Hallo,
an meiner Mail war ein Anhang, den ich leider öffnete.
Nach verschieben in den Spam-Ordner ist nun der Anhang weg?
Er hieß: 2014_11rechnung_K4768955881_pdf_sign_telekom_de_deutschland_gmbh.pdf.exe
AdAware hat mir einen Trojaner im ZoneAlarm gemeldet.
Ich habe den Beitrag hier im Forum gelesen.
Was mache ich nun???
Danke und Grüße, powerheinz

------------------------------------------------------------------------------

Von: Telekom Deutschland GmbH [mailto:herrmann@medigerman.de]
Gesendet: Montag, 10. November 2014 11:20
An: Gxxxi.xxxxx@hxx.de
Betreff: RechnungOnline Monat November 2014 (Buchungskonto: 9942375929)



Telekom - erleben, was verbindet.<hxxp://www.t-mobile.de/T-D1/img/display_image/0,3465,224190,00.gif>

Telekom Leiter Kundenservice
<hxxp://www.t- online.de/email/newsletter/1402/img/separator.jpg>
Ihre Rechnung, Monat November 2014

Sehr geehrte Damen und Herren,

in dieser E-Mail übersenden wir Ihnen Ihre aktuelle Rechnung. Rechnungsbetrag für November 2014: 139,58 Euro.

Ihre Rechnung, Monat November 2014 <hxxp://mais.summerblast.pt/r9LVzmxojD> - (Adobe PDF Format).

Diese E-Mail wurde automatisch erzeugt. Bitte antworten Sie nicht an die angeführte Absenderadresse.


Mit freundlichen Grüßen

Ralf Hoßbach
Leiter Kundenservice

© Telekom Leiter Kundenservice 2014 | Hilfe <hxxp://www.t-online.de/email/hilfe> | Kontakt <hxxp://www.t-online.de/email/verschluesselung/kontakt> | Datenschutz <hxxp://www.t-online.de/email/datenschutz> | AGB <hxxp://www.t-online.de/email/agb> | Impressum <hxxp://www.t-online.de/email/impressum>
Sie haben eine Frage an den Kundenservice? Dann nutzen Sie bitte unser E-Mail Kontaktformular. <hxxp://www.t-online.de/email/kontaktformular>
__________________

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Hallo Schrauber,
danke für die rasche Antwort- Im Anhang sind die beiden Dateien.
Vielle Grüße, Heinz

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

• Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
• Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
• Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
• Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

FRST.txt

[CODE]

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01
Ran by Heinz (administrator) on HEINZ-WIN8 on 10-11-2014 19:27:59
Running from D:\Downloads\Trojaner Board
Loaded Profile: Heinz (Available profiles: Heinz & DefaultAppPool)
Platform: Windows 8 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Advanced Micro Devices, Inc.) C:\ATI\ATI.ACE\Fuel\Fuel.Service.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(REINER SCT) C:\WINDOWS\SysWOW64\cjpcsc.exe
(Microsoft Corporation) C:\WINDOWS\System32\dasHost.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\WINDOWS\System32\mqsvc.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe
() C:\WINDOWS\SysWOW64\PSIService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(ZF Electronics GmbH) C:\Program Files (x86)\Cherry\CDI\cdi.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\ws.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
() C:\WINDOWS\DAODx.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Mister Group) C:\Program Files (x86)\System Explorer\SystemExplorer.exe
(Akamai Technologies, Inc.) C:\Users\Heinz\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Heinz\AppData\Local\Akamai\netsession_win.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(ZF Electronics GmbH) C:\Program Files (x86)\Cherry\KeyMan\KeyMan.exe
(ZF Electronics GmbH) C:\Program Files (x86)\Common Files\Cherry\Common\kbdhook64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
((주)마í�¬ì•*니) C:\Program Files (x86)\MarkAny\ContentSafer\MaAgent.exe
(CANON INC.) C:\Program Files (x86)\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
() C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(SAMSUNG ELECTRONICS) C:\Program Files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe
(RAPOO) C:\Program Files (x86)\Rapoo\RP24G\RP24G_Config.exe
() C:\Program Files (x86)\Rapoo\RP24G\LedStatus.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Advanced Micro Devices Inc.) C:\ATI\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\ATI\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Abine Inc.) C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\AbineSDK\IE\DNTPService.exe
(Adobe Systems Incorporated) C:\WINDOWS\System32\Macromed\Flash\FlashUtil_ActiveX.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDesktop.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-25] (CANON INC.)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6468712 2012-03-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [8925504 2014-10-15] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-08-28] (cyberlink)
HKLM-x32\...\Run: [CherryKeyMan] => C:\Program Files (x86)\Cherry\KeyMan\KeyMan.exe [258100 2009-07-29] (ZF Electronics GmbH)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()
HKLM-x32\...\Run: [MAAgent] => C:\Program Files (x86)\MarkAny\ContentSafer\MAAgent.exe [57344 2007-01-30] ((주)마í�¬ì•*니)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1406248 2011-04-08] (Nero AG)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [PDUiP6600DMon] => C:\Program Files (x86)\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe [75376 2006-10-03] (CANON INC.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [Philips Device Listener] => C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [380416 2012-03-19] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-07-16] (CyberLink Corp.)
HKLM-x32\...\Run: [SMSTray] => C:\Program Files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe [126976 2007-02-23] (SAMSUNG ELECTRONICS)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-17] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [210216 2009-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [Rapoo RP24G] => C:\Program Files (x86)\Rapoo\RP24G\RP24G_Config.exe [5386752 2012-09-19] (RAPOO)
HKLM-x32\...\Run: [LedStatus] => C:\Program Files (x86)\Rapoo\RP24G\LedStatus.exe [1701888 2012-02-20] ()
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-05-30] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [StartCCC] => C:\ATI\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\Run: [Google Update] => C:\Users\Heinz\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-10-30] (Google Inc.)
HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-04-19] (Nokia)
HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\Run: [SystemExplorerAutoStart] => C:\Program Files (x86)\System Explorer\SystemExplorer.exe [2513920 2011-01-04] (Mister Group)
HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\Run: [BrowserChoice] => C:\Windows\BrowserChoice\browserchoice.exe [86696 2012-08-15] (Microsoft Corporation)
HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Heinz\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\Run: [badesanh.exe] => C:\Users\Heinz\AppData\Roaming\Identities\badesanh.exe [143422 2012-09-20] ()
HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\MountPoints2: {88fb2212-00b7-11e1-8067-bcaec504af41} - "Q:\pushinst.exe" 
HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\MountPoints2: {8a25c12d-74d0-11e0-88bc-bcaec504af41} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\MountPoints2: {9717af58-2931-11e3-be81-bc054307648b} - "J:\LaunchU3.exe" -a
AppInit_DLLs-x32: C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL => "C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Akruto Sync.lnk
ShortcutTarget: Akruto Sync.lnk -> C:\Program Files\Akruto\AkrutoSync.exe (Akruto)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
URLSearchHook: HKLM-x32 - ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_12_ie&cd=2XzuyEtN2Y1L1Qzu0B0C0A0E0CyDtDyE0A0FyEtCtB0D0CyBtN0D0Tzu0SzztCtDtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0B0FtCyC0ByEyCtGyC0AyByCtGzyzzyDyDtG0Ezy0E0CtGyBzy0CyE0D0ByC0ByEtB0CtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyCyDyDtBtAzy0BtGzy0D0CtAtG0AyEyB0CtGyD0EtD0DtGyD0FyDtA0FtB0FtDzytB0EyB2Q&cr=1219713004&ir=
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO-x32: Zonealarm Helper Object -> {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} -> C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.29.17\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmTlbr.dll (Check Point Software Technologies LTD)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll (pdfforge GmbH)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: HKLM {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab
DPF: HKLM-x32 {65EEE2E1-B8D5-4724-8489-048B551045BF} https://karte.santanderbank.de/gei/plugins/SantanderChipcardPlugin1212.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
ShellExecuteHooks-x32: ShellHook Class - {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files (x86)\MarkAny\ContentSafer\MACSMANAGER.dll [192512 2004-11-23] (MarkAny Cooperation.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\0fjzdvst.default-1396025695923
FF Homepage: https://meine.deutsche-bank.de/trxm/db/init.do?logintab=WebSign
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Heinz\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-1327107963-4175824153-2169469409-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Heinz\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1327107963-4175824153-2169469409-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Heinz\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1327107963-4175824153-2169469409-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-09]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-09]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-05-09]
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension
FF Extension: PDF Architect 2 Creator - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2014-10-31]

Chrome: 
=======
CHR Profile: C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-30]
CHR Extension: (Google Search) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-30]
CHR Extension: (No Name) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp [2014-01-24]
CHR Extension: (Gmail) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-30]
CHR HKLM-x32\...\Chrome\Extension: [jljheddigenhleadfofeccneimcmlefp] - C:\Users\Heinz\AppData\Roaming\speedtest4354\speedtest4354.crx [2013-12-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\ATI\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
R3 Cherry Device Interface; C:\Program Files (x86)\Cherry\CDI\cdi.exe [585774 2009-05-28] (ZF Electronics GmbH) [File not signed]
R2 cjpcsc; C:\WINDOWS\SysWOW64\cjpcsc.exe [515632 2013-05-21] (REINER SCT)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft) [File not signed]
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 2011-05-31] (DTS)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [707888 2014-10-15] ()
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25088 2012-07-26] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
R3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
U2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] () [File not signed]
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-05-30] (Check Point Software Technologies Ltd.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [471552 2012-07-26] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [90936 2014-05-29] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\system32\DRIVERS\lgandnetndis64.sys [93184 2012-07-04] (LG Electronics Inc.)
R2 AODDriver4.3; C:\ATI\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [215040 2013-12-19] (Advanced Micro Devices)
R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek                                            )
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
R1 BdfNdisf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [97816 2013-07-17] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [107080 2013-07-17] (BitDefender LLC)
R3 cjusb; C:\Windows\system32\DRIVERS\cjusb.sys [35192 2012-09-04] (REINER SCT)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-18] (Windows (R) Win 7 DDK provider)
R3 fwlanusbn; C:\Windows\system32\DRIVERS\fwlanusbn.sys [714368 2010-10-22] (AVM GmbH)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-04-22] (BitDefender LLC)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2014-04-30] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2014-04-30] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-04-30] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [490080 2014-04-30] (Kaspersky Lab ZAO)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [185856 2012-07-26] (Microsoft Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R3 rpkmdrv; C:\Windows\system32\drivers\rpkmdrv.sys [21248 2012-08-16] ()
S3 slabbus; C:\Windows\System32\drivers\slabbus.sys [88360 2014-07-04] (MCCI Corporation)
S3 slabser; C:\Windows\system32\DRIVERS\slabser.sys [112424 2014-07-04] (MCCI Corporation)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-04-22] (BitDefender S.R.L.)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [450968 2014-05-30] (Check Point Software Technologies Ltd.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [64000 2012-07-26] (Microsoft Corporation)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-08-28] (CyberLink Corp.)
S3 AODDriver4.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
U3 idsvc; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 19:27 - 2014-11-10 19:28 - 00000000 ____D () C:\FRST
2014-11-08 12:28 - 2014-11-09 10:48 - 00000000 ____D () C:\WINDOWS\system32\AutoUpdateLicense
2014-11-08 12:27 - 2014-10-22 04:34 - 00010777 _____ () C:\WINDOWS\system32\AutoconfigV2.cab
2014-11-08 12:27 - 2014-10-22 04:33 - 00581016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AutoUpdate.exe
2014-11-08 12:27 - 2014-10-22 04:33 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe
2014-11-08 12:27 - 2014-10-22 02:08 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-11-08 12:27 - 2014-10-22 02:08 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-11-08 12:27 - 2014-10-22 02:01 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-11-08 12:27 - 2014-10-22 02:01 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2014-11-08 12:27 - 2014-10-22 02:01 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-11-08 12:27 - 2014-10-22 02:00 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2014-11-07 09:01 - 2014-11-07 09:01 - 00000000 ____D () C:\Users\Heinz\AppData\Local\PDFCreator
2014-10-31 17:41 - 2014-10-31 17:41 - 00001026 _____ () C:\Users\Public\Desktop\PDF Architect 2.lnk
2014-10-31 17:40 - 2014-10-31 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-10-31 17:39 - 2014-10-31 17:39 - 00110776 _____ (pdfforge GmbH) C:\WINDOWS\system32\pdfcmon.dll
2014-10-31 17:39 - 2014-10-31 17:39 - 00000845 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2014-10-31 17:39 - 2014-10-31 17:39 - 00000000 ____D () C:\Users\Heinz\AppData\Roaming\pdfforge
2014-10-31 17:39 - 2014-10-31 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-10-28 19:45 - 2014-10-28 19:45 - 00000000 ____D () C:\Users\Heinz\AppData\Roaming\PDF Architect 2
2014-10-28 19:26 - 2014-10-31 17:41 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2
2014-10-28 19:25 - 2014-11-05 19:22 - 00000000 ____D () C:\Program Files\PDFCreator
2014-10-28 19:25 - 2014-10-28 19:25 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-10-28 18:51 - 2012-05-16 08:10 - 00000000 ____D () C:\Users\Heinz\Desktop\CP210x_VCP_Win7
2014-10-24 07:22 - 2014-09-13 07:24 - 02233152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-10-24 07:22 - 2014-09-06 01:46 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-10-24 07:22 - 2014-09-03 03:48 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2014-10-24 07:22 - 2014-09-03 03:48 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2014-10-24 07:22 - 2014-09-03 03:22 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2014-10-24 07:22 - 2014-09-03 03:21 - 00623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2014-10-24 07:22 - 2014-09-03 03:21 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2014-10-24 07:22 - 2014-08-29 05:17 - 02043392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2014-10-24 07:22 - 2014-08-29 05:17 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2014-10-24 07:22 - 2014-08-29 05:04 - 02837504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2014-10-24 07:22 - 2014-08-29 05:04 - 00309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2014-10-24 07:22 - 2014-08-28 07:04 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOMEX.dll
2014-10-24 07:22 - 2014-08-28 07:04 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
2014-10-24 07:22 - 2014-08-28 06:59 - 00616448 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2014-10-24 07:22 - 2014-08-28 06:59 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2014-10-24 07:22 - 2014-08-28 06:59 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSTIFF.dll
2014-10-24 07:22 - 2014-08-28 06:59 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXST30.dll
2014-10-24 07:22 - 2014-07-24 14:12 - 00328512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-10-24 07:21 - 2014-09-18 00:24 - 02416128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-10-24 07:21 - 2014-09-17 23:56 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-10-23 13:27 - 2014-10-23 13:28 - 00000000 ____D () C:\Program Files (x86)\GUM103C.tmp
2014-10-22 16:30 - 2014-10-22 16:30 - 00001251 _____ () C:\Users\Heinz\Desktop\fritz.box.lnk
2014-10-19 17:53 - 2014-10-19 17:53 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-10-19 17:53 - 2014-10-19 17:53 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-10-19 09:38 - 2014-10-19 09:38 - 00000253 _____ () C:\Users\Heinz\Spraydosen.txt
2014-10-19 09:02 - 2014-10-19 09:03 - 00000000 ____D () C:\Program Files (x86)\GUM6277.tmp
2014-10-18 17:45 - 2014-10-18 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-10-18 17:44 - 2014-10-18 17:44 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-10-17 15:03 - 2014-10-17 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Box
2014-10-17 15:03 - 2014-10-17 15:03 - 00000000 ____D () C:\Program Files (x86)\FRITZ!BoxPrint
2014-10-17 15:03 - 2014-10-17 15:03 - 00000000 ____D () C:\Program Files (x86)\FRITZ!Box
2014-10-17 15:03 - 2006-12-14 13:42 - 00069120 ____R (AVM Berlin) C:\WINDOWS\SysWOW64\avmadd32.dll
2014-10-17 15:03 - 2006-05-29 02:00 - 00016384 ____R (AVM Berlin GmbH) C:\WINDOWS\SysWOW64\avmprmon.dll
2014-10-17 10:40 - 2014-09-29 23:49 - 00705480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-10-17 10:40 - 2014-09-29 23:49 - 00104904 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-17 10:26 - 2014-09-20 06:16 - 19280896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-10-17 10:26 - 2014-09-20 04:57 - 14368768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-10-17 10:26 - 2014-09-13 06:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-10-17 10:26 - 2014-09-13 05:02 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-10-17 10:26 - 2014-09-03 03:48 - 00510464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-10-17 10:26 - 2014-09-03 03:21 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-10-17 10:26 - 2014-07-07 06:53 - 01125376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2014-10-17 10:26 - 2014-07-07 06:52 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-10-17 10:26 - 2014-07-07 06:52 - 00724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-10-17 10:26 - 2014-07-07 06:52 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsta.dll
2014-10-17 10:26 - 2014-07-07 06:51 - 05982208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-10-17 10:26 - 2014-07-07 05:01 - 01049600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2014-10-17 10:26 - 2014-07-07 05:01 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsta.dll
2014-10-17 10:26 - 2014-07-07 05:00 - 05095424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-10-17 10:26 - 2014-07-07 04:59 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aaclient.dll
2014-10-17 10:25 - 2014-09-20 06:18 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-10-17 10:25 - 2014-09-20 06:17 - 02236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-10-17 10:25 - 2014-09-20 06:17 - 01407488 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-10-17 10:25 - 2014-09-20 06:17 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-10-17 10:25 - 2014-09-20 06:17 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 15399424 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 02655232 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-10-17 10:25 - 2014-09-20 06:15 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-10-17 10:25 - 2014-09-20 06:15 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-10-17 10:25 - 2014-09-20 06:15 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 13757952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 02861568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 02055168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 01762816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 01180672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-10-17 10:25 - 2014-09-20 04:56 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-10-17 10:25 - 2014-09-20 04:56 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-10-17 10:25 - 2014-09-20 04:56 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-10-17 10:25 - 2014-09-20 04:38 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-10-17 10:25 - 2014-09-20 04:33 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-10-17 10:25 - 2014-09-20 02:06 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-10-15 17:40 - 2014-10-15 17:40 - 00000000 ____D () C:\WINDOWS\SysWOW64\Adobe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 19:07 - 2012-10-30 16:49 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1327107963-4175824153-2169469409-1000UA.job
2014-11-10 18:32 - 2011-05-02 17:38 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-10 18:17 - 2013-08-11 15:20 - 00000000 ____D () C:\Users\Heinz\AppData\Local\Akruto
2014-11-10 18:16 - 2011-05-02 17:38 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-10 18:16 - 2011-05-02 17:00 - 00000000 ____D () C:\Users\Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2014-11-10 18:06 - 2012-05-11 09:05 - 00000000 ____D () C:\Users\Heinz\AppData\Local\CrashDumps
2014-11-10 18:00 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-10 14:55 - 2011-05-02 17:07 - 00000000 ____D () C:\Temp
2014-11-10 14:35 - 2014-06-28 15:40 - 00000000 ____D () C:\Users\Heinz\AppData\Local\DoNotTrackPlus
2014-11-10 14:32 - 2011-05-02 16:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-09 11:28 - 2012-07-26 11:27 - 00871150 _____ () C:\WINDOWS\system32\perfh007.dat
2014-11-09 11:28 - 2012-07-26 11:27 - 00199216 _____ () C:\WINDOWS\system32\perfc007.dat
2014-11-09 11:28 - 2012-07-26 08:28 - 02057842 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-08 12:28 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\WinStore
2014-11-08 12:28 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-07 16:17 - 2014-04-29 17:49 - 00000432 _____ () C:\WINDOWS\BRWMARK.INI
2014-11-07 16:16 - 2011-05-03 11:14 - 00000544 _____ () C:\WINDOWS\I_VIEW32.INI
2014-11-07 13:38 - 2011-12-29 09:49 - 00000000 ____D () C:\Users\Heinz\AppData\Roaming\Skype
2014-11-07 13:29 - 2011-12-29 09:49 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-07 13:29 - 2011-12-29 09:49 - 00000000 ____D () C:\ProgramData\Skype
2014-11-07 10:07 - 2012-10-30 16:49 - 00001090 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1327107963-4175824153-2169469409-1000Core.job
2014-11-07 09:34 - 2013-11-07 15:39 - 00000000 ____D () C:\Users\Heinz\AppData\Roaming\vlc
2014-11-05 20:31 - 2014-03-23 18:52 - 00002314 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-11-05 20:30 - 2012-07-26 08:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-05 20:25 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-10-31 17:41 - 2013-06-26 16:04 - 00030665 ____H () C:\WINDOWS\SysWOW64\BTImages.dat
2014-10-30 09:09 - 2012-10-30 16:50 - 00002370 _____ () C:\Users\Heinz\Desktop\Google Chrome.lnk
2014-10-29 12:59 - 2013-08-16 09:04 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1327107963-4175824153-2169469409-1000
2014-10-27 15:19 - 2014-02-20 19:22 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-10-24 11:46 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-10-24 10:56 - 2012-07-26 09:12 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-24 10:46 - 2014-09-21 12:30 - 00439352 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-24 08:07 - 2012-07-26 09:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-23 13:27 - 2011-05-02 17:38 - 00004102 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-23 13:27 - 2011-05-02 17:38 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-19 17:54 - 2013-10-19 10:55 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-19 17:53 - 2014-08-11 14:58 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-10-19 17:53 - 2014-08-11 14:58 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-10-19 09:38 - 2013-08-16 08:33 - 00000000 ____D () C:\Users\Heinz
2014-10-19 09:02 - 2012-10-30 16:49 - 00004092 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1327107963-4175824153-2169469409-1000UA
2014-10-19 09:02 - 2012-10-30 16:49 - 00003712 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1327107963-4175824153-2169469409-1000Core
2014-10-17 15:43 - 2014-02-28 13:41 - 00000851 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Akruto Sync.lnk
2014-10-17 15:43 - 2014-02-28 13:41 - 00000839 _____ () C:\Users\Public\Desktop\Akruto Sync.lnk
2014-10-17 15:43 - 2014-02-28 13:41 - 00000000 ____D () C:\Program Files\Akruto
2014-10-17 10:32 - 2013-08-01 16:12 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-17 10:26 - 2011-05-02 15:48 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Heinz\AppData\Local\Temp\NOSEventMessages.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-06 12:46

