwares 2014-09-12 21:21 - 2014-09-12 21:21 - 00000000 ____D () C:\Program Files (x86)\KC Softwares 2014-09-12 21:15 - 2014-09-16 18:07 - 00000000 ____D () C:\ProgramData\Informer Technologies, Inc 2014-09-12 20:22 - 2014-09-12 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-09-12 20:21 - 2014-09-12 20:22 - 00000000 ____D () C:\Program Files\iTunes 2014-09-12 20:21 - 2014-09-12 20:22 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-09-12 20:21 - 2014-09-12 20:21 - 00000000 ____D () C:\Program Files\iPod 2014-09-12 20:18 - 2014-09-12 20:19 - 00001721 _____ () C:\Users\Waldmann\Documents\Neue Datenbank1.odb 2014-09-12 20:16 - 2014-09-12 20:17 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1 2014-09-12 20:01 - 2014-09-12 20:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-09-11 03:56 - 2014-09-16 22:59 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys 2014-09-11 03:23 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-11 03:23 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-11 03:23 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-11 03:23 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-11 03:23 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-11 03:23 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-11 03:23 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-11 03:23 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-11 03:23 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-11 03:23 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-11 03:23 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-11 03:23 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-11 03:23 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-11 03:23 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-11 03:23 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-11 03:23 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-11 03:23 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-11 03:23 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-11 03:23 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-11 03:23 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-11 03:23 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-11 03:23 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-11 03:23 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-11 03:23 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-11 03:23 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-11 03:23 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-11 03:23 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-09-11 03:23 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-11 03:23 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-11 03:23 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-11 03:23 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-11 03:23 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-11 03:23 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-11 03:23 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-11 03:23 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-11 03:23 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-09-11 03:23 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-11 03:23 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-11 03:23 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-11 03:23 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-11 03:23 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-11 03:23 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-11 03:23 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-11 03:23 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-11 03:23 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-11 03:23 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-11 03:23 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-11 03:23 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-11 03:23 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-11 03:23 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-11 03:23 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-09-11 03:23 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-11 03:23 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-11 03:23 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-11 03:23 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-11 03:23 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-09-11 03:05 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-11 03:05 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-10 13:18 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-10 13:18 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-10 13:18 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-10 13:18 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-10 13:18 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-10 13:18 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-10 13:18 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-10 13:18 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-10 13:18 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-09 