==================== End Of Log ============================
         

--- --- ---

--- --- ---

--- --- ---


Addition.txt

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2014 01
Ran by Heinz at 2014-11-10 19:31:27
Running from D:\Downloads\Trojaner Board
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ZoneAlarm Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Der Herr der Ringe Online™“ v03.08.00.8025 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 03.08.00.8025 - Turbine, Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Ad-Aware Antivirus (HKLM\...\{6D1428BD-E5F2-4378-B620-E7442E7C2BFB}_AdAwareUpdater) (Version: 11.4.6792.0 - Lavasoft)
AdAwareInstaller (Version: 11.4.6792.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.4.6792.0 - Lavasoft) Hidden
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Akruto Sync 3.1.50 (HKLM\...\{024E90DA-8432-40E9-8B31-3C68D1999A36}) (Version: 3.1.50 - Akruto, Inc.)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD USB 3.0 Device Detector (HKLM\...\{75B629B2-E7D8-4B4B-87F8-97F8C8031A61}) (Version: 2.1.29.0 - Advanced Micro Devices, Inc.)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden
Araxis Merge 2001 Professional (HKLM-x32\...\{44F86AF5-78D2-4A69-8985-AFB4F39298E0}) (Version:  - )
ArcaniA - Gothic 4 (HKLM-x32\...\ArcaniA) (Version:  - JoWooD Entertainment AG)
ArcaniA - Gothic 4 Hotfix (HKLM-x32\...\{EE74D039-45D7-44E9-BF95-B9CFB015964F}_is1) (Version:  - JoWooD Entertainment AG)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version:  - AVM Berlin)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)
Brother MFL-Pro Suite MFC-9320CW (HKLM-x32\...\{A1BBEE16-49B1-42F2-95B8-54C8C6A1C0C3}) (Version: 3.0.3.0 - Brother Industries, Ltd.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Camtasia Studio 7 (HKLM-x32\...\{DE042823-C359-4B87-B66B-308057E8B6AF}) (Version: 7.0.1 - TechSmith Corporation)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
Canon iP6600D Memory Card Utility (HKLM-x32\...\{86D28491-78AB-445C-A507-6F3FA81D7611}) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version:  - )
Classic Shell (HKLM\...\{FEA1590B-540A-41FC-A95C-664493C82A21}) (Version: 3.6.8 - IvoSoft)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.2.8 - Elaborate Bytes)
Combat Arms EU (HKLM-x32\...\Combat Arms EU) (Version:  - )
Command & Conquer Alarmstufe Rot 2 (HKLM-x32\...\Red Alert 2) (Version:  - )
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel MediaOne (HKLM-x32\...\{3C569633-C8DE-46E2-BB8F-F65198681C2F}) (Version: 2.100.0000 - Corel Corporation)
Corel Painter Photo Essentials 4 (HKLM-x32\...\_{707EB912-C597-49D8-9460-46CC9AB03EBE}) (Version:  - Corel Corporation)
Corel Painter Photo Essentials 4 (x32 Version: 4.0 - Corel Corporation) Hidden
Corel PaintShop Pro X4 (HKLM-x32\...\_{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.0.0.332 - Corel Corporation)
Corel PaintShop Pro X4 (x32 Version: 14.2.0.1 - Corel Corporation) Hidden
Corel PaintShop Pro X6 (HKLM-x32\...\_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.2.0.20 - Corel Corporation)
Corel PaintShop Pro X6 (x32 Version: 16.2.0.20 - Corel Corporation) Hidden
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.7 - REINER SCT)
CyberLink BD Advisor 2.0 (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version:  - )
CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2806 - CyberLink Corp.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3102 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3224 - CyberLink Corp.)
CyberLink PowerBackup (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.4511 - CyberLink Corp.)
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.3228 - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1520 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.2609 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DVD Shrink 3.2 deutsch (DeCSS-frei) (HKLM-x32\...\DVD Shrink DE_is1) (Version:  - DVD Shrink)
easyFly 4 (HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\{09696666-CB70-4056-A504-D916D92933E2}) (Version: 4.0.1.3 - IPACS)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
EQ2MAP Updater 1.2.10 (HKLM-x32\...\EQ2MAP Updater) (Version: 1.2.10 - Johan Nilsson)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
EverQuest II (2) (HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\SOE-EverQuest II (2)) (Version:  - Sony Online Entertainment)
EverQuest II (HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\SOE-EverQuest II) (Version:  - Sony Online Entertainment)
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free Studio version 5.0.13 (HKLM-x32\...\Free Studio_is1) (Version:  - DVDVideoSoft Limited.)
Free YouTube to MP3 Converter version 3.12.30.319 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.30.319 - DVDVideoSoft Ltd.)
freedb database (HKLM-x32\...\freedb database) (Version:  - )
FUJIFILM MyFinePix Studio 3.1 (HKLM-x32\...\MyFinePix Studio_is1) (Version:  - )
Garmin City Navigator Europe NT 2013.10 Update (HKLM-x32\...\{EC28FA6E-E38D-4F72-80EF-1FBE66B05668}) (Version: 16.10.0.0 - Garmin Ltd or its subsidiaries)
Garmin MapInstall (HKLM-x32\...\{5ED7CD44-1A33-4B36-BA09-0B55FE82AF95}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Gemeinsam genutzte Internet-Komponenten von Westwood (HKLM-x32\...\WOLAPI) (Version:  - )
Gigaset QuickSync (HKLM\...\{17bce0e9-930e-4afb-8089-6863c562379c}) (Version: 8.1.0859.15652 - Gigaset Communications GmbH)
Google Chrome (HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth (HKLM-x32\...\{C768790F-04FB-11E0-9B2C-001AA037B01E}) (Version: 6.0.1.2032 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
High-Definition Video Playback (x32 Version: 7.3.10800.5.0 - Nero AG) Hidden
ICA (x32 Version: 14.0.0.332 - Corel Corporation) Hidden
ICA (x32 Version: 16.1.0.48 - Corel Corporation) Hidden
ImageSkill Background Remover 3 (HKLM-x32\...\ImageSkill Background Remover 3) (Version: 3.0 - ImageSkill)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
IPM_PSP_COM (x32 Version: 14.0.0.332 - Corel Corporation) Hidden
IPM_PSP_COM (x32 Version: 16.1.0.48 - Corel Corporation) Hidden
IPM_PSP_COM64 (Version: 16.1.0.48 - Corel Corporation) Hidden
IZArc 4.1.2 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.2 - Ivan Zahariev)
Java 2 Runtime Environment, SE v1.4.2_19 (HKLM-x32\...\{7148F0A8-6813-11D6-A77B-00B0D0142190}) (Version: 1.4.2_19 - Sun Microsystems, Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMicron Technology Corp.)
JNLP (HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\JNLP) (Version:  - JNLP)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
KeyMan V4.0 Build 5 (HKLM-x32\...\{DC627AE5-A2B1-4D16-AF56-178D10EC3E81}) (Version: 4.0.0.5 - ZF Electronics GmbH)
Kopplungswerkzeuge für Rapoo-Maus und -Tastatur V3.2 (HKLM-x32\...\{1899FF3C-B115-4C6C-A81A-9F1FBBCEAF36}_is1) (Version:  - Rapoo Inc.)
LabelEditor (HKLM-x32\...\LabelEditor) (Version:  - )
Lame ACM MP3 Codec (HKLM-x32\...\Lame MP3 Codec (for the ACM)) (Version:  - )
Legends of Norrath (HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\SOE-LegendsOfNorrath) (Version:  - Sony Online Entertainment)
Licensing Service Install (HKLM-x32\...\{AF72E557-0647-4DE5-ACDA-ECFB38D5D732}) (Version: 2.0.1.181 - Protexis Inc.)
LightScribe System Software (HKLM-x32\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
MAGIX Slideshow Maker 2 (HKLM-x32\...\MAGIX_MSI_Slideshow_Maker_2) (Version: 2.0.0.8 - MAGIX AG)
MAGIX Slideshow Maker 2 (x32 Version: 2.0.0.8 - MAGIX AG) Hidden
Media Add-ons für Acronis True Image Home 2011 (HKLM-x32\...\{9A5509EE-5579-46C1-B566-5065545547F9}) (Version: 14.0.5041 - Acronis)
Micrografx Picture Publisher 10 DCE (HKLM-x32\...\{C9525341-51CA-4e8d-A7A5-3B0A690DB64D}) (Version: 1.0.0.0 - Micrografx, Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office XP Professional mit FrontPage (HKLM-x32\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Moorhuhn Kart Extra XXL (HKLM-x32\...\{DE60CAE2-4CA8-4A6A-A557-0668004FE889}) (Version:  - )
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
myMP3 4.0 (HKLM-x32\...\myMP3 4.0) (Version:  - )
Nero 10 ClipartPack (HKLM-x32\...\{96ED4B78-300E-4033-AE6C-C115CEB4DF07}) (Version: 10.6.10000.11.0 - Nero AG)
Nero 10 Kwik Themes 1 (HKLM-x32\...\{43FBAB46-5969-4200-9958-1FF81FEE506F}) (Version: 10.6.10000.1.0 - Nero AG)
Nero 10 Kwik Themes 2 (HKLM-x32\...\{70F19404-B96C-4EBB-AD2B-3574F8736197}) (Version: 10.6.10000.2.0 - Nero AG)
Nero 10 Kwik Themes 3 (HKLM-x32\...\{DD238642-14C7-4D54-8BD7-FAD6DEA9999B}) (Version: 10.6.10000.1.0 - Nero AG)
Nero 10 Kwik Themes 4 (HKLM-x32\...\{A70B0C7B-3527-4D53-A694-E9492ECE9EE1}) (Version: 10.6.10000.1.0 - Nero AG)
Nero 10 Menu TemplatePack 1 (HKLM-x32\...\{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}) (Version: 10.6.10000.0.0 - Nero AG)
Nero 10 Menu TemplatePack 2 (HKLM-x32\...\{E712C273-7564-4C8E-AA59-0FA19BC35117}) (Version: 10.6.10000.0.0 - Nero AG)
Nero 10 Menu TemplatePack 3 (HKLM-x32\...\{92146419-AE44-4C8B-A48B-0ABB1B5EC026}) (Version: 10.6.10000.1.0 - Nero AG)
Nero 10 PiP EffectPack 1 (HKLM-x32\...\{EF3A4DAE-F16F-4AC1-87BB-FE00A784084F}) (Version: 10.6.10000.0.0 - Nero AG)
Nero 10 Sample ImagePack (HKLM-x32\...\{ACD15FDF-FC42-4175-B477-576F92FF2256}) (Version: 10.6.10000.11.0 - Nero AG)
Nero 10 Sample Videos (HKLM-x32\...\{92A10E9D-EA00-4A46-8F22-EEA660992D61}) (Version: 10.6.10000.11.0 - Nero AG)
Nero 10 Video TransitionPack 1 (HKLM-x32\...\{85BEC8F6-9AA3-43FF-B56B-8276277137B3}) (Version: 10.6.10000.0.0 - Nero AG)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.10400.4.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.6.10600.4.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10300.1.100 - Nero AG)
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.6.10500.3.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10400.0.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10600.4.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10200.0.100 - Nero AG)
Nero Kwik Media (HKLM-x32\...\{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}) (Version: 1.6.14200.48.100 - Nero AG)
Nero Multimedia Suite 10 Platinum HD (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.6.11800 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.10.10600.4.100 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.10.10300.2.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10400.2.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.4.10800.7.100 - Nero AG)
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.10.10400.3.100 - Nero AG)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.30.0 - Nokia)
Nokia Suite (x32 Version: 3.8.30.0 - Nokia) Hidden
NovaBench 3.0.2 (HKLM-x32\...\{21F85E63-880A-4D34-9D48-236429F4B159}_is1) (Version:  - NovaTech Network)
NVIDIA PhysX (HKLM-x32\...\{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}) (Version: 9.10.0223 - NVIDIA Corporation)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.51.17865 - pdfforge GmbH)
PDF Architect 2 Create Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 Edit Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 View Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.9.5 - pdfforge)
Philips Songbird (HKLM-x32\...\Philips Songbird) (Version: 6.1.2265 (2265) - Koninklijke Philips Electronics N.V.)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PHOTORECOVERY LE (HKLM-x32\...\{8D03A164-B586-4318-AFE6-870A5E2739C1}) (Version: 1.0.0 - LC Technology International)
PSPPContent (x32 Version: 14.0.0.332 - Corel Corporation) Hidden
PSPPContent (x32 Version: 16.1.0.48 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 14.0.0.332 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 16.1.0.48 - Corel Corporation) Hidden
PSPPro64 (Version: 14.0.0.332 - Corel Corporation) Hidden
PSPPro64 (Version: 16.2.0.20 - Corel Corporation) Hidden
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RAF (HKLM-x32\...\{E6B43401-E818-4961-AFED-118DD8E87642}) (Version: 1.00.0001 - FUJIFILM Corporation)
Rapoo -Tastatur- und Maustreiber v1.4 (HKLM-x32\...\{823622ED-4C3A-467C-A9A5-EFBF18FEED92}_is1) (Version:  - Rapoo Inc.)
RAW FILE CONVERTER EX powered by SILKYPIX (HKLM-x32\...\InstallShield_{30B1CCDB-209B-4E94-8311-379F2E6B6B59}) (Version: 3 - Ichikawa Soft Laboratory)
RAW FILE CONVERTER EX powered by SILKYPIX (x32 Version: 3 - Ichikawa Soft Laboratory) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6602 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.1 - Renesas Electronics Corporation) Hidden
Samsung Media Studio (HKLM-x32\...\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}) (Version: 5 - Samsung)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
Samsung Mobile phone USB driver Software (HKLM\...\Samsung Mobile phone USB driver) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Samsung Music Studio (HKLM-x32\...\{1EC4CE9D-EAEE-4DA1-AB8D-9E6B7FED6742}) (Version:  - )
Samsung PC Studio 3 (HKLM-x32\...\{C4A4722E-79F9-417C-BD72-8D359A090C97}) (Version: 3.2.1.80206 - Samsung Electronics Co., Ltd.)
Samsung PC Studio 3 (x32 Version: 3.0.0.80206 - Samsung Electronics Co., Ltd.) Hidden
Samsung PC Studio 3 USB Driver Installer (HKLM-x32\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
Setup (x32 Version: 14.0.0.332 - Ihr Firmenname) Hidden
Setup (x32 Version: 16.1.0.48 - Ihr Firmenname) Hidden
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version:  - )
Silicon Laboratories CP210x VCP Drivers for Windows 7 (HKLM-x32\...\{24369F59-82BE-474E-9A28-B58CB0E42B20}) (Version: 5.40.24 - Silicon Laboratories, Inc.)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.0.14735.1561 - Microsoft Corporation)
Skypeâ„¢ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SmartTools Office DDE-Fix (HKLM-x32\...\SmartTools PublishingOffice DDE-Fixv1.20) (Version: v1.20 - SmartTools Publishing)
SUPER © v2013.build.59+Recorder (2013/12/18) Version v2013.buil (HKLM-x32\...\{8E2A18E2-96AF-4DF9-8459-5C06B75139A4}_is1) (Version: v2013.build.59+Recorder - eRightSoft)
System Explorer 2.6.2 (HKLM-x32\...\System Explorer_is1) (Version:  - Mister Group)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
UltraEdit-32 Uninstall (HKLM-x32\...\UltraEdit-32) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
WebFilteringEngine (Version: 2.2.1.0 - Lavasoft) Hidden
WebSign Basiskomponeten (HKLM-x32\...\{FEB6267D-47E0-41DD-99F7-C8C68B9899F3}) (Version:  - )
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Phone app for desktop (HKLM-x32\...\{9C4D79B6-238E-49D8-AEBC-26384EBDE6B3}) (Version: 1.0.1720.1 - Microsoft Corporation)
Windows-Treiberpaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/11/2009 2.0.0010.00002) (HKLM\...\B81055EA372C9E3EA5000B4BD9585D992D51F1DE) (Version: 08/11/2009 2.0.0010.00002 - Google, Inc.)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WMV Converter 3.2 (HKLM-x32\...\{867D3E0B-B774-4BB6-B439-675E62C6386A}_is1) (Version:  - WMV Converter)
Xenorate [2.20.0.0] (HKLM-x32\...\Xenorate_is1) (Version:  - Encorex)
Xilisoft Video Converter Ultimate 6 (HKLM-x32\...\Xilisoft Video Converter Ultimate 6) (Version: 6.5.2.0125 - Xilisoft)
XMedia Recode Version 3.1.7.7 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.7.7 - XMedia Recode)
XviD MPEG-4 Video Codec (HKLM-x32\...\XviD_is1) (Version: XviD-1.0.3-20122004 - XviD Team (Koepi))
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
YP-F1 (HKLM-x32\...\{39F8D2F6-7755-40DE-A21F-D47B97164CE6}) (Version:  - )
ZoneAlarm Antivirus (x32 Version: 13.2.015.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 13.2.015.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 13.2.015.000 - Check Point)
ZoneAlarm Security (x32 Version: 13.2.015.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (HKLM-x32\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
ZoneAlarm Security Toolbar  (HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1327107963-4175824153-2169469409-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Heinz\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1327107963-4175824153-2169469409-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Heinz\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1327107963-4175824153-2169469409-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Heinz\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1327107963-4175824153-2169469409-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Heinz\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1327107963-4175824153-2169469409-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Heinz\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1327107963-4175824153-2169469409-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Heinz\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

24-10-2014 06:22:49 Windows Update
28-10-2014 17:57:08 Removed PDF Architect
31-10-2014 16:40:32 Installed PDF Architect 2 View Module
08-11-2014 11:26:19 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0301E901-E379-4D6A-9D70-41C48631B9ED} - System32\Tasks\Microsoft\Office\Office Background Streaming => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
Task: {08BE97CF-6C4C-437A-B941-C9B0ABE015C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {0A16E81C-0B6A-4181-B7C9-D26B28BB0F37} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {14305879-0017-498A-A225-63F9305B19B5} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {148A39C9-8A6D-41F1-BEF9-2AC974E5619D} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {175C41DB-03D3-455E-B158-42C309616816} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {1990915D-1E87-4F64-B009-921D51E6E90A} - System32\Tasks\{00447BFB-0D97-492B-8BF8-F055DEBCFB37} => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe
Task: {251EBC2D-4D37-47BA-B43A-CD40E712FEF6} - System32\Tasks\{CB5D9A47-3CE7-4449-852F-447A12B638A2} => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe
Task: {262C264C-97AB-4FDF-A25C-C083244ECA61} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {2823A7AD-448A-4538-BF1D-5AC017573607} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {3105E456-C743-4404-97D3-875B2E304E37} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1327107963-4175824153-2169469409-1000UA => C:\Users\Heinz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-30] (Google Inc.)
Task: {381BA9C7-4672-4292-A866-739DD3D750C0} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {39A6092D-CC96-4136-93DA-1FB10307B6FC} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {3FF9C1C5-1E63-476E-8F7A-E47045484A4E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {43941071-03DC-4A2E-A4F3-2A76D3A875EE} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {4C5701AA-B60B-4301-AADE-D7FA2499A9AB} - System32\Tasks\Heinz NBAgent 5 4 => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2011-04-08] (Nero AG)
Task: {4D4BB9CB-F529-4B28-81DC-06DAF34A2225} - System32\Tasks\{1B8CE2A9-364F-43CB-A1E0-503CFB0AD77B} => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe
Task: {5A657256-C725-4F5C-A20A-56FC98B67600} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {635D02F0-4476-4DC9-B0B1-1FAC5ADF26FA} - System32\Tasks\{F5D3B857-0B57-4F88-B4B1-A2FEDE623312} => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe
Task: {66B961B8-4939-4992-810E-7C464905798B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {6D094B2E-29A3-4A63-B2CC-0F009CF8404D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {6D808753-A781-460C-AEDA-E9ED726685E3} - System32\Tasks\{3547A973-C7AF-474B-8AE8-05853B0C153B} => C:\Program Files (x86)\Micrografx\Picture Publisher 10 DCE\PhotoAlbum.exe [2001-09-25] (Micrografx)
Task: {7131AB95-AF72-44E5-9058-5DEB68F600C3} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\Elaborate Bytes\CloneDVD2\ExecuteWithUAC.exe [2008-06-27] ()
Task: {7B6A4FEA-77F8-422C-A93D-66A0716F4593} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {7E2E007A-315B-4D03-8E0B-8F5901D1012C} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {7E894F3A-818C-4783-91FF-E4C46CF7C05D} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {84FD128E-C524-4CA4-B503-4C1D3AC6173A} - \AmiUpdXp No Task File <==== ATTENTION
Task: {88D0702B-F002-4BE3-9F72-53A346292A6C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {8B4EED2E-EF57-424B-9DE5-E5AAC045AE64} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {8FFDE1B3-0D53-4AF0-9D54-B003F47FA0FF} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {91517AF7-8798-47FD-A5A6-F535886052E3} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {B8B0A9B7-41A4-438B-9ED0-7B5DED26FD91} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {BB92E7E6-48AF-4C99-87FA-A4772D40D654} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1327107963-4175824153-2169469409-1000Core => C:\Users\Heinz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-30] (Google Inc.)
Task: {CA070996-4C8C-427C-A39C-75AD8EC376B0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-17] (Microsoft Corporation)
Task: {CAD97F0A-731E-4982-9BCC-D6E80C552266} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {D83B47F3-0473-4258-AA77-443291F16116} - System32\Tasks\{43BB9E06-2E59-462D-AC26-47B206FBD343} => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe
Task: {E1740D1F-96FE-479E-8158-D4B93AFBD1D7} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {E5506ED7-4C0D-46CD-9F88-4F29D0D04740} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {E76664DC-182A-452A-A71F-8AA05024DC1A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {E8BCAA86-0EDD-471E-9480-560C5E4483D8} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {F0F38F5B-8366-44AC-975E-6C5548954736} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {F998B997-DA2F-448A-A9AF-70433CF54225} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
Task: {FAC6482A-FDCA-4081-8DD2-EF34B6762CFD} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FF5287CE-B1BA-42AD-9C66-B7AB39450196} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1327107963-4175824153-2169469409-1000Core.job => C:\Users\Heinz\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1327107963-4175824153-2169469409-1000UA.job => C:\Users\Heinz\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-07-19 18:30 - 2006-02-23 11:35 - 00020480 _____ () C:\WINDOWS\System32\FritzColorPort64.dll
2011-07-19 18:30 - 2006-02-22 10:39 - 00020480 _____ () C:\WINDOWS\System32\FritzPort64.dll
2014-04-17 21:29 - 2014-04-17 21:29 - 00214528 _____ () C:\ATI\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\ATI\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\ATI\ATI.ACE\Fuel\Platform.dll
2014-04-17 21:29 - 2014-04-17 21:29 - 00127488 _____ () C:\ATI\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-10-15 12:37 - 2014-10-15 12:37 - 00707888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
2014-10-15 13:03 - 2014-10-15 13:03 - 00103768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_thread-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_system-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_date_time-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_filesystem-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_chrono-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 12459344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareServiceKernel.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\RCF.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00788824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_regex-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00734536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareActivation.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 02185560 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareApplicationUpdater.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00813896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareGamingMode.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00098624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareReset.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00120128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTime.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00952152 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDefinitionsUpdater.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00869224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDefinitionsUpdaterScheduler.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01108808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareIgnoreList.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00250696 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareQuarantine.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00989016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiMalwareEngine.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiRootkitEngine.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01172816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScannerHistory.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01281344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScanner.dll
2014-10-15 13:04 - 2014-10-15 13:04 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_timer-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00976728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScannerScheduler.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01092440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareRealTimeProtection.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareIncompatibles.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00893768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiSpam.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00845136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiPhishing.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 03096912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareParentalControl.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 02887504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareWebProtection.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01067344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareEmailProtection.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01290584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareNetworkProtection.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01004352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwarePromo.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00343880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareFeedback.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 02787160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareThreatWorkAlliance.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01264960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwarePinCode.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01004864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareNotice.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00957256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAvcEngine.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01179496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareRealTimeProtectionHistory.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00154944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\SecurityCenter.dll
2014-03-23 18:53 - 2013-07-17 17:09 - 00156936 _____ () C:\WINDOWS\SYSTEM32\bdfwcore.dll
2014-06-27 08:45 - 2014-07-07 13:21 - 00766976 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpbr.mdl
2014-06-27 08:45 - 2014-07-07 13:21 - 00556032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpdsp.mdl
2014-06-27 08:45 - 2014-07-07 13:21 - 02575360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpph.mdl
2014-06-27 08:45 - 2014-07-07 13:21 - 01306112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttprbl.mdl
2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 _____ () C:\Windows\SysWOW64\PSIService.exe
2014-10-15 13:03 - 2014-10-15 13:03 - 02753360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareShellExtension.dll
2011-02-17 16:51 - 2009-04-24 15:50 - 00210944 _____ () C:\Program Files (x86)\IZArc\IZArcCM64.dll
2009-03-30 07:32 - 2009-03-30 07:32 - 00032768 ____R () C:\Windows\DAODx.exe
2012-03-19 11:23 - 2012-03-19 11:23 - 00380416 _____ () C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
2013-08-26 17:36 - 2012-02-20 11:03 - 01701888 _____ () C:\Program Files (x86)\Rapoo\RP24G\LedStatus.exe
2014-04-17 21:29 - 2014-04-17 21:29 - 00102400 _____ () C:\ATI\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 16893248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDesktop.exe
2014-10-15 13:03 - 2014-10-15 13:03 - 00451440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_program_options-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_locale-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 02132800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\HtmlFramework.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\DllStorage.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 09304408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDesktopDefaultSkin.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\Localization.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 08925504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
2014-10-15 13:03 - 2014-10-15 13:03 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTrayDefaultSkin.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 08507232 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 02354016 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 01014624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 00364384 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 02480992 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 01346912 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 00206176 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 02653024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
2013-04-19 00:45 - 2013-04-19 00:45 - 00033120 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll
2013-04-19 00:45 - 2013-04-19 00:45 - 00035680 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll
2013-04-19 00:45 - 2013-04-19 00:45 - 00207200 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 11166560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 00276832 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
2013-04-15 12:26 - 2013-04-15 12:26 - 00391600 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
2013-04-15 12:26 - 2013-04-15 12:26 - 00059280 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
2013-04-19 00:45 - 2013-04-19 00:45 - 00438624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 00446304 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 00520544 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 00720736 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
2013-04-19 00:44 - 2013-04-19 00:44 - 00606560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 00093024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
2006-02-22 15:47 - 2006-02-22 15:47 - 00073728 _____ () C:\Program Files (x86)\Cherry\KeyMan\zlib1.dll
2006-02-22 15:47 - 2006-02-22 15:47 - 00114688 _____ () C:\Program Files (x86)\Cherry\KeyMan\libpng13.dll
2009-06-03 19:59 - 2009-06-03 19:59 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-06-03 19:59 - 2009-06-03 19:59 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-08-26 17:36 - 2012-02-17 14:45 - 00042496 _____ () C:\Program Files (x86)\Rapoo\RP24G\LedStatus.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2014-04-29 18:22 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2009-02-26 12:46 - 2009-02-26 12:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 10:46 - 2011-06-22 10:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-06-27 11:00 - 2013-07-04 04:46 - 00598392 _____ () C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\AbineSDK\IE\DNTPContentFilter.dll
2014-01-03 07:59 - 2014-02-10 18:04 - 00430080 _____ () C:\WINDOWS\mod_frst.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Heinz\AppData\Roaming\default.rss:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AcrSch2Svc => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: afcdpsrv => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: LavasoftAdAwareService11 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: Corel Photo Downloader => "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
MSCONFIG\startupreg: Google Update => "C:\Users\Heinz\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HFALoader => C:\Program Files (x86)\Hamster Soft\Hamster Lite Archiver\HamsterArc.exe -loader
MSCONFIG\startupreg: LGODDFU => "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SAOB Monitor => C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run: => "AdAwareTray"
HKLM\...\StartupApproved\Run32: => "NUSB3MON"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "SAOB Monitor"
HKCU\...\StartupApproved\Run: => "BrowserChoice"
HKCU\...\StartupApproved\Run: => "Google Update"

========================= Accounts: ==========================

Administrator (S-1-5-21-1327107963-4175824153-2169469409-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1327107963-4175824153-2169469409-1004 - Limited - Enabled)
Gast (S-1-5-21-1327107963-4175824153-2169469409-501 - Limited - Disabled)
Heinz (S-1-5-21-1327107963-4175824153-2169469409-1000 - Administrator - Enabled) => C:\Users\Heinz
HomeGroupUser$ (S-1-5-21-1327107963-4175824153-2169469409-1020 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/10/2014 06:06:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.2.9200.16628, Zeitstempel: 0x51a94434
Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.2.9200.16882, Zeitstempel: 0x5334f23b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000042d9
ID des fehlerhaften Prozesses: 0x10f8
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Vollständiger Name des fehlerhaften Pakets: Explorer.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Explorer.EXE5

Error: (11/10/2014 02:09:35 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ISAPISearchC:\WINDOWS\system32\query.dll8

Error: (11/10/2014 02:09:35 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ContentIndexC:\WINDOWS\system32\query.dll8

Error: (11/10/2014 02:09:35 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ContentFilterC:\WINDOWS\System32\query.dll8

Error: (11/08/2014 01:11:51 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ISAPISearchC:\WINDOWS\system32\query.dll8

Error: (11/08/2014 01:11:51 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ContentIndexC:\WINDOWS\system32\query.dll8

Error: (11/08/2014 01:11:51 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ContentFilterC:\WINDOWS\System32\query.dll8

Error: (11/07/2014 06:16:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.17116, Zeitstempel: 0x541ccf72
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.17046, Zeitstempel: 0x53b485c4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00023e30
ID des fehlerhaften Prozesses: 0x3700
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5

Error: (11/07/2014 06:11:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.17116, Zeitstempel: 0x541ccf72
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.17046, Zeitstempel: 0x53b485c4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00023e30
ID des fehlerhaften Prozesses: 0x2080
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5

Error: (11/07/2014 06:08:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.17116, Zeitstempel: 0x541ccf72
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.17046, Zeitstempel: 0x53b485c4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00023e30
ID des fehlerhaften Prozesses: 0x3e38
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5


System errors:
=============
Error: (11/09/2014 11:24:56 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 70. Der Windows-SChannel-Fehlerstatus lautet: 105.

Error: (11/05/2014 08:30:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2.0" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (11/05/2014 08:30:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (11/05/2014 08:30:25 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎05.‎11.‎2014 um 20:29:18 unerwartet heruntergefahren.

Error: (11/05/2014 08:26:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2.0" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (11/05/2014 08:26:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (11/05/2014 05:34:43 PM) (Source: DCOM) (EventID: 10016) (User: HEINZ-WIN8)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}HEINZ-WIN8HeinzS-1-5-21-1327107963-4175824153-2169469409-1000LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (11/02/2014 07:33:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2.0" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (11/02/2014 07:33:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (11/02/2014 07:33:42 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎02.‎11.‎2014 um 09:29:42 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (01/08/2014 03:28:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 793 seconds with 480 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-10-25 14:37:07.267
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2014-10-25 14:37:07.194
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2014-10-25 14:37:07.144
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2014-10-25 14:37:06.987
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2014-10-25 14:37:06.929
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2014-10-25 14:37:06.872
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2014-10-25 14:37:06.150
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2014-10-25 14:37:05.928
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2014-10-25 14:33:17.965
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2014-10-25 14:33:17.894
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.


==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X6 1100T Processor
Percentage of memory in use: 38%
Total physical RAM: 12286.11 MB
Available physical RAM: 7521.44 MB
Total Pagefile: 30715.11 MB
Available Pagefile: 27104.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows 7) (Fixed) (Total:279.36 GB) (Free:184.21 GB) NTFS
Drive d: (Daten) (Fixed) (Total:621.09 GB) (Free:332.69 GB) NTFS
Drive e: (Spiele) (Fixed) (Total:279.46 GB) (Free:176.18 GB) NTFS
Drive g: (Medien) (Fixed) (Total:620.83 GB) (Free:421.85 GB) NTFS
Drive h: (Bilder) (Fixed) (Total:621.09 GB) (Free:412.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 279.5 GB) (Disk ID: E3C8E3C8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=279.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 29EAB3E4)
Partition 1: (Not Active) - (Size=621.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=621.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=620.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 279.5 GB) (Disk ID: 7C9D3DE1)
Partition 1: (Not Active) - (Size=279.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

INFO: Zone-Alarm hat folgende Dateien in Quarantäne geschickt:
HEUR:Trojan.Win32.Generic
Trojan.Win32.Inject.ticv
Kann es das gewesen sein?

Unter anderem


Downloade Dir bitte Malwarebytes Anti-Malware

• Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
• Starte Malwarebytes' Anti-Malware (MBAM).
• Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
• Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
• Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
• Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
• Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
• Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Hier die Dateien:

mbam.txt

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 12.11.2014
Suchlauf-Zeit: 19:39:43
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.11.12.08
Rootkit Datenbank: v2014.11.12.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Heinz

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 389515
Verstrichene Zeit: 14 Min, 45 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 3
PUP.Optional.SpeedTest.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\jljheddigenhleadfofeccneimcmlefp, In Quarantäne, [3badca706e0e95a12efe4c2262a15aa6], 
PUP.Optional.ReMarkit.A, HKU\S-1-5-21-1327107963-4175824153-2169469409-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Re_markit, In Quarantäne, [c523ac8e26565adcb8243007c83b8c74], 
PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-1327107963-4175824153-2169469409-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, In Quarantäne, [8761043617658caa3c33f6438d7605fb], 

Registrierungswerte: 1
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Mysearchdial, In Quarantäne, [f7f1bd7d2953d26409853613bc47dc24]

Registrierungsdaten: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[37b158e2f389082ee862ed583bca7b85]

Ordner: 3
PUP.Optional.SpeedTest.A, C:\Users\Heinz\AppData\Roaming\speedtest4354, In Quarantäne, [0fd91624502c5dd95c5838cbe51e49b7], 
PUP.Optional.SpeedAnalysis.A, C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp, In Quarantäne, [12d697a3562686b02b914fb4c3402ad6], 
PUP.Optional.SpeedAnalysis.A, C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0, In Quarantäne, [12d697a3562686b02b914fb4c3402ad6], 

Dateien: 34
Trojan.BProtector, C:\Users\Heinz\AppData\Roaming\speedtest4354\install_helper.exe, In Quarantäne, [27c1fb3fc2ba7db9fb63847af31135cb], 
Trojan.Malpack, C:\Users\Heinz\AppData\Local\Temp\67EA.tmp, In Quarantäne, [6187da60f78551e5784a06d60ef3ec14], 
Trojan.Malpack, C:\Users\Heinz\AppData\Local\Temp\680A.tmp, In Quarantäne, [fcecc377d4a8b383dfe4eeee936e6799], 
Trojan.Malpack, C:\Users\Heinz\AppData\Local\Temp\83C.tmp, In Quarantäne, [3aaea09a1369a2949033518b0001cb35], 
PUP.Optional.QuickStart.A, C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx, In Quarantäne, [d216c6742c50082eade54df011f26e92], 
PUP.Optional.SpeedTest.A, C:\Users\Heinz\AppData\Roaming\speedtest4354\install_helper.exe, In Quarantäne, [0fd91624502c5dd95c5838cbe51e49b7], 
PUP.Optional.SpeedTest.A, C:\Users\Heinz\AppData\Roaming\speedtest4354\speedtest4354.crx, In Quarantäne, [0fd91624502c5dd95c5838cbe51e49b7], 
PUP.Optional.SpeedTest.A, C:\Users\Heinz\AppData\Roaming\speedtest4354\speedtest4354.xpi, In Quarantäne, [0fd91624502c5dd95c5838cbe51e49b7], 
PUP.Optional.SpeedAnalysis.A, C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\background.html, In Quarantäne, [12d697a3562686b02b914fb4c3402ad6], 
PUP.Optional.SpeedAnalysis.A, C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\button.js, In Quarantäne, [12d697a3562686b02b914fb4c3402ad6], 
PUP.Optional.SpeedAnalysis.A, C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\ci.bg.pack.js, In Quarantäne, [12d697a3562686b02b914fb4c3402ad6], 
PUP.Optional.SpeedAnalysis.A, C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\ci.browser.helper.js, In Quarantäne, [12d697a3562686b02b914fb4c3402ad6], 
PUP.Optional.SpeedAnalysis.A, C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\ci.content.pack.js, In Quarantäne, [12d697a3562686b02b914fb4c3402ad6], 
PUP.Optional.SpeedAnalysis.A, C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\content.js, In Quarantäne, [12d697a3562686b02b914fb4c3402ad6], 
PUP.Optional.SpeedAnalysis.A, C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\icon128.ico, In Quarantäne, [12d697a3562686b02b914fb4c3402ad6], 
PUP.Optional.SpeedAnalysis.A, C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\icon128.png, In Quarantäne, [12d697a3562686b02b914fb4c3402ad6], 
PUP.Optional.SpeedAnalysis.A, C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\icon16.ico, In Quarantäne, [12d697a3562686b02b914fb4c3402ad6], 
PUP.Optional.SpeedAnalysis.A, C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\icon16.png, In Quarantäne, [12d697a3562686b02b914fb4c3402ad6], 
PUP.Optional.SpeedAnalysis.A, C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\icon18.ico, In Quarantäne, [12d697a3562686b02b914fb4c3402ad6], 
PUP.Optional.SpeedAnalysis.A, C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\icon18.png, In Quarantäne, [12d697a3562686b02b914fb4c3402ad6], 
PUP.Optional.SpeedAnalysis.A, C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\icon24.ico, In Quarantäne, [12d697a3562686b02b914fb4c3402ad6], 
PUP.Optional.SpeedAnalysis.A, C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\icon24.png, In Quarantäne, [12d697a3562686b02b914fb4c3402ad6], 
PUP.Optional.SpeedAnalysis.A, C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\icon32.ico, In Quarantäne, [12d697a3562686b02b914fb4c3402ad6], 
PUP.Optional.SpeedAnalysis.A, C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\icon32.png, In Quarantäne, [12d697a3562686b02b914fb4c3402ad6], 
PUP.Optional.SpeedAnalysis.A, C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\icon48.ico, In Quarantäne, [12d697a3562686b02b914fb4c3402ad6], 
PUP.Optional.SpeedAnalysis.A, C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\icon48.png, In Quarantäne, [12d697a3562686b02b914fb4c3402ad6], 
PUP.Optional.SpeedAnalysis.A, C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\icon64.ico, In Quarantäne, [12d697a3562686b02b914fb4c3402ad6], 
PUP.Optional.SpeedAnalysis.A, C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\icon64.png, In Quarantäne, [12d697a3562686b02b914fb4c3402ad6], 
PUP.Optional.SpeedAnalysis.A, C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\jquery-1.9.1.min.js, In Quarantäne, [12d697a3562686b02b914fb4c3402ad6], 
PUP.Optional.SpeedAnalysis.A, C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\jquery.uuid.js, In Quarantäne, [12d697a3562686b02b914fb4c3402ad6], 
PUP.Optional.SpeedAnalysis.A, C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\manifest.json, In Quarantäne, [12d697a3562686b02b914fb4c3402ad6], 
PUP.Optional.SpeedAnalysis.A, C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\popup.js, In Quarantäne, [12d697a3562686b02b914fb4c3402ad6], 
PUP.Optional.SpeedAnalysis.A, C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\rjs.js, In Quarantäne, [12d697a3562686b02b914fb4c3402ad6], 
PUP.Optional.SpeedAnalysis.A, C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp\3.0.0.0\settings.json, In Quarantäne, [12d697a3562686b02b914fb4c3402ad6], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         

AdwCleanerS1.txt

AdwCleaner Logfile:

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v4.101 - Bericht erstellt am 13/11/2014 um 15:27:38
# Aktualisiert 09/11/2014 von Xplode
# Database : 2014-11-12.2 [Live]
# Betriebssystem : Windows 8 Pro  (64 bits)
# Benutzername : Heinz - HEINZ-WIN8
# Gestartet von : D:\Downloads\Trojaner Board\AdwCleaner_4.101.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\PC Cleaner
Ordner Gelöscht : C:\Program Files (x86)\wiseconvert
Ordner Gelöscht : C:\Users\Heinz\AppData\Roaming\pdfforge
Datei Gelöscht : C:\Users\Heinz\daemonprocess.txt
Datei Gelöscht : C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage

***** [ Tasks ] *****

Task Gelöscht : AmiUpdXp

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginService
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F1963E76-845B-474C-8C7F-D69A96D8AA34}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\adawarebp
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.17116


-\\ Mozilla Firefox v32.0.3 (x86 de)


-\\ Google Chrome v

[C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
[C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=b8e90340-3d15-4eb4-bcac-b1dc1d3b8659&searchtype=ds&q={searchTerms}
[C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=b8e90340-3d15-4eb4-bcac-b1dc1d3b8659&searchtype=ds&q={searchTerms}
[C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=b8e90340-3d15-4eb4-bcac-b1dc1d3b8659&searchtype=ds&q={searchTerms}
[C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.nationzoom.com/web/?type=ds&ts=1389894747&from=amt&uid=WDCXWD3000HLFS-01G6U0_WD-WX60C592519325193&q={searchTerms}
[C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_12_ie&cd=2XzuyEtN2Y1L1Qzu0B0C0A0E0CyDtDyE0A0FyEtCtB0D0CyBtN0D0Tzu0SzztCtDtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0B0FtCyC0ByEyCtGyC0AyByCtGzyzzyDyDtG0Ezy0E0CtGyBzy0CyE0D0ByC0ByEtB0CtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyCyDyDtBtAzy0BtGzy0D0CtAtG0AyEyB0CtGyD0EtD0DtGyD0FyDtA0FtB0FtDzytB0EyB2Q&cr=1219713004&ir=

-\\ Chromium v

[C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
[C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=b8e90340-3d15-4eb4-bcac-b1dc1d3b8659&searchtype=ds&q={searchTerms}
[C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=b8e90340-3d15-4eb4-bcac-b1dc1d3b8659&searchtype=ds&q={searchTerms}
[C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=b8e90340-3d15-4eb4-bcac-b1dc1d3b8659&searchtype=ds&q={searchTerms}
[C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.nationzoom.com/web/?type=ds&ts=1389894747&from=amt&uid=WDCXWD3000HLFS-01G6U0_WD-WX60C592519325193&q={searchTerms}
[C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_12_ie&cd=2XzuyEtN2Y1L1Qzu0B0C0A0E0CyDtDyE0A0FyEtCtB0D0CyBtN0D0Tzu0SzztCtDtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0B0FtCyC0ByEyCtGyC0AyByCtGzyzzyDyDtG0Ezy0E0CtGyBzy0CyE0D0ByC0ByEtB0CtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyCyDyDtBtAzy0BtGzy0D0CtAtG0AyEyB0CtGyD0EtD0DtGyD0FyDtA0FtB0FtDzytB0EyB2Q&cr=1219713004&ir=

*************************

AdwCleaner[R0].txt - [49066 octets] - [16/01/2014 19:36:12]
AdwCleaner[R1].txt - [6477 octets] - [22/03/2014 17:31:45]
AdwCleaner[R2].txt - [1169 octets] - [28/03/2014 17:43:50]
AdwCleaner[R3].txt - [1289 octets] - [28/03/2014 17:47:48]
AdwCleaner[R4].txt - [1410 octets] - [28/03/2014 17:50:51]
AdwCleaner[R5].txt - [1627 octets] - [19/04/2014 08:04:44]
AdwCleaner[R6].txt - [8314 octets] - [13/11/2014 15:20:53]
AdwCleaner[S0].txt - [45080 octets] - [16/01/2014 19:37:39]
AdwCleaner[S1].txt - [5480 octets] - [22/03/2014 17:33:39]
AdwCleaner[S2].txt - [1231 octets] - [28/03/2014 17:45:05]
AdwCleaner[S3].txt - [1351 octets] - [28/03/2014 17:48:25]
AdwCleaner[S4].txt - [1690 octets] - [19/04/2014 08:05:30]
AdwCleaner[S5].txt - [9846 octets] - [13/11/2014 15:27:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [9906 octets] ##########
         

--- --- ---

[/CODE]



JRT.txt

Code: Alles auswählenAufklappen

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 8 Pro x64
Ran by Heinz on 13.11.2014 at 15:32:54,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{09610820-A937-4FFD-8DA3-30BDB5351524}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{09C08306-A3CB-411B-AEE8-96FD57ABE6EA}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{0D2B3E53-C7DD-4B2F-BDC0-10CFE1A3A80D}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{0F04CC4F-EBBB-4DE9-93CA-C72D4284C35D}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{108B8146-2179-4030-8D6C-20987321CD84}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{10EC440A-6333-4D31-B583-287B8B5A1D63}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{12E3986B-08F1-44C4-B757-FAD7A7EFF422}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{13C19CDB-7121-4EA6-99D0-60D76DF3ED50}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{17897CAD-53CB-48DC-B7AF-77ABA6C2C56A}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{1BBC1C89-5F00-40AB-A531-832A705A3632}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{20A4053D-2CF0-4333-BE90-2C37B66496AB}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{295D65C5-97B9-4722-9FDE-2D8DED89C4BC}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{2A85CB1C-FAAB-4130-BD72-A92D8A7C7433}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{2AF55C39-53AE-473C-A70F-B171BEF3F855}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{2BA23D6A-2B4F-4FEF-A790-7A972D2F554C}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{3184CB7A-6319-49B8-8C98-1895CAF591AC}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{31AF5EAB-60A8-4D93-8342-A3D0334123A4}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{3562B73A-CB3C-4E71-BCB9-6B58091DE6E7}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{36C275B6-18EC-407C-A0A5-7FBBE4549DB6}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{387DBFD1-6735-40A7-AEEF-DD4BD5A0CEB1}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{3F098A85-7809-49A8-9245-46D383552F60}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{4057F64A-8DAF-40AA-9E50-0F653810ECE4}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{4073DF31-DB58-4B13-ACFE-C4BE45A468F7}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{49071886-FF32-4B8D-8ED2-85BB4A4BDC18}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{4B3E1992-CA24-42FE-B19C-12299F732ED2}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{4DBFDD39-EA92-4BD8-BDC0-E0BE2A707A95}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{4F888B0A-C3C3-421B-9136-DC8C269858D5}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{50B9575B-0A87-4BB7-AA59-69F16C69A381}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{5184A34D-6A7E-450B-BC7A-FFACF59B4467}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{58D9C506-A71D-4D12-86AF-642E2F98D32F}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{5A2CE045-4837-414A-89C7-B26DAAF61FA9}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{5C495438-4751-4F7D-9F17-618E0810FEBA}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{5F9AD3C1-590F-44E2-BC80-61BFF15198A9}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{605AFCD6-E475-4EA4-ABED-83AD3708874E}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{61B5BCB5-9334-4B1E-8E83-C63949DA42E1}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{6454F59A-06D8-4137-B6A8-34E0D3FDAC22}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{64D09400-1F79-4CB3-9E6B-213419762F20}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{66DB5CED-8595-46B9-B35A-D43888EECBD3}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{716A7D90-D467-4CB8-A70A-C633D50507FD}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{760DDBA1-A8A4-4D14-BCEC-7C13CFF73385}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{76990AA0-FC8E-4CF6-A290-C9B886C94BCE}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{7922C334-3D83-4FEB-AD67-114D7C93B68C}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{7B0C4FBB-C1DF-408C-9E38-D4D7B5EE4C0A}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{7C341470-A4DF-4034-AE85-0D1F3C2E78AB}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{7D87E45E-426A-459F-A1F6-F7BA045DBDCE}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{7F0DCB86-8B82-4275-9BBB-BD8DA90FABBE}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{7F42F1CA-EB93-46A9-B465-42BAB307C84F}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{86BA8644-B1E8-4EF2-BD10-B756BB9FB1F2}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{887C1DDA-461F-4283-85C0-048BE4624476}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{89F97128-BEC9-4992-9B13-CE3A4587848F}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{8B500145-A003-489C-A3A3-FF8E7A335EFF}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{8BCF32B8-7A02-4065-8031-E5C5663896E6}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{8DDBC56C-59CE-4A25-8ADA-A3133B1B8507}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{92E83217-1386-45FF-B172-4BB76FE6972C}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{93D12DE0-9269-4C3E-B7E9-B9CDC25D9377}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{942DF5C4-4ACA-484E-957E-43A02084F8ED}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{9556F891-0F06-4D62-B174-FF5B71C13AB6}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{A07B04A0-BCE7-4EE3-9452-D921F350478A}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{A0E3F1CF-3B5B-4C78-89EA-D9CBC2C05BB6}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{A3148605-9B45-47C1-A96D-31466F05FC41}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{A8AA0E70-A20C-4A05-88EE-1D11791FBF8F}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{A8EF2428-F08A-4879-A010-484E52617972}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{A940A812-5EA9-4C7D-968C-C7E6ED6251DC}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{AB5C4D0E-83EF-48E0-8C81-8F26633293D1}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{ACAE3C69-2F14-4A2E-BED5-16C8BB0DDBB3}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{AE2530E1-55F9-438C-B63B-D624E43B97DC}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{AEECB1CA-3C04-493E-B962-EEEE2C2DB214}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{AFF6E179-58A6-472C-ACB6-9D09FD326056}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{B22B7FF2-A672-49FD-8145-A5D5822FC89D}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{B6F49149-ABC9-434B-A3BF-A069D5E3458B}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{B7916B52-3C3D-496C-9439-2769AD0C44D4}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{B8312255-0127-4B0D-9A0F-33FA0CD6E8C1}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{B83D477E-69A8-48D9-B2A4-D58A58C0C8E3}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{BCE0D061-0ABC-41CF-9FA6-7C4DBCCFC776}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{C0A57119-8B53-4AAF-BE24-C04E5DE4B127}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{C1CF6791-2E74-4593-BF1E-F01D1EC10E23}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{C9C333BA-9F9D-4962-94C0-07633FCAAD95}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{CBCF5106-1150-4928-8270-B5053240767F}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{CCD776CD-F4D9-4299-BE43-AE73AC4D70E8}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{D5205583-9DAE-4C8A-8D05-A1AA2A2BF795}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{D852A33A-C8A2-47D8-92F2-CD46D4106E02}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{DA5D758C-730A-4942-B5D7-3CAA2C2D0F80}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{DB621C1A-1C14-4761-A0D6-D6C12ED4EEEB}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{DC020136-AB72-4A8E-9AD9-78BE65188B00}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{DC409315-98D8-41CA-87D4-2CF58118C4C1}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{DDD7AA71-E53F-4E35-9F27-8FDACB36A26C}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{DE3DC2CB-368B-40FB-B553-FC8E3205D728}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{DF485CD1-9DC9-4144-B7F1-07CF594137BB}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{E06944CB-BBD6-4AB2-BB02-DCD79501E3BD}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{E07A387E-494B-4F4E-9D19-98DD121352ED}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{E1EB5C73-8D66-4669-9F6B-EC7708FD967D}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{E31E06EA-4007-4F59-ADEF-D7A5B6159ACD}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{E4BE334E-635D-4D17-B633-CC649439092A}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{E9D3E7D4-259F-4F78-AB59-87757706A770}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{EB90F6A5-A3E4-486E-B0B3-FD4A9D584915}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{EE189148-8692-4ED0-9C3B-FFEC2D9FDE52}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{EF1DFC7F-AFF3-414B-A58A-17520F1E725B}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{F387D74E-92A9-4E1E-8FCC-005B1B10CA48}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{F3B30B92-4FDD-4704-861B-86C4671F70B0}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{F58AE35F-59B7-4CCB-908A-6D990E123A87}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{F8A40B7E-C9DE-41AA-8F9B-844BF2500558}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{FC467BED-8FE0-4900-BFCF-ABBDD7F8E54B}
Successfully deleted: [Empty Folder] C:\Users\Heinz\appdata\local\{FDBB3A18-D951-4FD9-827B-B763A37CF866}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.11.2014 at 15:55:15,78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FIRST.txt

[CODE]

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01
Ran by Heinz (administrator) on HEINZ-WIN8 on 13-11-2014 15:59:28
Running from D:\Downloads\Trojaner Board
Loaded Profile: Heinz (Available profiles: Heinz & DefaultAppPool)
Platform: Windows 8 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Advanced Micro Devices, Inc.) C:\ATI\ATI.ACE\Fuel\Fuel.Service.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(REINER SCT) C:\WINDOWS\SysWOW64\cjpcsc.exe
() C:\WINDOWS\DAODx.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
(Microsoft Corporation) C:\WINDOWS\System32\dasHost.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\WINDOWS\System32\mqsvc.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe
() C:\WINDOWS\SysWOW64\PSIService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Mister Group) C:\Program Files (x86)\System Explorer\SystemExplorer.exe
(Akamai Technologies, Inc.) C:\Users\Heinz\AppData\Local\Akamai\netsession_win.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Akamai Technologies, Inc.) C:\Users\Heinz\AppData\Local\Akamai\netsession_win.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(ZF Electronics GmbH) C:\Program Files (x86)\Cherry\KeyMan\KeyMan.exe
(ZF Electronics GmbH) C:\Program Files (x86)\Cherry\CDI\cdi.exe
(ZF Electronics GmbH) C:\Program Files (x86)\Common Files\Cherry\Common\kbdhook64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
((주)마í�¬ì•*니) C:\Program Files (x86)\MarkAny\ContentSafer\MaAgent.exe
(CANON INC.) C:\Program Files (x86)\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
() C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(SAMSUNG ELECTRONICS) C:\Program Files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe
(RAPOO) C:\Program Files (x86)\Rapoo\RP24G\RP24G_Config.exe
() C:\Program Files (x86)\Rapoo\RP24G\LedStatus.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Advanced Micro Devices Inc.) C:\ATI\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\ATI\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-25] (CANON INC.)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6468712 2012-03-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [8925504 2014-10-15] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-08-28] (cyberlink)
HKLM-x32\...\Run: [CherryKeyMan] => C:\Program Files (x86)\Cherry\KeyMan\KeyMan.exe [258100 2009-07-29] (ZF Electronics GmbH)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()
HKLM-x32\...\Run: [MAAgent] => C:\Program Files (x86)\MarkAny\ContentSafer\MAAgent.exe [57344 2007-01-30] ((주)마í�¬ì•*니)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1406248 2011-04-08] (Nero AG)
HKLM-x32\...\Run: [PDUiP6600DMon] => C:\Program Files (x86)\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe [75376 2006-10-03] (CANON INC.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [Philips Device Listener] => C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [380416 2012-03-19] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-07-16] (CyberLink Corp.)
HKLM-x32\...\Run: [SMSTray] => C:\Program Files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe [126976 2007-02-23] (SAMSUNG ELECTRONICS)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-17] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [210216 2009-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [Rapoo RP24G] => C:\Program Files (x86)\Rapoo\RP24G\RP24G_Config.exe [5386752 2012-09-19] (RAPOO)
HKLM-x32\...\Run: [LedStatus] => C:\Program Files (x86)\Rapoo\RP24G\LedStatus.exe [1701888 2012-02-20] ()
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-05-30] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [StartCCC] => C:\ATI\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\Run: [Google Update] => C:\Users\Heinz\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-10-30] (Google Inc.)
HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-04-19] (Nokia)
HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\Run: [SystemExplorerAutoStart] => C:\Program Files (x86)\System Explorer\SystemExplorer.exe [2513920 2011-01-04] (Mister Group)
HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\Run: [BrowserChoice] => C:\Windows\BrowserChoice\browserchoice.exe [86696 2012-08-15] (Microsoft Corporation)
HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Heinz\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\MountPoints2: {88fb2212-00b7-11e1-8067-bcaec504af41} - "Q:\pushinst.exe" 
HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\MountPoints2: {8a25c12d-74d0-11e0-88bc-bcaec504af41} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\MountPoints2: {9717af58-2931-11e3-be81-bc054307648b} - "J:\LaunchU3.exe" -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Akruto Sync.lnk
ShortcutTarget: Akruto Sync.lnk -> C:\Program Files\Akruto\AkrutoSync.exe (Akruto)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gws_rd=ssl
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - (No Name) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll (pdfforge GmbH)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: HKLM {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab
DPF: HKLM-x32 {65EEE2E1-B8D5-4724-8489-048B551045BF} https://karte.santanderbank.de/gei/plugins/SantanderChipcardPlugin1212.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
ShellExecuteHooks-x32: ShellHook Class - {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files (x86)\MarkAny\ContentSafer\MACSMANAGER.dll [192512 2004-11-23] (MarkAny Cooperation.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\0fjzdvst.default-1396025695923
FF Homepage: https://meine.deutsche-bank.de/trxm/db/init.do?logintab=WebSign
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Heinz\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-1327107963-4175824153-2169469409-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Heinz\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1327107963-4175824153-2169469409-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Heinz\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1327107963-4175824153-2169469409-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-09]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-09]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-05-09]
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension
FF Extension: PDF Architect 2 Creator - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2014-10-31]

Chrome: 
=======
CHR Profile: C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-30]
CHR Extension: (Google Search) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-30]
CHR Extension: (Gmail) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\ATI\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
R3 Cherry Device Interface; C:\Program Files (x86)\Cherry\CDI\cdi.exe [585774 2009-05-28] (ZF Electronics GmbH) [File not signed]
R2 cjpcsc; C:\WINDOWS\SysWOW64\cjpcsc.exe [515632 2013-05-21] (REINER SCT)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft) [File not signed]
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 2011-05-31] (DTS)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [707888 2014-10-15] ()
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25088 2012-07-26] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
U2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] () [File not signed]
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-05-30] (Check Point Software Technologies Ltd.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [471552 2012-07-26] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [90936 2014-05-29] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\system32\DRIVERS\lgandnetndis64.sys [93184 2012-07-04] (LG Electronics Inc.)
R2 AODDriver4.3; C:\ATI\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [215040 2013-12-19] (Advanced Micro Devices)
R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek                                            )
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
R1 BdfNdisf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [97816 2013-07-17] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [107080 2013-07-17] (BitDefender LLC)
R3 cjusb; C:\Windows\system32\DRIVERS\cjusb.sys [35192 2012-09-04] (REINER SCT)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-18] (Windows (R) Win 7 DDK provider)
R3 fwlanusbn; C:\Windows\system32\DRIVERS\fwlanusbn.sys [714368 2010-10-22] (AVM GmbH)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-04-22] (BitDefender LLC)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2014-04-30] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2014-04-30] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-04-30] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [490080 2014-04-30] (Kaspersky Lab ZAO)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [185856 2012-07-26] (Microsoft Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R3 rpkmdrv; C:\Windows\system32\drivers\rpkmdrv.sys [21248 2012-08-16] ()
S3 slabbus; C:\Windows\System32\drivers\slabbus.sys [88360 2014-07-04] (MCCI Corporation)
S3 slabser; C:\Windows\system32\DRIVERS\slabser.sys [112424 2014-07-04] (MCCI Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-04-22] (BitDefender S.R.L.)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [450968 2014-05-30] (Check Point Software Technologies Ltd.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [64000 2012-07-26] (Microsoft Corporation)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-08-28] (CyberLink Corp.)
S3 AODDriver4.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
U3 idsvc; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-13 15:55 - 2014-11-13 15:55 - 00011783 _____ () C:\Users\Heinz\Desktop\JRT.txt
2014-11-13 15:32 - 2014-11-13 15:32 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-11-13 15:31 - 2014-11-13 15:31 - 00001357 _____ () C:\Users\Heinz\Desktop\AdwCleaner_4.101.lnk
2014-11-12 20:03 - 2014-11-13 15:28 - 00014112 _____ () C:\WINDOWS\PFRO.log
2014-11-12 19:38 - 2014-11-13 15:58 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-12 19:38 - 2014-11-12 19:38 - 00001115 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-12 19:38 - 2014-11-12 19:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-12 19:38 - 2014-11-12 19:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-12 19:38 - 2014-11-12 19:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-12 19:38 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-12 19:38 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-11-12 19:38 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-11-11 19:43 - 2014-11-13 15:28 - 00061208 _____ () C:\WINDOWS\setupact.log
2014-11-11 19:43 - 2014-11-11 19:43 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-11-11 15:15 - 2014-11-13 15:40 - 00087483 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-10 19:27 - 2014-11-13 15:59 - 00000000 ____D () C:\FRST
2014-11-08 12:28 - 2014-11-09 10:48 - 00000000 ____D () C:\WINDOWS\system32\AutoUpdateLicense
2014-11-08 12:27 - 2014-10-22 04:34 - 00010777 _____ () C:\WINDOWS\system32\AutoconfigV2.cab
2014-11-08 12:27 - 2014-10-22 04:33 - 00581016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AutoUpdate.exe
2014-11-08 12:27 - 2014-10-22 04:33 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe
2014-11-08 12:27 - 2014-10-22 02:08 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-11-08 12:27 - 2014-10-22 02:08 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-11-08 12:27 - 2014-10-22 02:01 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-11-08 12:27 - 2014-10-22 02:01 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2014-11-08 12:27 - 2014-10-22 02:01 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-11-08 12:27 - 2014-10-22 02:00 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2014-11-07 09:01 - 2014-11-07 09:01 - 00000000 ____D () C:\Users\Heinz\AppData\Local\PDFCreator
2014-10-31 17:41 - 2014-10-31 17:41 - 00001026 _____ () C:\Users\Public\Desktop\PDF Architect 2.lnk
2014-10-31 17:40 - 2014-10-31 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-10-31 17:39 - 2014-10-31 17:39 - 00110776 _____ (pdfforge GmbH) C:\WINDOWS\system32\pdfcmon.dll
2014-10-31 17:39 - 2014-10-31 17:39 - 00000845 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2014-10-31 17:39 - 2014-10-31 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-10-28 19:45 - 2014-10-28 19:45 - 00000000 ____D () C:\Users\Heinz\AppData\Roaming\PDF Architect 2
2014-10-28 19:26 - 2014-10-31 17:41 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2
2014-10-28 19:25 - 2014-11-05 19:22 - 00000000 ____D () C:\Program Files\PDFCreator
2014-10-28 19:25 - 2014-10-28 19:25 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-10-28 18:51 - 2012-05-16 08:10 - 00000000 ____D () C:\Users\Heinz\Desktop\CP210x_VCP_Win7
2014-10-24 07:22 - 2014-09-13 07:24 - 02233152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-10-24 07:22 - 2014-09-06 01:46 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-10-24 07:22 - 2014-09-03 03:48 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2014-10-24 07:22 - 2014-09-03 03:48 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2014-10-24 07:22 - 2014-09-03 03:22 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2014-10-24 07:22 - 2014-09-03 03:21 - 00623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2014-10-24 07:22 - 2014-09-03 03:21 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2014-10-24 07:22 - 2014-08-29 05:17 - 02043392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2014-10-24 07:22 - 2014-08-29 05:17 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2014-10-24 07:22 - 2014-08-29 05:04 - 02837504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2014-10-24 07:22 - 2014-08-29 05:04 - 00309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2014-10-24 07:22 - 2014-08-28 07:04 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOMEX.dll
2014-10-24 07:22 - 2014-08-28 07:04 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
2014-10-24 07:22 - 2014-08-28 06:59 - 00616448 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2014-10-24 07:22 - 2014-08-28 06:59 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2014-10-24 07:22 - 2014-08-28 06:59 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSTIFF.dll
2014-10-24 07:22 - 2014-08-28 06:59 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXST30.dll
2014-10-24 07:22 - 2014-07-24 14:12 - 00328512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-10-24 07:21 - 2014-09-18 00:24 - 02416128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-10-24 07:21 - 2014-09-17 23:56 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-10-23 13:27 - 2014-10-23 13:28 - 00000000 ____D () C:\Program Files (x86)\GUM103C.tmp
2014-10-22 16:30 - 2014-10-22 16:30 - 00001251 _____ () C:\Users\Heinz\Desktop\fritz.box.lnk
2014-10-19 17:53 - 2014-10-19 17:53 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-10-19 17:53 - 2014-10-19 17:53 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-10-19 09:38 - 2014-10-19 09:38 - 00000253 _____ () C:\Users\Heinz\Spraydosen.txt
2014-10-19 09:02 - 2014-10-19 09:03 - 00000000 ____D () C:\Program Files (x86)\GUM6277.tmp
2014-10-18 17:45 - 2014-10-18 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-10-18 17:44 - 2014-10-18 17:44 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-10-17 15:03 - 2014-10-17 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Box
2014-10-17 15:03 - 2014-10-17 15:03 - 00000000 ____D () C:\Program Files (x86)\FRITZ!BoxPrint
2014-10-17 15:03 - 2014-10-17 15:03 - 00000000 ____D () C:\Program Files (x86)\FRITZ!Box
2014-10-17 15:03 - 2006-12-14 13:42 - 00069120 ____R (AVM Berlin) C:\WINDOWS\SysWOW64\avmadd32.dll
2014-10-17 15:03 - 2006-05-29 02:00 - 00016384 ____R (AVM Berlin GmbH) C:\WINDOWS\SysWOW64\avmprmon.dll
2014-10-17 10:40 - 2014-09-29 23:49 - 00705480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-10-17 10:40 - 2014-09-29 23:49 - 00104904 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-17 10:26 - 2014-09-20 06:16 - 19280896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-10-17 10:26 - 2014-09-20 04:57 - 14368768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-10-17 10:26 - 2014-09-13 06:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-10-17 10:26 - 2014-09-13 05:02 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-10-17 10:26 - 2014-09-03 03:48 - 00510464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-10-17 10:26 - 2014-09-03 03:21 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-10-17 10:26 - 2014-07-07 06:53 - 01125376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2014-10-17 10:26 - 2014-07-07 06:52 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-10-17 10:26 - 2014-07-07 06:52 - 00724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-10-17 10:26 - 2014-07-07 06:52 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsta.dll
2014-10-17 10:26 - 2014-07-07 06:51 - 05982208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-10-17 10:26 - 2014-07-07 05:01 - 01049600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2014-10-17 10:26 - 2014-07-07 05:01 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsta.dll
2014-10-17 10:26 - 2014-07-07 05:00 - 05095424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-10-17 10:26 - 2014-07-07 04:59 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aaclient.dll
2014-10-17 10:25 - 2014-09-20 06:18 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-10-17 10:25 - 2014-09-20 06:17 - 02236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-10-17 10:25 - 2014-09-20 06:17 - 01407488 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-10-17 10:25 - 2014-09-20 06:17 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-10-17 10:25 - 2014-09-20 06:17 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 15399424 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 02655232 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-10-17 10:25 - 2014-09-20 06:15 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-10-17 10:25 - 2014-09-20 06:15 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-10-17 10:25 - 2014-09-20 06:15 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 13757952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 02861568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 02055168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 01762816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 01180672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-10-17 10:25 - 2014-09-20 04:56 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-10-17 10:25 - 2014-09-20 04:56 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-10-17 10:25 - 2014-09-20 04:56 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-10-17 10:25 - 2014-09-20 04:38 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-10-17 10:25 - 2014-09-20 04:33 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-10-17 10:25 - 2014-09-20 02:06 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-10-15 17:40 - 2014-10-15 17:40 - 00000000 ____D () C:\WINDOWS\SysWOW64\Adobe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-13 15:35 - 2012-07-26 11:27 - 00871150 _____ () C:\WINDOWS\system32\perfh007.dat
2014-11-13 15:35 - 2012-07-26 11:27 - 00199216 _____ () C:\WINDOWS\system32\perfc007.dat
2014-11-13 15:35 - 2012-07-26 08:28 - 02057842 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-13 15:32 - 2011-05-02 17:38 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-13 15:30 - 2013-08-11 15:20 - 00000000 ____D () C:\Users\Heinz\AppData\Local\Akruto
2014-11-13 15:29 - 2014-03-23 18:52 - 00002314 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-11-13 15:29 - 2011-05-02 17:38 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-13 15:29 - 2011-05-02 17:00 - 00000000 ____D () C:\Users\Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2014-11-13 15:28 - 2012-07-26 08:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-13 15:27 - 2014-01-16 19:36 - 00000000 ____D () C:\AdwCleaner
2014-11-13 15:27 - 2013-08-16 08:33 - 00000000 ____D () C:\Users\Heinz
2014-11-13 15:27 - 2011-05-02 17:47 - 00002566 _____ () C:\WINDOWS\UltraEdit
2014-11-13 15:27 - 2011-05-02 17:46 - 00012706 _____ () C:\WINDOWS\UEDIT32.INI
2014-11-13 15:17 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-13 12:07 - 2012-10-30 16:49 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1327107963-4175824153-2169469409-1000UA.job
2014-11-12 20:03 - 2012-07-26 09:12 - 00000000 __RSD () C:\WINDOWS\Media
2014-11-12 18:16 - 2014-06-28 15:40 - 00000000 ____D () C:\Users\Heinz\AppData\Local\DoNotTrackPlus
2014-11-11 20:43 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-11 20:41 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-11-11 20:15 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-11-11 19:45 - 2012-05-11 09:05 - 00000000 ____D () C:\Users\Heinz\AppData\Local\CrashDumps
2014-11-10 14:55 - 2011-05-02 17:07 - 00000000 ____D () C:\Temp
2014-11-10 14:32 - 2011-05-02 16:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-08 12:28 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\WinStore
2014-11-08 12:28 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-07 16:17 - 2014-04-29 17:49 - 00000432 _____ () C:\WINDOWS\BRWMARK.INI
2014-11-07 16:16 - 2011-05-03 11:14 - 00000544 _____ () C:\WINDOWS\I_VIEW32.INI
2014-11-07 13:38 - 2011-12-29 09:49 - 00000000 ____D () C:\Users\Heinz\AppData\Roaming\Skype
2014-11-07 13:29 - 2011-12-29 09:49 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-07 13:29 - 2011-12-29 09:49 - 00000000 ____D () C:\ProgramData\Skype
2014-11-07 10:07 - 2012-10-30 16:49 - 00001090 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1327107963-4175824153-2169469409-1000Core.job
2014-11-07 09:34 - 2013-11-07 15:39 - 00000000 ____D () C:\Users\Heinz\AppData\Roaming\vlc
2014-10-31 17:41 - 2013-06-26 16:04 - 00030665 ____H () C:\WINDOWS\SysWOW64\BTImages.dat
2014-10-30 09:09 - 2012-10-30 16:50 - 00002370 _____ () C:\Users\Heinz\Desktop\Google Chrome.lnk
2014-10-29 12:59 - 2013-08-16 09:04 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1327107963-4175824153-2169469409-1000
2014-10-27 15:19 - 2014-02-20 19:22 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-10-24 10:56 - 2012-07-26 09:12 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-24 10:46 - 2014-09-21 12:30 - 00439352 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-24 08:07 - 2012-07-26 09:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-23 13:27 - 2011-05-02 17:38 - 00004102 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-23 13:27 - 2011-05-02 17:38 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-19 17:54 - 2013-10-19 10:55 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-19 17:53 - 2014-08-11 14:58 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-10-19 17:53 - 2014-08-11 14:58 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-10-19 09:02 - 2012-10-30 16:49 - 00004092 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1327107963-4175824153-2169469409-1000UA
2014-10-19 09:02 - 2012-10-30 16:49 - 00003712 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1327107963-4175824153-2169469409-1000Core
2014-10-17 15:43 - 2014-02-28 13:41 - 00000851 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Akruto Sync.lnk
2014-10-17 15:43 - 2014-02-28 13:41 - 00000839 _____ () C:\Users\Public\Desktop\Akruto Sync.lnk
2014-10-17 15:43 - 2014-02-28 13:41 - 00000000 ____D () C:\Program Files\Akruto
2014-10-17 10:32 - 2013-08-01 16:12 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-17 10:26 - 2011-05-02 15:48 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Heinz\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Heinz\AppData\Local\Temp\Quarantine.exe
C:\Users\Heinz\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-13 15:39

==================== End Of Log ============================
         

--- --- ---


Viele Grüße, Heinz

ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte SecurityCheck und:

• Speichere es auf dem Desktop.
• Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
• Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Hallao, hier die Dateien:

log.txt

Code: Alles auswählenAufklappen

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=73fda60c092a2d4484c4726751241b34
# engine=21092
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-14 02:08:38
# local_time=2014-11-14 03:08:38 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 14241774 43220051 0 0
# compatibility_mode_1='ZoneAlarm Antivirus'
# compatibility_mode=9221 16777213 100 98 12106322 31681916 0 0
# scanned=437425
# found=48
# cleaned=48
# scan_time=5466
sh=052529D1B57123707DE6304CA2A2E8832E80A1F1 ft=1 fh=487ceb503c81f5f9 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=743CF6F7C346A3CF7BB0B81442DC14A7F3DA352D ft=1 fh=67b200ae242c58b1 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert0.dll.vir"
sh=697E41F9C7C71FBA37DF3DD50E5050D78A1DD202 ft=1 fh=191d5e0a1b49e559 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ExpressBurn\burnsetup_v4.52.exe.vir"
sh=FB6CA6869AB83C13311B8CDB8A23F022DC55CF52 ft=1 fh=c877c35be236c166 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe.vir"
sh=B5D4978EFDDC1B5C5F4AFAA4F553F6E51E0A18B6 ft=1 fh=32498791e236c166 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ExpressBurn\uninst.exe.vir"
sh=347BB66C7BE3982B2602FE946E6BCF3C7C7224B5 ft=1 fh=9946b6b2c2e14984 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\VideoPad\uninst.exe.vir"
sh=20E2D74783E28D768F2F4C9D856EAB1742ECBAB4 ft=1 fh=6378f278c2e14984 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\VideoPad\videopad.exe.vir"
sh=6D8A3CAC283AC47CE01261DAAC15B09AF37D87CD ft=1 fh=811f7b6ed12c913d vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\VideoPad\vpsetup_v2.41.exe.vir"
sh=BA39F8C9886EF4AABD72262B192DB8A177C7E206 ft=1 fh=078180abaf06d010 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir"
sh=218D826DF7CEFCE7B428F53A7ACDF10F50F026C2 ft=1 fh=8db84d6f75cab766 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmsrv.exe"
sh=7E62CD24C68C6873E2367358E9B67F26B832DD4A ft=1 fh=c71c001152d7a4ca vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmApp.dll"
sh=AD188F10AB5A30A6EE8149A6AAF68247FC9E63E5 ft=1 fh=c71c00110d6f5af3 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmEng.dll"
sh=DA7464E58409B29B1ED2C7A65F3FD61402DAC1A5 ft=1 fh=dce5cbde4ee07593 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmsrv.exe"
sh=4280BD42B8746C3063C7FBEC9D0F026C3B32D1D3 ft=1 fh=66c52799588ff223 vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmTlbr.dll"
sh=9F1F8446680FD61541FCC3E2B75E44E0EDCDFCAE ft=1 fh=e93b79f29aa9228b vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.29.17\bh\zonealarm.dll"
sh=C25E453070C795849C94FCB0311ED1DDD4F7B74D ft=1 fh=a07ba6255bd749e6 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe"
sh=AD9F3DAA348EEA4E74B2FAD65EA492F32CA72339 ft=1 fh=ce06389d744632d2 vn="Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\CheckPoint\Install\zatb.exe"
sh=4AC59A227ED21E6D449A8AD079C4F37BE5584040 ft=1 fh=6e7e54c24a0481bf vn="Variante von Win32/InstallCore.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\FoxTab3GPConverter\3GPConverter.exe"
sh=F5EE1489F5BD5427F1EA65441E5DCCA924E31336 ft=1 fh=eae9470eeeee5c10 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll"
sh=9B5AA9D21F25F281DCD07094AAEE9BD4CF03F12D ft=1 fh=1c058e4f2945e215 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Heinz\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall.exe"
sh=8490554F15357EA162494EE1763509959F3EBAEB ft=1 fh=58b66b725959d138 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Heinz\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall_d.exe"
sh=E4772585CEB9AA369A292D03667C7AA76E9EA04A ft=1 fh=274da3f94e245cf7 vn="Win32/Toolbar.Montiera.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Heinz\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm4ffx.exe"
sh=33BE9B97F3709FE8AD6DFC908A84EAC4A4947F4E ft=1 fh=398a74cddcb2b70e vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\FreeYouTubeDownload.exe"
sh=31455F5CD110E02D3C2CC12C8992BE164E619FA1 ft=1 fh=c71c0011489f1658 vn="Variante von Win32/Injected.F Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\Downloads\FreeYouTubeToMP3Converter_3.12.30.319.exe"
sh=1447092BA29779C726829611180994E17718C412 ft=1 fh=23f22b72eb3a5b90 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\PDFCreator-1_7_2_setup_offline.exe"
sh=534999ED85CB0AE3C21385B37B538044EA2AB339 ft=1 fh=28e16a9d033375cd vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\PDFCreator-1_7_3_setup.exe"
sh=9CD24F6ACDE04E3388CE62E2D0BF137C65DAFEFE ft=1 fh=31bbe8bbbdf91c9b vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\PDFCreator-1_9_5-setup.exe"
sh=EE9DCE7BBF010B312AFFA06B992E3CF8761B69A9 ft=1 fh=1029c1ef39627f0d vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\Recorder_debutsetup163.exe"
sh=E1F6A97808C362329F5DCB20C8647A8BDC4990E5 ft=1 fh=20740b9c0a33fef3 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\SoftonicDownloader_fuer_clonedvd.exe"
sh=937BFFD115EECC74687D14CFA701BD4C415992E1 ft=1 fh=f9cb87fd699d0d60 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\SoftonicDownloader_fuer_hamster-free-video-converter.exe"
sh=F898F745C8CD08677C1076F8184F80C30D5B6FC4 ft=1 fh=ccc36d2ddc6c15eb vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\SoftonicDownloader_fuer_the-core-media-player.exe"
sh=5C548A2863D653771E730F501571A34F23E877EC ft=1 fh=88a2f368d1cf1600 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\WiseConvert.exe"
sh=238B76E136A032D4601301E567760EC10C814124 ft=1 fh=f14483085eb0dc09 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\zafwSetupWeb_110_000_038.exe"
sh=5B01CFA74995F30174A6DEB88FD60DB989C0FACD ft=1 fh=6d031bc385aeb844 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\zaSetupWeb_101_097_000.exe"
sh=612D093E040B783247283AB8088E0C8142E16C03 ft=1 fh=6c82d0be5cec1eb5 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\zaSetupWeb_110_000_504.exe"
sh=A2FD431D4B1BD190975DD0DC5177B516DC76CC05 ft=1 fh=17625d6a17306e37 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\zaSetupWeb_132_015_000.exe"
sh=EDF93BA1C1AAA73DB73334129D7373600A13EE72 ft=1 fh=953d2f5b04bd8923 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\ATI_AMD_Grafikkarten_Treiber\iMeshSetup-r1487-w-bi.exe"
sh=2BFB8DCF01F193D4892B95897FFA337A73E4F903 ft=1 fh=bba500668df5577a vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\DEDDY\zaSetupWeb_110_768_000.exe"
sh=7869A384DE33AE14B84517C84DAD3D87A60923DD ft=1 fh=4bb4a1f37ad3c782 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\HyperCam\SoftonicDownloader_fuer_eyeball-chat.exe"
sh=C3B047B6DC86B56315A78C1B544CB99A62803160 ft=1 fh=27dad678b2c04138 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\HyperCam\SoftonicDownloader_fuer_skype.exe"
sh=937BFFD115EECC74687D14CFA701BD4C415992E1 ft=1 fh=f9cb87fd699d0d60 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\Selina\SoftonicDownloader_fuer_hamster-free-video-converter.exe"
sh=5B01CFA74995F30174A6DEB88FD60DB989C0FACD ft=1 fh=6d031bc385aeb844 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\Selina\zaSetupWeb_101_097_000.exe"
sh=7869A384DE33AE14B84517C84DAD3D87A60923DD ft=1 fh=4bb4a1f37ad3c782 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\Tools\HyperCam\SoftonicDownloader_fuer_eyeball-chat.exe"
sh=C3B047B6DC86B56315A78C1B544CB99A62803160 ft=1 fh=27dad678b2c04138 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\Tools\HyperCam\SoftonicDownloader_fuer_skype.exe"
sh=6994FC133F3D99F1B1257370C9BC01BD54AF5D30 ft=1 fh=d1eb868415c0b931 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\Tools\Win7\zaSetup_92_058_000_de.exe"
sh=6994FC133F3D99F1B1257370C9BC01BD54AF5D30 ft=1 fh=d1eb868415c0b931 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\Win7\zaSetup_92_058_000_de.exe"
sh=D8020A56ED9C0B3BC9E8DFC5B065F263C9020742 ft=0 fh=0000000000000000 vn="möglicherweise unbekannter Virus CRYPT.TSR.COM Virus (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Tools\BANNER\PCTOOLS\MIRROR.COM"
sh=806CBFF2A21401ED1C28B91A6CF6A9D585C3650F ft=1 fh=034485497ae3aa09 vn="Variante von Win32/SweetIM.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Tools\Daemon\SweetImSetup.exe"
         

checkup.txt

Code: Alles auswählenAufklappen

ATTFilter

 Results of screen317's Security Check version 0.99.89  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
Ad-Aware Antivirus    
Windows Defender      
ZoneAlarm Antivirus   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 71  
 Java 2 Runtime Environment, SE v1.4.2_19 
 Java version out of Date! 
  Adobe Flash Player 	11.9.900.152 Flash Player out of Date!  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox 32.0.3 Firefox out of Date!  
 Google Chrome 38.0.2125.104  
 Google Chrome 38.0.2125.111  
````````Process Check: objlist.exe by Laurent````````  
 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.4.6792.0\AdAwareService.exe 
 CheckPoint ZoneAlarm vsmon.exe  
 CheckPoint ZoneAlarm ZAPrivacyService.exe  
 CheckPoint ZoneAlarm zatray.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         

FRST.txt

FRST64.exe fubnktioniert nicht mehr Fehlermeldung:
Line 10220 (File "D:\Downloads\Trojaner Board\FRST64.exe"):
Error: Warianle ised without being declared.

Viele Grüße,
Heinz

FRST löschen und neu laden

ok, ging...

FRST.txt


FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014
Ran by Heinz (administrator) on HEINZ-WIN8 on 15-11-2014 17:35:15
Running from D:\Downloads\Trojaner Board
Loaded Profile: Heinz (Available profiles: Heinz & DefaultAppPool)
Platform: Windows 8 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Advanced Micro Devices, Inc.) C:\ATI\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(REINER SCT) C:\WINDOWS\SysWOW64\cjpcsc.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
(Microsoft Corporation) C:\WINDOWS\System32\dasHost.exe
() C:\WINDOWS\DAODx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\WINDOWS\System32\mqsvc.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe
() C:\WINDOWS\SysWOW64\PSIService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Mister Group) C:\Program Files (x86)\System Explorer\SystemExplorer.exe
(Akamai Technologies, Inc.) C:\Users\Heinz\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Heinz\AppData\Local\Akamai\netsession_win.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(ZF Electronics GmbH) C:\Program Files (x86)\Cherry\KeyMan\KeyMan.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
((주)마크애니) C:\Program Files (x86)\MarkAny\ContentSafer\MaAgent.exe
(ZF Electronics GmbH) C:\Program Files (x86)\Cherry\CDI\cdi.exe
(CANON INC.) C:\Program Files (x86)\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
(ZF Electronics GmbH) C:\Program Files (x86)\Common Files\Cherry\Common\kbdhook64.exe
() C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(SAMSUNG ELECTRONICS) C:\Program Files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe
(RAPOO) C:\Program Files (x86)\Rapoo\RP24G\RP24G_Config.exe
() C:\Program Files (x86)\Rapoo\RP24G\LedStatus.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Corel, Inc.) C:\Program Files\Corel\Corel PaintShop Pro X6 (64-bit)\Corel PaintShop Pro.exe
(Advanced Micro Devices Inc.) C:\ATI\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\ATI\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-25] (CANON INC.)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6468712 2012-03-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [8925504 2014-10-15] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-08-28] (cyberlink)
HKLM-x32\...\Run: [CherryKeyMan] => C:\Program Files (x86)\Cherry\KeyMan\KeyMan.exe [258100 2009-07-29] (ZF Electronics GmbH)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()
HKLM-x32\...\Run: [MAAgent] => C:\Program Files (x86)\MarkAny\ContentSafer\MAAgent.exe [57344 2007-01-30] ((주)마크애니)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1406248 2011-04-08] (Nero AG)
HKLM-x32\...\Run: [PDUiP6600DMon] => C:\Program Files (x86)\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe [75376 2006-10-03] (CANON INC.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [Philips Device Listener] => C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [380416 2012-03-19] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-07-16] (CyberLink Corp.)
HKLM-x32\...\Run: [SMSTray] => C:\Program Files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe [126976 2007-02-23] (SAMSUNG ELECTRONICS)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-17] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [210216 2009-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [Rapoo RP24G] => C:\Program Files (x86)\Rapoo\RP24G\RP24G_Config.exe [5386752 2012-09-19] (RAPOO)
HKLM-x32\...\Run: [LedStatus] => C:\Program Files (x86)\Rapoo\RP24G\LedStatus.exe [1701888 2012-02-20] ()
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-05-30] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [StartCCC] => C:\ATI\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\Run: [Google Update] => C:\Users\Heinz\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-10-30] (Google Inc.)
HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-04-19] (Nokia)
HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\Run: [SystemExplorerAutoStart] => C:\Program Files (x86)\System Explorer\SystemExplorer.exe [2513920 2011-01-04] (Mister Group)
HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\Run: [BrowserChoice] => C:\Windows\BrowserChoice\browserchoice.exe [86696 2012-08-15] (Microsoft Corporation)
HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Heinz\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\MountPoints2: {88fb2212-00b7-11e1-8067-bcaec504af41} - "Q:\pushinst.exe" 
HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\MountPoints2: {8a25c12d-74d0-11e0-88bc-bcaec504af41} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-1327107963-4175824153-2169469409-1000\...\MountPoints2: {9717af58-2931-11e3-be81-bc054307648b} - "J:\LaunchU3.exe" -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Akruto Sync.lnk
ShortcutTarget: Akruto Sync.lnk -> C:\Program Files\Akruto\AkrutoSync.exe (Akruto)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gws_rd=ssl
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - (No Name) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll (pdfforge GmbH)
Toolbar: HKU\S-1-5-21-1327107963-4175824153-2169469409-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: HKLM {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab
DPF: HKLM-x32 {65EEE2E1-B8D5-4724-8489-048B551045BF} https://karte.santanderbank.de/gei/plugins/SantanderChipcardPlugin1212.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
ShellExecuteHooks-x32: ShellHook Class - {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files (x86)\MarkAny\ContentSafer\MACSMANAGER.dll [192512 2004-11-23] (MarkAny Cooperation.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\0fjzdvst.default-1396025695923
FF Homepage: https://meine.deutsche-bank.de/trxm/db/init.do?logintab=WebSign
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Heinz\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-1327107963-4175824153-2169469409-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Heinz\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1327107963-4175824153-2169469409-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Heinz\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1327107963-4175824153-2169469409-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-09]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-09]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-05-09]
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension
FF Extension: PDF Architect 2 Creator - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2014-10-31]

Chrome: 
=======
CHR Profile: C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-30]
CHR Extension: (Google Search) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-30]
CHR Extension: (Gmail) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\ATI\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
R3 Cherry Device Interface; C:\Program Files (x86)\Cherry\CDI\cdi.exe [585774 2009-05-28] (ZF Electronics GmbH) [File not signed]
R2 cjpcsc; C:\WINDOWS\SysWOW64\cjpcsc.exe [515632 2013-05-21] (REINER SCT)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft) [File not signed]
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 2011-05-31] (DTS)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [707888 2014-10-15] ()
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25088 2012-07-26] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] () [File not signed]
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-05-30] (Check Point Software Technologies Ltd.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [471552 2012-07-26] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [90936 2014-05-29] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\system32\DRIVERS\lgandnetndis64.sys [93184 2012-07-04] (LG Electronics Inc.)
R2 AODDriver4.3; C:\ATI\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [215040 2013-12-19] (Advanced Micro Devices)
R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek                                            )
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
R1 BdfNdisf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [97816 2013-07-17] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [107080 2013-07-17] (BitDefender LLC)
R3 cjusb; C:\Windows\system32\DRIVERS\cjusb.sys [35192 2012-09-04] (REINER SCT)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-18] (Windows (R) Win 7 DDK provider)
R3 fwlanusbn; C:\Windows\system32\DRIVERS\fwlanusbn.sys [714368 2010-10-22] (AVM GmbH)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-04-22] (BitDefender LLC)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2014-04-30] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2014-04-30] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-04-30] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [490080 2014-04-30] (Kaspersky Lab ZAO)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [185856 2012-07-26] (Microsoft Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R3 rpkmdrv; C:\Windows\system32\drivers\rpkmdrv.sys [21248 2012-08-16] ()
S3 slabbus; C:\Windows\System32\drivers\slabbus.sys [88360 2014-07-04] (MCCI Corporation)
S3 slabser; C:\Windows\system32\DRIVERS\slabser.sys [112424 2014-07-04] (MCCI Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-04-22] (BitDefender S.R.L.)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [450968 2014-05-30] (Check Point Software Technologies Ltd.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [64000 2012-07-26] (Microsoft Corporation)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-08-28] (CyberLink Corp.)
S3 AODDriver4.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
U3 idsvc; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-14 17:09 - 2014-11-14 17:10 - 00000000 ____D () C:\Program Files (x86)\GUM6F1C.tmp
2014-11-14 13:35 - 2014-11-14 13:35 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-14 12:21 - 2014-11-15 17:23 - 00039174 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-14 12:20 - 2014-11-15 17:12 - 00061208 _____ () C:\WINDOWS\setupact.log
2014-11-14 12:20 - 2014-11-14 17:24 - 00001872 _____ () C:\WINDOWS\PFRO.log
2014-11-14 12:20 - 2014-11-14 12:20 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-11-14 06:26 - 2014-11-14 06:26 - 00001065 _____ () C:\Users\Heinz\Desktop\Trojaner Board - Verknüpfung.lnk
2014-11-13 16:49 - 2014-11-13 16:49 - 00024996 _____ () C:\WINDOWS\system32\cc_20141113_164948.reg
2014-11-13 15:32 - 2014-11-13 15:32 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-11-13 15:31 - 2014-11-13 15:31 - 00001357 _____ () C:\Users\Heinz\Desktop\AdwCleaner_4.101.lnk
2014-11-12 19:38 - 2014-11-14 11:59 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-12 19:38 - 2014-11-12 19:38 - 00001115 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-12 19:38 - 2014-11-12 19:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-12 19:38 - 2014-11-12 19:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-12 19:38 - 2014-11-12 19:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-12 19:38 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-12 19:38 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-11-12 19:38 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-11-10 19:27 - 2014-11-15 17:35 - 00000000 ____D () C:\FRST
2014-11-08 12:28 - 2014-11-09 10:48 - 00000000 ____D () C:\WINDOWS\system32\AutoUpdateLicense
2014-11-08 12:27 - 2014-10-22 04:34 - 00010777 _____ () C:\WINDOWS\system32\AutoconfigV2.cab
2014-11-08 12:27 - 2014-10-22 04:33 - 00581016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AutoUpdate.exe
2014-11-08 12:27 - 2014-10-22 04:33 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe
2014-11-08 12:27 - 2014-10-22 02:08 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-11-08 12:27 - 2014-10-22 02:08 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-11-08 12:27 - 2014-10-22 02:01 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-11-08 12:27 - 2014-10-22 02:01 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2014-11-08 12:27 - 2014-10-22 02:01 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-11-08 12:27 - 2014-10-22 02:00 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2014-11-07 09:01 - 2014-11-07 09:01 - 00000000 ____D () C:\Users\Heinz\AppData\Local\PDFCreator
2014-10-31 17:41 - 2014-10-31 17:41 - 00001026 _____ () C:\Users\Public\Desktop\PDF Architect 2.lnk
2014-10-31 17:40 - 2014-10-31 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-10-31 17:39 - 2014-10-31 17:39 - 00110776 _____ (pdfforge GmbH) C:\WINDOWS\system32\pdfcmon.dll
2014-10-31 17:39 - 2014-10-31 17:39 - 00000845 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2014-10-31 17:39 - 2014-10-31 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-10-28 19:45 - 2014-10-28 19:45 - 00000000 ____D () C:\Users\Heinz\AppData\Roaming\PDF Architect 2
2014-10-28 19:26 - 2014-10-31 17:41 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2
2014-10-28 19:25 - 2014-11-05 19:22 - 00000000 ____D () C:\Program Files\PDFCreator
2014-10-28 19:25 - 2014-10-28 19:25 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-10-28 18:51 - 2012-05-16 08:10 - 00000000 ____D () C:\Users\Heinz\Desktop\CP210x_VCP_Win7
2014-10-24 07:22 - 2014-09-13 07:24 - 02233152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-10-24 07:22 - 2014-09-06 01:46 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-10-24 07:22 - 2014-09-03 03:48 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2014-10-24 07:22 - 2014-09-03 03:48 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2014-10-24 07:22 - 2014-09-03 03:22 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2014-10-24 07:22 - 2014-09-03 03:21 - 00623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2014-10-24 07:22 - 2014-09-03 03:21 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2014-10-24 07:22 - 2014-08-29 05:17 - 02043392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2014-10-24 07:22 - 2014-08-29 05:17 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2014-10-24 07:22 - 2014-08-29 05:04 - 02837504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2014-10-24 07:22 - 2014-08-29 05:04 - 00309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2014-10-24 07:22 - 2014-08-28 07:04 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOMEX.dll
2014-10-24 07:22 - 2014-08-28 07:04 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
2014-10-24 07:22 - 2014-08-28 06:59 - 00616448 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2014-10-24 07:22 - 2014-08-28 06:59 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2014-10-24 07:22 - 2014-08-28 06:59 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSTIFF.dll
2014-10-24 07:22 - 2014-08-28 06:59 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXST30.dll
2014-10-24 07:22 - 2014-07-24 14:12 - 00328512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-10-24 07:21 - 2014-09-18 00:24 - 02416128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-10-24 07:21 - 2014-09-17 23:56 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-10-23 13:27 - 2014-10-23 13:28 - 00000000 ____D () C:\Program Files (x86)\GUM103C.tmp
2014-10-22 16:30 - 2014-10-22 16:30 - 00001251 _____ () C:\Users\Heinz\Desktop\fritz.box.lnk
2014-10-19 17:53 - 2014-10-19 17:53 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-10-19 17:53 - 2014-10-19 17:53 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-10-19 09:38 - 2014-10-19 09:38 - 00000253 _____ () C:\Users\Heinz\Spraydosen.txt
2014-10-19 09:02 - 2014-10-19 09:03 - 00000000 ____D () C:\Program Files (x86)\GUM6277.tmp
2014-10-18 17:45 - 2014-10-18 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-10-18 17:44 - 2014-10-18 17:44 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-10-17 15:03 - 2014-10-17 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Box
2014-10-17 15:03 - 2014-10-17 15:03 - 00000000 ____D () C:\Program Files (x86)\FRITZ!BoxPrint
2014-10-17 15:03 - 2014-10-17 15:03 - 00000000 ____D () C:\Program Files (x86)\FRITZ!Box
2014-10-17 15:03 - 2006-12-14 13:42 - 00069120 ____R (AVM Berlin) C:\WINDOWS\SysWOW64\avmadd32.dll
2014-10-17 15:03 - 2006-05-29 02:00 - 00016384 ____R (AVM Berlin GmbH) C:\WINDOWS\SysWOW64\avmprmon.dll
2014-10-17 10:40 - 2014-09-29 23:49 - 00705480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-10-17 10:40 - 2014-09-29 23:49 - 00104904 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-17 10:26 - 2014-09-20 06:16 - 19280896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-10-17 10:26 - 2014-09-20 04:57 - 14368768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-10-17 10:26 - 2014-09-13 06:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-10-17 10:26 - 2014-09-13 05:02 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-10-17 10:26 - 2014-09-03 03:48 - 00510464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-10-17 10:26 - 2014-09-03 03:21 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-10-17 10:26 - 2014-07-07 06:53 - 01125376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2014-10-17 10:26 - 2014-07-07 06:52 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-10-17 10:26 - 2014-07-07 06:52 - 00724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-10-17 10:26 - 2014-07-07 06:52 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsta.dll
2014-10-17 10:26 - 2014-07-07 06:51 - 05982208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-10-17 10:26 - 2014-07-07 05:01 - 01049600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2014-10-17 10:26 - 2014-07-07 05:01 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsta.dll
2014-10-17 10:26 - 2014-07-07 05:00 - 05095424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-10-17 10:26 - 2014-07-07 04:59 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aaclient.dll
2014-10-17 10:25 - 2014-09-20 06:18 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-10-17 10:25 - 2014-09-20 06:17 - 02236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-10-17 10:25 - 2014-09-20 06:17 - 01407488 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-10-17 10:25 - 2014-09-20 06:17 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-10-17 10:25 - 2014-09-20 06:17 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 15399424 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 02655232 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-10-17 10:25 - 2014-09-20 06:16 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-10-17 10:25 - 2014-09-20 06:15 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-10-17 10:25 - 2014-09-20 06:15 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-10-17 10:25 - 2014-09-20 06:15 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 13757952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 02861568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 02055168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 01762816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 01180672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-10-17 10:25 - 2014-09-20 04:57 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-10-17 10:25 - 2014-09-20 04:56 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-10-17 10:25 - 2014-09-20 04:56 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-10-17 10:25 - 2014-09-20 04:56 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-10-17 10:25 - 2014-09-20 04:38 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-10-17 10:25 - 2014-09-20 04:33 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-10-17 10:25 - 2014-09-20 02:06 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-15 17:32 - 2011-05-02 17:38 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-15 17:18 - 2012-07-26 11:27 - 00871150 _____ () C:\WINDOWS\system32\perfh007.dat
2014-11-15 17:18 - 2012-07-26 11:27 - 00199216 _____ () C:\WINDOWS\system32\perfc007.dat
2014-11-15 17:18 - 2012-07-26 08:28 - 02057842 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-15 17:14 - 2012-10-30 16:49 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1327107963-4175824153-2169469409-1000UA.job
2014-11-15 17:14 - 2012-10-30 16:49 - 00001090 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1327107963-4175824153-2169469409-1000Core.job
2014-11-15 17:13 - 2014-03-23 18:52 - 00002314 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-11-15 17:13 - 2013-08-11 15:20 - 00000000 ____D () C:\Users\Heinz\AppData\Local\Akruto
2014-11-15 17:13 - 2011-05-02 17:00 - 00000000 ____D () C:\Users\Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2014-11-15 17:12 - 2012-07-26 08:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-15 17:12 - 2011-05-02 17:38 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-15 17:10 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-15 13:28 - 2012-07-20 09:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-14 19:19 - 2014-05-09 08:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-14 17:09 - 2012-10-30 16:49 - 00004092 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1327107963-4175824153-2169469409-1000UA
2014-11-14 17:09 - 2012-10-30 16:49 - 00003712 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1327107963-4175824153-2169469409-1000Core
2014-11-14 15:06 - 2011-06-20 12:26 - 00000000 ____D () C:\Program Files (x86)\FoxTab3GPConverter
2014-11-14 12:19 - 2014-01-16 19:36 - 00000000 ____D () C:\AdwCleaner
2014-11-14 12:16 - 2013-11-07 15:39 - 00000000 ____D () C:\Users\Heinz\AppData\Roaming\vlc
2014-11-14 11:58 - 2014-09-12 12:55 - 00052224 ___SH () C:\Users\Heinz\Desktop\Thumbs.db
2014-11-14 11:44 - 2011-05-03 11:14 - 00000555 _____ () C:\WINDOWS\I_VIEW32.INI
2014-11-14 07:29 - 2014-09-27 18:38 - 00000000 ____D () C:\Users\Heinz\AppData\Local\Akamai
2014-11-13 16:49 - 2012-05-11 09:05 - 00000000 ____D () C:\Users\Heinz\AppData\Local\CrashDumps
2014-11-13 15:27 - 2013-08-16 08:33 - 00000000 ____D () C:\Users\Heinz
2014-11-13 15:27 - 2011-05-02 17:47 - 00002566 _____ () C:\WINDOWS\UltraEdit
2014-11-13 15:27 - 2011-05-02 17:46 - 00012706 _____ () C:\WINDOWS\UEDIT32.INI
2014-11-12 20:03 - 2012-07-26 09:12 - 00000000 __RSD () C:\WINDOWS\Media
2014-11-12 18:16 - 2014-06-28 15:40 - 00000000 ____D () C:\Users\Heinz\AppData\Local\DoNotTrackPlus
2014-11-11 20:43 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-11 20:41 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-11-11 20:15 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-11-10 14:55 - 2011-05-02 17:07 - 00000000 ____D () C:\Temp
2014-11-10 14:32 - 2011-05-02 16:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-08 12:28 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\WinStore
2014-11-08 12:28 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-07 16:17 - 2014-04-29 17:49 - 00000432 _____ () C:\WINDOWS\BRWMARK.INI
2014-11-07 13:38 - 2011-12-29 09:49 - 00000000 ____D () C:\Users\Heinz\AppData\Roaming\Skype
2014-11-07 13:29 - 2011-12-29 09:49 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-07 13:29 - 2011-12-29 09:49 - 00000000 ____D () C:\ProgramData\Skype
2014-10-31 17:41 - 2013-06-26 16:04 - 00030665 ____H () C:\WINDOWS\SysWOW64\BTImages.dat
2014-10-30 09:09 - 2012-10-30 16:50 - 00002370 _____ () C:\Users\Heinz\Desktop\Google Chrome.lnk
2014-10-29 12:59 - 2013-08-16 09:04 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1327107963-4175824153-2169469409-1000
2014-10-27 15:19 - 2014-02-20 19:22 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-10-24 10:56 - 2012-07-26 09:12 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-24 10:46 - 2014-09-21 12:30 - 00439352 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-24 08:07 - 2012-07-26 09:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-23 13:27 - 2011-05-02 17:38 - 00004102 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-23 13:27 - 2011-05-02 17:38 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-19 17:54 - 2013-10-19 10:55 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-19 17:53 - 2014-08-11 14:58 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-10-19 17:53 - 2014-08-11 14:58 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-10-17 15:43 - 2014-02-28 13:41 - 00000851 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Akruto Sync.lnk
2014-10-17 15:43 - 2014-02-28 13:41 - 00000839 _____ () C:\Users\Public\Desktop\Akruto Sync.lnk
2014-10-17 15:43 - 2014-02-28 13:41 - 00000000 ____D () C:\Program Files\Akruto
2014-10-17 10:32 - 2013-08-01 16:12 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-17 10:26 - 2011-05-02 15:48 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Heinz\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Heinz\AppData\Local\Temp\Quarantine.exe
C:\Users\Heinz\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-14 12:39

==================== End Of Log ============================
         

--- --- ---

Java, Flash, Adobe und Firefox updaten.

Fertig

Die Reihenfolge ist hier entscheidend.

1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
   • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
   • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
   • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
3. Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
   • Schließe alle offenen Programme.
   • Starte die delfix.exe mit einem Doppelklick.
   • Setze vor jede Funktion ein Häkchen.
   • Klicke auf Start.
   • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
   • Starte deinen Rechner abschließend neu.
4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

• Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
• Windows Updates
  • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
  • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
• Gehe sicher das die automatischen Updates aktiviert sind.
• Software Updates
  Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
  Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

• Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

• MalwareBytes Anti Malware
  Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
  Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
  Ein Tutorial zur Verwendung findest Du hier.
• WinPatrol
  Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

• SpywareBlaster
  Eine kurze Einführung findest du Hier
• MVPs hosts file
  Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
• WOT (Web of trust)
  Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

• Opera
• Mozilla Firefox.
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts

• Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
• verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
• Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
• Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Hallo Schrauber,
ich habe die restlichen Steps durchgeführt und folgende Updates durchgeführt.
Java, Flash, Adobe und Firefox. Weiterhin abschließend, ohne Virenrückmeldungohne Virenrückmeldung, noch mal alle Virenscanner laufen lassen. Alles sauber.... höchstwahrscheinlich. Ein ungutes Gefühl bleibt letztlich.... Ich möchte Dir noch danken, dass Du mir so umfangreich geholfen hast.
Viele Grüße,
Heinz

Gern Geschehen