14:15 - 2014-09-09 14:15 - 02273432 _____ (DataDesign AG) C:\Windows\SysWOW64\DDBACCPL.CPL 2014-09-09 14:15 - 2014-09-09 14:15 - 01659544 _____ (DataDesign AG) C:\Windows\SysWOW64\ddBACCTM.cpl ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-09 13:43 - 2011-11-06 14:11 - 00000000 ____D () C:\Users\Waldmann\Documents\Outlook-Dateien 2014-10-09 13:42 - 2014-07-09 17:48 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-10-09 13:42 - 2012-04-01 20:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-09 13:33 - 2013-12-28 12:42 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-09 12:48 - 2012-06-10 21:27 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1982316411-69064254-2039899064-1000UA.job 2014-10-09 07:28 - 2013-02-16 18:36 - 00000000 ____D () C:\ProgramData\twonkyserver 2014-10-08 23:49 - 2011-11-16 20:57 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2C033427-CB53-4FBD-9F43-42FCC0E9E66B} 2014-10-08 21:48 - 2012-06-10 21:27 - 00001080 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1982316411-69064254-2039899064-1000Core.job 2014-10-08 19:33 - 2013-12-28 12:42 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-08 17:12 - 2014-07-05 11:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-08 16:14 - 2012-10-12 17:14 - 00005063 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI 2014-10-08 16:14 - 2012-10-12 17:14 - 00000092 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI 2014-10-08 16:14 - 2009-09-07 15:42 - 00001001 _____ () C:\Windows\SysWOW64\bscs.ini 2014-10-08 15:14 - 2011-10-09 15:52 - 01701577 _____ () C:\Windows\WindowsUpdate.log 2014-10-07 22:22 - 2014-07-30 17:13 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\KeePass 2014-10-07 22:20 - 2014-01-19 12:29 - 00000000 ____D () C:\Users\Waldmann\AppData\Local\CrashDumps 2014-10-07 20:37 - 2009-07-14 06:45 - 00027152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-07 20:37 - 2009-07-14 06:45 - 00027152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-07 20:24 - 2014-08-02 12:03 - 00000000 ___RD () C:\Users\Waldmann\Dropbox 2014-10-07 20:24 - 2014-08-02 11:58 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\Dropbox 2014-10-07 20:23 - 2012-12-10 14:30 - 00000000 ___RD () C:\Users\Waldmann\Desktop\FAX 2014-10-07 20:23 - 2009-07-14 04:34 - 00000593 _____ () C:\Windows\win.ini 2014-10-07 20:21 - 2014-07-13 14:40 - 00005701 _____ () C:\Windows\setupact.log 2014-10-07 20:21 - 2013-08-22 17:23 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-10-07 20:21 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-07 19:22 - 2014-02-06 22:39 - 00000000 ____D () C:\AdwCleaner 2014-10-07 19:19 - 2013-12-25 14:00 - 00000000 ____D () C:\ProgramData\ProductData 2014-10-06 18:47 - 2013-02-03 15:45 - 00000000 ____D () C:\Users\Waldmann\Desktop\ELO scan 2014-10-06 14:21 - 2011-10-10 20:19 - 00000000 ____D () C:\ProgramData\Lexware 2014-10-06 13:36 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-10-06 13:25 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-10-06 13:16 - 2009-07-14 04:34 - 28835840 _____ () C:\Windows\system32\config\system.bak 2014-10-06 13:16 - 2009-07-14 04:34 - 110362624 _____ () C:\Windows\system32\config\software.bak 2014-10-06 13:16 - 2009-07-14 04:34 - 01048576 _____ () C:\Windows\system32\config\default.bak 2014-10-06 13:16 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\security.bak 2014-10-06 13:16 - 2009-07-14 04:34 - 00065536 _____ () C:\Windows\system32\config\sam.bak 2014-10-06 13:12 - 2011-10-09 15:59 - 00000000 ____D () C:\Users\Waldmann 2014-10-06 13:07 - 2011-10-19 17:02 - 00000000 ____D () C:\ProgramData\TEMP 2014-10-06 12:50 - 2013-02-04 19:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-10-03 18:46 - 2014-07-11 16:21 - 00000000 ____D () C:\Program Files (x86)\DVDFab 9 2014-10-03 18:41 - 2014-08-18 10:47 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\Skype 2014-10-03 18:40 - 2014-07-11 16:21 - 00001014 _____ () C:\Users\Public\Desktop\DVDFab 9.lnk 2014-10-03 18:40 - 2014-07-11 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 9 2014-10-03 15:15 - 2012-02-06 20:10 - 05051904 ___SH () C:\Users\Waldmann\Desktop\Thumbs.db 2014-10-03 14:57 - 2012-11-24 23:23 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\vlc 2014-10-02 18:25 - 2011-04-12 09:43 - 00702942 _____ () C:\Windows\system32\perfh007.dat 2014-10-02 18:25 - 2011-04-12 09:43 - 00150582 _____ () C:\Windows\system32\perfc007.dat 2014-10-02 18:25 - 2009-07-14 07:13 - 01629348 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-29 08:42 - 2012-05-13 16:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-28 17:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\L2Schemas 2014-09-27 12:02 - 2012-09-16 16:05 - 00000000 ____D () C:\Users\Waldmann\Desktop\Büro 2014-09-27 12:01 - 2011-10-21 18:17 - 00000000 ____D () C:\Users\Waldmann\Documents\MemoMaster 2014-09-27 11:49 - 2012-08-15 11:33 - 00000000 ____D () C:\Users\Waldmann\Desktop\PSVB 2014-09-27 11:45 - 2011-11-01 12:03 - 00000000 ____D () C:\Users\Waldmann\Desktop\Security 2014-09-27 11:25 - 2012-10-09 12:53 - 00003830 _____ () C:\Windows\System32\Tasks\InstallShield Software-Online-Aktualisierungsprogramm 2014-09-27 11:23 - 2011-10-21 18:16 - 00000000 ____D () C:\Users\Waldmann\AppData\Local\Downloaded Installations 2014-09-25 14:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-09-24 14:44 - 2011-10-21 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MemoMaster 2014-09-24 14:19 - 2011-10-21 18:16 - 00000000 ____D () C:\Program Files (x86)\MemoMaster4 2014-09-24 14:09 - 2011-12-23 15:38 - 00000000 ___RD () C:\Users\Waldmann\Desktop\E-Praxis 2014-09-24 13:02 - 2012-04-01 20:32 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-24 13:02 - 2012-04-01 20:32 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-24 13:02 - 2011-10-25 18:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-23 13:40 - 2014-08-02 12:00 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-09-23 13:10 - 2011-10-09 16:44 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-09-23 13:01 - 2011-10-16 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetObjects 2014-09-23 12:52 - 2011-10-16 12:58 - 00000000 ____D () C:\Program Files (x86)\NetObjects 2014-09-19 12:53 - 2014-06-27 16:29 - 00002759 _____ () C:\Users\Public\Desktop\Quicken 2015.lnk 2014-09-18 12:29 - 2014-08-19 18:48 - 00000000 ____D () C:\Users\Waldmann\AppData\Local\Adobe 2014-09-16 18:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help 2014-09-15 09:06 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-09-14 12:58 - 2014-07-05 11:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-14 12:58 - 2014-07-05 11:19 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-14 12:43 - 2012-06-24 17:18 - 00000000 ___RD () C:\Users\Waldmann\Desktop\Foto-Video-Bearbeitung 2014-09-13 18:16 - 2014-07-09 17:49 - 00000000 ____D () C:\Windows\ELAMBKUP 2014-09-13 01:11 - 2009-07-14 06:45 - 00765304 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-12 21:30 - 2012-01-03 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour-Druckdienste 2014-09-12 21:30 - 2012-01-03 14:51 - 00000000 ____D () C:\Program Files\Bonjour Print Services 2014-09-12 21:27 - 2014-01-26 14:35 - 00000000 ____D () C:\Program Files (x86)\Artweaver Free 4 2014-09-12 21:27 - 2012-02-05 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Artweaver Free 2014-09-12 21:17 - 2012-04-06 12:17 - 00001918 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk 2014-09-12 21:17 - 2012-04-06 12:17 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP 2014-09-12 21:16 - 2013-02-16 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-09-12 21:16 - 2013-02-16 16:50 - 00000000 ____D () C:\Program Files\CCleaner 2014-09-12 20:59 - 2011-10-12 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2014-09-12 20:49 - 2011-10-09 16:29 - 00229480 _____ () C:\Users\Waldmann\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-12 20:30 - 2014-01-26 14:14 - 00001088 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk 2014-09-12 20:22 - 2013-08-19 10:00 - 00001802 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-09-12 20:22 - 2012-09-15 12:33 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-09-12 20:17 - 2014-02-02 14:14 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2014-09-12 19:59 - 2013-01-12 15:31 - 00000000 ____D () C:\Program Files\MySQL 2014-09-12 19:59 - 2012-02-05 22:01 - 00000449 _____ () C:\Windows\ODBCINST.INI 2014-09-12 19:58 - 2013-01-12 15:26 - 00000000 ____D () C:\Program Files (x86)\Realify PaperOffice 2014-09-11 03:22 - 2011-11-01 13:26 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-11 03:20 - 2011-11-21 17:51 - 01602692 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-11 03:18 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-11 03:06 - 2011-10-10 13:04 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-09 17:22 - 2011-10-21 17:22 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\apm Files to move or delete: ==================== C:\Users\Waldmann\ATIH2013PP_de-DE.exe C:\Users\Waldmann\JavaSetup7u25.exe C:\Users\Waldmann\Lightroom_5_LS11_win_5_2.exe C:\Users\Waldmann\Setup (1).exe C:\Users\Waldmann\TuneUpUtilities2014 (1).exe C:\Users\Waldmann\TuneUpUtilities2014 (2).exe C:\Users\Waldmann\TuneUpUtilities2014.exe C:\Users\Waldmann\weprintwin.exe Some content of TEMP: ==================== C:\Users\Waldmann\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbry8yz.dll C:\Users\Waldmann\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-06 14:55 ==================== End Of Log ============================ --- --- --- --- --- --- Wenn jetzt alles wieder ok ist - ich denke schon - erstmal 1000-Dank! Kiste läuft wieder stabil und flott! Was kann ich nebst den üblichen Maßnahmen wie HIrn einschalten etc noch tun? Bei mir läuft Kaspersy Internet Security mbam tune-up-utilities ghostery winpatrol Noch Vorschläge zum Schutz? Nochmals Danke! Waldschratt5 |
09.10.2014, 20:06 | #11 | |
/// the machine /// TB-Ausbilder | ebenfalls deutlicher Leistungsabfall Java updaten. Download Ordner auf dem Desktop löschen. Laufwerke E bis H entrümpeln. Zitat:
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |