Eset findet Adware.Synatix.A, OptimizerEliteMax.C, Packed.Themida. Im Taskmanager ist 8df1bcd0

bernizde · 16.02.2015, 11:48

Hallo liebe T-Boarder,

das Wochenende brachte einen in unserem Familien-Lan unregelmäßig laufenden Rechner.
Daraufhin lud ich ESET und nahm anschließend alle Rechner vom Netz.
Das ESET-Logfile brachte Folgendes:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=097c1df55a565e428c966d807d28aa27
# engine=22482
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-02-15 07:17:57
# local_time=2015-02-15 08:17:57 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 329677 118209081 0 0
# scanned=609587
# found=6
# cleaned=4
# scan_time=11544
sh=5902814743CE0C6EC619967150893D7550E30DFE ft=1 fh=3d2b4843632f5413 vn="Variante von Win32/OptimizerEliteMax.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\{8ad8b9bb-6923-8ea1-8ad8-8b9bb692e6ed}\OPTISetup.exe"
sh=A00730AF3C06D6972D3F5DF328D721937DD1D566 ft=1 fh=082638f20d6ad23f vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Users\berni\Downloads\moi_v3_trial_setup.exe"
sh=16A9F50D9E0ED205CFF4474BD99E2900FEB16F19 ft=1 fh=50427314871b5fda vn="Variante von Win32/Adware.Synatix.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\berni\AppData\Roaming\Security Systems\uninstall.exe.vir"
sh=6B05B504C7D82297D1E969AF383B0EE8E501A068 ft=1 fh=ce34f8838b055d38 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files\MoI 3.0 trial\moi_lib.dll"
sh=5902814743CE0C6EC619967150893D7550E30DFE ft=1 fh=3d2b4843632f5413 vn="Variante von Win32/OptimizerEliteMax.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\{8ad8b9bb-6923-8ea1-8ad8-8b9bb692e6ed}\OPTISetup.exe"
sh=52C62112EBE6C00644D6A5C3A1DA1D4124BB31A7 ft=1 fh=6d95cedaba666fcd vn="Variante von Win32/Adware.Synatix.A Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart) - in Quarantäne kopiert)" ac=C fn="C:\Users\berni\AppData\Roaming\Host System\host.exe"

Das Öffnen des Taskmanagers zeigte einen Dienst mit dem ich nichts anfangen konnte:
8df1bcd0 ---- Optimizer Pro Crash Monitor.

Ich bitte um eure Hilfe, weil unsicher bin, wo ich am besten weitermache um die Infektion und ihre Überbleibsel weg zu bekommen.

Berni

cosinus · 16.02.2015, 11:58

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

bernizde · 16.02.2015, 12:37

Hallo Cosinus - und danke für dein Willkommen.

Verwertbare Logfiles habe ich leider keine weiteren. Jedoch hier die von dir gewünschten FRST-Texte:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
Ran by berni (administrator) on PAPAS on 16-02-2015 12:03:58
Running from C:\Users\berni\Desktop
Loaded Profiles: berni (Available profiles: berni & openpgsvc)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(NEC Electronics Corporation) C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Lotus Development Corporation) C:\lotus\organize\easyclip6.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
(Firebird Project) C:\Program Files\Common Files\Mondo Media\FirebirdLocal21\bin\fbguard.exe
(Robert McNeel & Associates) C:\Program Files\McNeelUpdate\5.0\McNeelUpdateService.exe
(ATI Technologies Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Firebird Project) C:\Program Files\Common Files\Mondo Media\FirebirdLocal21\bin\fbserver.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NUSB3MON] => C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113296 2010-03-30] (NEC Electronics Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9394792 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [AdobeCS4ServiceManager] => C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe_ID0ENQBO] => C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [IATSKY] => C:\Program Files\TFD128\iatsky.exe
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [StartCCC] => C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe [748232 2014-11-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2660644256-920559868-219131753-1000\...\Run: [ADF446DD2B8BFA6DF3442CE2A3577885A8E289DE._service_run] => "C:\Users\berni\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
HKU\S-1-5-21-2660644256-920559868-219131753-1000\...\Run: [ISUSPM Startup] => "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
HKU\S-1-5-21-2660644256-920559868-219131753-1000\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)
HKU\S-1-5-21-2660644256-920559868-219131753-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2660644256-920559868-219131753-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-2660644256-920559868-219131753-1000\...\MountPoints2: {a478fca0-9d59-11e4-b044-485b39523f2e} - E:\startme.exe
HKU\S-1-5-21-2660644256-920559868-219131753-1000\...\MountPoints2: {bc2cd963-85a4-11e1-a86b-485b39523f2e} - E:\unlock.exe autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\berni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk
ShortcutTarget: Lotus Organizer EasyClip.lnk -> C:\lotus\organize\easyclip6.exe (Lotus Development Corporation)
Startup: C:\Users\berni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2660644256-920559868-219131753-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-2660644256-920559868-219131753-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: No Name -> {269D0B18-45D0-46D0-A644-2D60D928BC7F} -> C:\Users\berni\AppData\LocalLow\INTERN~1\bho.dll No File
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: IEHlprObj Class -> {CE7C3CF0-4B15-11D1-ABED-709549C10000} -> c:\lotus\organize\iehelper.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2660644256-920559868-219131753-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\berni\AppData\Roaming\Mozilla\Firefox\Profiles\vl8zykb3.default-1381137676863
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @FOSCAM Web Components -> C:\Program Files\Foscam Web Components Test\npIPcam.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @IPCWebComponents -> C:\Program Files\IPCWebComponents\npIPCReg.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2660644256-920559868-219131753-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\berni\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2660644256-920559868-219131753-1000: autodesk.com/Autodesk123D -> C:\Users\berni\AppData\Roaming\Autodesk\Autodesk123D32\1.0.5\npAutodesk123D32.dll (Autodesk)
FF Plugin HKU\S-1-5-21-2660644256-920559868-219131753-1000: autodesk.com/Autodesk123DCNC -> C:\Users\berni\AppData\Local\Autodesk\123DPlugins\Autodesk 123D CNC Utility321.0.33\npAutodesk123DCNC32.dll (Autodesk)
FF Plugin HKU\S-1-5-21-2660644256-920559868-219131753-1000: autodesk.com/Autodesk123DShapes -> C:\Users\berni\AppData\Local\Autodesk\123DPlugins\Autodesk 123D Shapes321.0.97\npAutodesk123DShapes32.dll (Autodesk)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Pin It Button - C:\Users\berni\AppData\Roaming\Mozilla\Firefox\Profiles\vl8zykb3.default-1381137676863\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2014-12-11]
FF Extension: Pin It button - C:\Users\berni\AppData\Roaming\Mozilla\Firefox\Profiles\vl8zykb3.default-1381137676863\Extensions\pinterest@robertnyman.com.xpi [2014-01-11]
FF Extension: {4c52d14f-1bf9-44bc-b739-905ebf974998} - C:\Users\berni\AppData\Roaming\Mozilla\Firefox\Profiles\vl8zykb3.default-1381137676863\Extensions\{4c52d14f-1bf9-44bc-b739-905ebf974998}.xpi [2014-09-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-01-17]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-05-10]
FF HKU\S-1-5-21-2660644256-920559868-219131753-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
StartMenuInternet: FIREFOX.EXE - firefox.exe

Opera: 
=======
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera\Opera.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1423589408&from=ild&uid=WDCXWD10EADS-00M2B0_WD-WCAV5C38346383463

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [276992 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [18432 2011-05-05] () [File not signed]
R2 FirebirdGuardianMondoLocal21; C:\Program Files\Common Files\Mondo Media\FirebirdLocal21\bin\fbguard.exe [81920 2010-05-19] (Firebird Project) [File not signed]
R3 FirebirdServerMondoLocal21; C:\Program Files\Common Files\Mondo Media\FirebirdLocal21\bin\fbserver.exe [2736128 2010-05-19] (Firebird Project) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1045328 2012-10-27] (Flexera Software, Inc.)
R2 McNeelUpdate; C:\Program Files\McNeelUpdate\5.0\McNeelUpdateService.exe [67944 2014-12-01] (Robert McNeel & Associates)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 8df1bcd0; "C:\Windows\system32\rundll32.exe" "c:\Program Files\Optimizer Pro 3.38\OptProMon.dll",ENT
S2 HostService; C:\Users\berni\AppData\Roaming\Host System\host.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\i386\AODDriver2.sys [50400 2014-02-11] (Advanced Micro Devices)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [57672 2009-10-01] (FTDI Ltd.)
R1 Kithara-Lewetz; C:\Windows\System32\Lewetz.sys [302912 2010-01-15] (Kithara Software GmbH) [File not signed]
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [35392 2012-07-26] (hxxp://libusb-win32.sourceforge.net)
R3 Mach3; C:\Windows\System32\Drivers\Mach3.sys [109344 2011-04-11] (Your Corporation) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
S3 s125bus; C:\Windows\System32\DRIVERS\s125bus.sys [83336 2007-04-24] (MCCI Corporation)
S3 s125mdfl; C:\Windows\System32\DRIVERS\s125mdfl.sys [15112 2007-04-24] (MCCI Corporation)
S3 s125mdm; C:\Windows\System32\DRIVERS\s125mdm.sys [108680 2007-04-24] (MCCI Corporation)
S3 s125mgmt; C:\Windows\System32\DRIVERS\s125mgmt.sys [100488 2007-04-24] (MCCI Corporation)
S3 s125obex; C:\Windows\System32\DRIVERS\s125obex.sys [98696 2007-04-24] (MCCI Corporation)
S3 MSICDSetup; \??\F:\CDriver.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 12:03 - 2015-02-16 12:04 - 00019394 _____ () C:\Users\berni\Desktop\FRST.txt
2015-02-16 12:03 - 2015-02-16 12:04 - 00000000 ____D () C:\FRST
2015-02-16 12:00 - 2015-02-16 12:00 - 01125888 _____ (Farbar) C:\Users\berni\Desktop\FRST.exe
2015-02-16 10:47 - 2015-02-16 10:48 - 00000000 ____D () C:\ProgramData\SecTaskMan
2015-02-16 10:47 - 2015-02-16 10:47 - 00000000 ____D () C:\Users\berni\AppData\Local\SecTaskMan
2015-02-15 16:13 - 2015-02-15 16:13 - 00448512 _____ (OldTimer Tools) C:\Users\berni\Desktop\TFC.exe
2015-02-15 16:01 - 2015-02-15 16:01 - 00000000 ____D () C:\Program Files\ESET
2015-02-12 15:32 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 15:32 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 12:12 - 2015-02-11 12:12 - 00195371 _____ () C:\Users\berni\Downloads\FRITZ.Box 7490 113.06.23_11.02.15_1212.export
2015-02-11 11:02 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 11:02 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 11:02 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 11:02 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 11:02 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 11:02 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 11:02 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 11:02 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 11:02 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 11:02 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 11:02 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 11:02 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 11:02 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 11:01 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 11:01 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 11:01 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 11:01 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 11:01 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 11:01 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 11:01 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 11:01 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 11:01 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-11 11:01 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 11:01 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 11:01 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 11:01 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 11:01 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 11:01 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 11:01 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 11:01 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 11:01 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 11:01 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 11:01 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 11:01 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 11:01 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 11:01 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 11:01 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 11:01 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 11:01 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 11:01 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 11:01 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 11:01 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 11:01 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 11:01 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 11:01 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 11:01 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 11:01 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 11:01 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 11:01 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 11:01 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 11:01 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 11:01 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 11:01 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 11:01 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 11:01 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-02-11 11:00 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 11:00 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 11:00 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 11:00 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 11:00 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 11:00 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 11:00 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 11:00 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 11:00 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 11:00 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 10:59 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 22:38 - 2015-02-10 22:38 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2015-02-10 22:38 - 2015-02-10 22:38 - 00001149 _____ () C:\Users\Public\Desktop\Security Task Manager.lnk
2015-02-10 22:38 - 2015-02-10 22:38 - 00000000 ____D () C:\Program Files\Security Task Manager
2015-02-10 22:09 - 2015-02-10 22:09 - 00000000 ____D () C:\Windows\pss
2015-02-10 18:32 - 2015-02-15 20:18 - 00000000 ____D () C:\ProgramData\{8ad8b9bb-6923-8ea1-8ad8-8b9bb692e6ed}
2015-02-10 18:28 - 2015-02-16 10:59 - 00001340 _____ () C:\Windows\Tasks\CIUZJIT.job
2015-02-10 18:27 - 2015-02-16 10:59 - 00001334 _____ () C:\Windows\Tasks\OLHS.job
2015-02-10 16:11 - 2015-02-10 16:11 - 00000000 ____D () C:\Users\berni\Documents\My Data Files
2015-02-10 16:11 - 2015-02-10 16:11 - 00000000 ____D () C:\Users\berni\AppData\Local\Wondershare
2015-02-10 16:11 - 2015-02-10 16:11 - 00000000 ____D () C:\Program Files\Common Files\Wondershare
2015-02-10 10:38 - 2015-02-10 10:38 - 00000696 __RSH () C:\ProgramData\ntuser.pol
2015-02-09 13:28 - 2015-02-09 13:28 - 02125667 _____ () C:\Users\berni\Downloads\Extruder_Base.stl
2015-02-09 13:28 - 2015-02-09 13:28 - 00768539 _____ () C:\Users\berni\Downloads\Extruder_Arm-rotated.stl
2015-02-08 23:41 - 2015-02-08 23:41 - 00530863 _____ () C:\Users\berni\Downloads\8BitHeart.stl
2015-02-08 23:18 - 2015-02-08 23:18 - 03794984 _____ () C:\Users\berni\Downloads\heartbox.stl
2015-02-07 15:15 - 2015-02-07 15:15 - 00200770 _____ () C:\Users\berni\Downloads\FRITZ.Box 7490 113.06.23_07.02.15_1515.export
2015-02-06 20:18 - 2015-02-06 20:18 - 00000567 _____ () C:\Users\berni\Downloads\FRITZ!Box_7490_113.06.23_06.02.2015_20_18-diagnose.csv
2015-02-06 18:02 - 2015-02-06 18:03 - 00000000 ____D () C:\Program Files\FRITZ!BoxPrint
2015-02-06 18:02 - 2006-05-29 01:00 - 00016384 _____ (AVM Berlin GmbH) C:\Windows\system32\avmprmon.dll
2015-02-06 17:56 - 2015-02-06 17:56 - 00000963 _____ () C:\Users\berni\Desktop\familiez-fritzbox.lnk
2015-02-06 17:30 - 2015-02-06 17:30 - 00191301 _____ () C:\Users\berni\Downloads\FRITZ.Box 7490 113.06.20_06.02.15_1730.export
2015-02-06 16:49 - 2015-02-06 16:49 - 00000796 _____ () C:\Users\berni\Downloads\FRITZ!Box_7490_113.06.20_06.02.2015_16_50-diagnose.csv
2015-02-06 15:05 - 2015-02-06 18:03 - 00002465 _____ () C:\Windows\avmadd32.log
2015-02-06 15:05 - 2015-02-06 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Box
2015-02-06 15:05 - 2015-02-06 15:05 - 00000000 ____D () C:\Program Files\FRITZ!Box
2015-02-06 15:05 - 2006-12-14 12:42 - 00069120 ____R (AVM Berlin) C:\Windows\system32\avmadd32.dll
2015-02-05 14:34 - 2015-02-05 14:35 - 01542084 _____ () C:\Users\berni\Downloads\dust_filter.STL
2015-02-04 19:32 - 2015-02-04 19:32 - 00424102 _____ () C:\Users\berni\Downloads\compact_direct_drive_extruder_base.stl
2015-02-04 19:30 - 2015-02-04 19:30 - 00163579 _____ () C:\Users\berni\Downloads\compact_direct_drive_extruder_idler.stl
2015-02-04 19:15 - 2015-02-04 19:15 - 01319284 _____ () C:\Users\berni\Downloads\dolphin_dad.stl
2015-02-04 12:54 - 2015-02-04 14:55 - 00013030 _____ () C:\PDOXUSRS.NET
2015-02-04 12:06 - 2004-11-07 17:35 - 00837392 _____ (MindFusion Limited) C:\Windows\system32\WISOFLCH.DLL
2015-02-04 12:06 - 2004-03-15 15:28 - 00607432 _____ (Software FX, Inc.) C:\Windows\system32\WISOCHFX.OCX
2015-02-04 12:06 - 2004-03-09 01:00 - 00124688 _____ (Microsoft Corporation) C:\Windows\system32\WISOWINS.OCX
2015-02-04 12:06 - 2003-10-30 17:48 - 00134144 _____ (Software FX, Inc.) C:\Windows\system32\SFXBAR.DLL
2015-02-04 12:06 - 2003-10-17 11:15 - 00229376 _____ (ComponentOne ) C:\Windows\system32\WISOPDF.OCX
2015-02-04 12:06 - 2003-10-17 11:12 - 00417792 _____ (ComponentOne) C:\Windows\system32\WISOPRNT.OCX
2015-02-04 12:06 - 2003-02-27 15:33 - 00067584 _____ (Software FX, Inc.) C:\Windows\system32\CFX4DATA.DLL
2015-02-04 12:06 - 2001-08-23 00:00 - 01355776 _____ (Microsoft Corporation) C:\Windows\system32\MSVBVM50.dll
2015-02-04 12:06 - 2000-04-25 22:40 - 00204296 _____ (Microsoft Corporation) C:\Windows\system32\WISORCHT.OCX
2015-02-04 12:06 - 1998-06-24 01:00 - 00140096 _____ (Microsoft Corporation) C:\Windows\system32\WISOCDLG.OCX
2015-02-04 12:06 - 1998-05-22 01:00 - 01059336 _____ (Microsoft Corporation) C:\Windows\system32\WISOCCTL.OCX
2015-02-04 12:06 - 1997-01-16 01:00 - 00958224 _____ (Microsoft Corporation) C:\Windows\system32\WISOCHAR.OCX
2015-02-04 12:06 - 1997-01-16 00:00 - 00200976 _____ (Microsoft) C:\Windows\system32\WISOFGRD.OCX
2015-02-04 12:06 - 1997-01-13 13:26 - 00045840 _____ (Microsoft Corporation) C:\Windows\system32\Msjint35.dll
2015-02-04 12:06 - 1996-12-21 03:15 - 01039360 _____ (Microsoft Corporation) C:\Windows\system32\Msjet35.dll
2015-02-04 12:06 - 1996-12-05 05:17 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\Odbctl32.dll
2015-02-04 12:06 - 1996-12-05 05:15 - 00403216 _____ (Microsoft Corporation) C:\Windows\system32\Msrepl35.dll
2015-02-04 12:06 - 1996-12-05 05:15 - 00251664 _____ (Microsoft Corporation) C:\Windows\system32\Msrd2x35.dll
2015-02-04 12:06 - 1996-12-05 05:15 - 00024336 _____ (Microsoft Corporation) C:\Windows\system32\Msjter35.dll
2015-02-04 12:06 - 1996-01-12 01:00 - 00200704 _____ (Sheridan Software Systems, Inc.) C:\Windows\system32\WISOTHRE.OCX
2015-02-04 12:06 - 1996-01-12 01:00 - 00052736 _____ (Outrider Systems, Inc.) C:\Windows\system32\WISOSPIN.OCX
2015-02-03 17:50 - 2015-01-24 18:13 - 07451478 _____ () C:\Program Files\jes.exe
2015-02-03 17:19 - 2015-02-03 17:19 - 00001729 _____ () C:\Users\berni\Desktop\Kassenbuch6.lnk
2015-02-03 17:19 - 2015-02-03 17:19 - 00000000 ____D () C:\Users\berni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoftwareNetz
2015-02-03 17:19 - 2015-02-03 17:19 - 00000000 ____D () C:\Softwarenetz
2015-02-03 17:19 - 2015-01-23 12:38 - 00181976 _____ (SoftwareNetz) C:\Windows\snui.exe
2015-02-03 17:19 - 2005-05-01 08:00 - 00200704 _____ (DATEV eG Nürnberg) C:\Windows\system32\SELF32.DLL
2015-02-03 17:19 - 2005-05-01 08:00 - 00020864 _____ () C:\Windows\system32\SELF32.TLB
2015-02-03 17:19 - 2005-05-01 08:00 - 00015602 _____ () C:\Windows\system32\SELF32.INI
2015-02-03 10:36 - 2015-02-03 10:36 - 00001343 _____ () C:\Windows\system32\eric.log
2015-02-03 02:33 - 2015-02-03 02:40 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2015-02-03 01:28 - 2015-02-04 15:09 - 00013861 _____ () C:\Users\berni\Documents\easyct.ini
2015-01-25 17:12 - 2015-01-25 17:12 - 00002086 _____ () C:\Users\berni\AppData\Roaming\CIUZJIT
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\berni\AppData\Roaming\OLHS
2015-01-22 17:54 - 2015-01-22 17:58 - 00000000 ____D () C:\Users\berni\AppData\Local\elfopatch
2015-01-22 10:43 - 2015-01-22 10:43 - 00002028 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-01-17 18:21 - 2015-01-17 18:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 11:29 - 2013-09-21 09:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-16 11:07 - 2012-06-23 07:54 - 00018400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-16 11:07 - 2012-06-23 07:54 - 00018400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-16 11:04 - 2012-04-12 12:23 - 00000000 ____D () C:\Users\berni
2015-02-16 11:03 - 2012-04-12 12:12 - 02021158 _____ () C:\Windows\WindowsUpdate.log
2015-02-16 10:59 - 2012-09-11 11:48 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-16 10:59 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-16 10:59 - 2009-07-14 05:39 - 00016981 _____ () C:\Windows\setupact.log
2015-02-16 10:58 - 2012-04-15 10:03 - 00387978 _____ () C:\Windows\PFRO.log
2015-02-15 20:47 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-02-15 20:17 - 2014-09-12 09:43 - 00000000 ____D () C:\Users\berni\AppData\Roaming\Host System
2015-02-15 19:42 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-02-15 15:57 - 2012-04-12 12:50 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-15 15:46 - 2012-09-11 11:48 - 00000000 ____D () C:\Program Files\Google
2015-02-15 15:46 - 2012-06-28 09:23 - 00000000 ____D () C:\Users\berni\AppData\Local\Google
2015-02-15 15:27 - 2014-02-19 19:15 - 00000000 ____D () C:\Windows\Minidump
2015-02-15 15:03 - 2009-07-14 09:57 - 00000000 ____D () C:\Windows\CSC
2015-02-15 15:01 - 2012-04-12 12:23 - 00000000 __SHD () C:\Recovery
2015-02-15 15:01 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-02-13 00:45 - 2012-05-29 10:31 - 00000000 ____D () C:\Users\berni\AppData\Local\Alibre Design
2015-02-13 00:01 - 2012-05-29 10:31 - 00000000 ____D () C:\Users\berni\AppData\Roaming\Alibre Design
2015-02-12 23:58 - 2012-10-26 23:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DRAGON
2015-02-12 23:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-12 22:58 - 2012-06-08 23:20 - 00000500 _____ () C:\Windows\system32\Drivers\iaxext_836.set
2015-02-12 22:58 - 2012-06-08 23:20 - 00000500 _____ () C:\Windows\system32\Drivers\dcompbg374.dat
2015-02-12 22:58 - 2012-06-08 23:20 - 00000500 _____ () C:\Windows\d_iclink327.ini
2015-02-12 22:44 - 2012-11-07 14:20 - 00000000 ____D () C:\Users\berni\AppData\Roaming\ZW3D 2012 Eng
2015-02-12 22:17 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-12 10:19 - 2009-07-14 05:33 - 02849808 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 00:53 - 2014-12-11 11:14 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 00:53 - 2014-05-01 00:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 00:53 - 2013-08-15 23:49 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 00:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-02-12 00:47 - 2012-04-15 15:53 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-12 00:46 - 2012-04-14 23:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-12 00:46 - 2009-07-14 03:04 - 00000604 _____ () C:\Windows\win.ini
2015-02-12 00:43 - 2012-05-01 00:32 - 00002173 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-12 00:43 - 2012-04-12 15:36 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-02-12 00:43 - 2012-04-12 15:35 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-11 19:01 - 2012-12-09 15:02 - 00000000 ____D () C:\Users\berni\AppData\Roaming\Autodesk
2015-02-10 22:52 - 2012-09-16 18:09 - 00001084 _____ () C:\Users\berni\Desktop\iexplore.lnk
2015-02-10 22:52 - 2012-06-22 10:07 - 00001075 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-10 22:52 - 2012-06-22 10:07 - 00001063 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-10 22:52 - 2012-04-20 14:38 - 00000989 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-02-10 22:52 - 2012-04-20 14:38 - 00000977 _____ () C:\Users\Public\Desktop\Opera.lnk
2015-02-10 22:52 - 2012-04-12 12:23 - 00001204 _____ () C:\Users\berni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-10 22:20 - 2012-05-02 09:27 - 00000000 ____D () C:\Program Files\phase5
2015-02-10 19:13 - 2012-04-14 18:40 - 00000000 ____D () C:\Program Files\Adobe
2015-02-10 18:49 - 2014-05-11 16:54 - 00000000 ____D () C:\Users\berni\Documents\Visual Studio 2010
2015-02-10 18:47 - 2012-04-12 13:26 - 00000000 ____D () C:\Users\berni\AppData\Local\Downloaded Installations
2015-02-10 10:37 - 2009-07-14 03:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-02-09 16:03 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Public\Libraries
2015-02-08 01:17 - 2012-04-12 12:20 - 01608924 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-05 09:29 - 2012-04-12 14:24 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 09:29 - 2012-04-12 14:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-04 19:02 - 2012-06-11 00:24 - 00000390 _____ () C:\Windows\wiso.ini
2015-02-04 18:45 - 2013-05-07 20:54 - 00189432 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-02-04 18:35 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-04 15:12 - 2012-06-07 23:09 - 00000082 _____ () C:\Windows\odbc_merge.INI
2015-02-04 09:21 - 2012-09-11 11:48 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-02 12:01 - 2012-04-17 10:00 - 00001901 _____ () C:\Windows\panose.bin
2015-02-02 08:19 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-31 19:11 - 2012-04-13 17:37 - 00000000 ____D () C:\Users\berni\AppData\Roaming\FileZilla
2015-01-31 18:49 - 2012-11-20 17:07 - 00002002 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2015-01-31 18:49 - 2012-11-20 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-01-31 18:49 - 2012-04-13 17:38 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2015-01-23 00:44 - 2012-04-29 11:17 - 00000000 ____D () C:\Users\berni\AppData\Roaming\MyPhoneExplorer
2015-01-22 17:58 - 2012-04-23 10:04 - 00000000 ____D () C:\Program Files\ElsterFormular
2015-01-22 17:55 - 2013-12-21 15:52 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-22 10:43 - 2015-01-16 19:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-01-22 10:43 - 2012-04-29 11:38 - 01237986 _____ () C:\Windows\DPINST.LOG
2015-01-18 10:47 - 2012-06-22 10:07 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2015-02-03 17:50 - 2015-01-24 18:13 - 7451478 _____ () C:\Program Files\jes.exe
2014-04-16 23:23 - 2014-04-15 12:58 - 0023040 _____ () C:\Program Files\processing-java.exe
2014-04-16 23:23 - 2014-04-15 12:58 - 0667136 _____ () C:\Program Files\processing.exe
2014-04-16 23:23 - 2014-04-15 12:57 - 0182855 _____ () C:\Program Files\revisions.txt
2014-09-12 00:08 - 2014-09-12 22:53 - 0001161 _____ () C:\Users\berni\AppData\Roaming\ACInitialize.log
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\berni\AppData\Roaming\CIUZJIT
2012-11-10 14:45 - 2012-11-10 14:55 - 0000172 _____ () C:\Users\berni\AppData\Roaming\Melt.bat
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\berni\AppData\Roaming\OLHS
2014-01-07 17:22 - 2014-01-07 17:22 - 0000016 ____H () C:\Users\berni\AppData\Local\citpt.dat
2015-01-16 19:16 - 2015-01-16 19:17 - 28488056 _____ (Sony Mobile Communications                                  ) C:\Users\berni\AppData\Local\pcc.exe
2012-08-10 23:02 - 2012-08-10 23:02 - 0000004 _____ () C:\Users\berni\AppData\Local\pcdit.dat
2013-02-18 23:53 - 2013-02-19 00:24 - 0000012 _____ () C:\ProgramData\.glInit02.dat
2014-12-15 19:24 - 2014-12-15 19:24 - 0005054 _____ () C:\ProgramData\eqkupahe.bft
2012-05-10 20:54 - 2012-11-22 18:07 - 0001175 _____ () C:\ProgramData\hpzinstall.log
2012-05-25 22:46 - 2012-05-25 22:46 - 0000036 _____ () C:\ProgramData\InstallAlibre.config
2013-12-12 12:22 - 2013-12-12 12:22 - 0005084 _____ () C:\ProgramData\yotmwslu.srw

Files to move or delete:
====================
C:\ProgramData\.glInit02.dat


Some content of TEMP:
====================
C:\Users\berni\AppData\Local\Temp\Quarantine.exe
C:\Users\berni\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-15 20:37

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Hier der Inhalt von Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-02-2015
Ran by berni at 2015-02-16 12:04:39
Running from C:\Users\berni\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

123D Design R1.6 (HKLM\...\123D Design) (Version: 1.6.41 - Autodesk, Inc.)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
8000A809 (Version: 140.0.000.000 - Hewlett-Packard) Hidden
8000A809_eDocs (Version: 140.0.000.000 - Hewlett-Packard) Hidden
8000A809_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Design Standard (HKLM\...\Adobe_1e3ba55b33b1e8227645fb9c82acca3) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe PageMaker 6.5 (HKLM\...\Adobe PageMaker 6.5) (Version:  - )
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alibre Design (HKLM\...\{127D8270-7240-4427-BCD5-F7409CB63F40}) (Version: 14.0.4.14056 - Alibre, Inc.)
AMD Catalyst Install Manager (HKLM\...\{DE7D695C-2EC7-AFDF-F786-6E938DE83175}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Antenna (HKLM\...\Antenna) (Version: 4.81.0.593 - by Stormdance)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arduino (HKLM\...\Arduino) (Version: 1.0.5-r2 - Arduino LLC)
Artisteer 4 (HKLM\...\Artisteer 4) (Version: 4.1 - Extensoft)
Aspire 3.0 (HKLM\...\Aspire) (Version: 3.0 - Vectric)
Autodesk 123D 32 Bit (HKLM\...\{ED02E3F5-2E0E-4FD8-9FE9-185194B66A5C}) (Version: 1.0.5 - Autodesk)
Autodesk 123D Catch (HKLM\...\{413A0A2B-D154-4457-833F-3299DB3183FF}) (Version: 1.0.654 - Autodesk)
Autodesk 123D Make 1.6.0 (HKLM\...\{88FF8A21-F198-43DF-A5D9-80009EB620A8}) (Version: 1.60.0000 - Autodesk)
Autodesk Material Library 2013 (HKLM\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.14 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.14 - Autodesk)
Avanquest update (HKLM\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.31 - Avanquest Software)
AVM FRITZ!Box Dokumentation (HKLM\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
AVM FRITZ!fax für FRITZ!Box (HKLM\...\FRITZ! 2.0) (Version:  - AVM Berlin)
BPDSoftware (Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
Bryce 7.1 (HKLM\...\Bryce 7.1 7.1.0.74) (Version: 7.1.0.74 - DAZ 3D)
BufferChm (Version: 140.0.213.000 - Hewlett-Packard) Hidden
CamBam plus 0.9.8 (HKLM\...\{1512CC8C-3392-4496-B883-DD37FB246586}) (Version: 0.9.9006 - HexRay Ltd)
Carrara  8.5 (HKLM\...\Carrara  8.5 8.5.0.243) (Version: 8.5.0.243 - DAZ 3D)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Corel Graphics - Windows Shell Extension (HKLM\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - BR (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - DE (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - EN (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - ES (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Extra Content (HKLM\...\_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}) (Version:  - Corel Corporation)
CorelDRAW Graphics Suite X5 - Extra Content (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FR (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IT (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - NL (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Premium Fonts (Version: 1.00.0000 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X5 (HKLM\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation)
CR2 Converter (HKLM\...\{775F32A5-7BA0-4717-89D0-32B3EC25B2C9}_is1) (Version:  - cr2converter.com)
Cut3D 1.025 (HKLM\...\Cut3D) (Version: 1.025 - Vectric Limited)
DAZ Content Management Service (HKLM\...\DAZ Content Management Service 4.8.1.7) (Version: 4.8.1.7 - DAZ 3D)
DAZ Install Manager (HKLM\...\DAZ Install Manager 1.0.1.108) (Version: 1.0.1.108 - DAZ 3D)
DAZ Studio 4.5 (HKLM\...\DAZ Studio 4.5 4.5.1.56) (Version: 4.5.1.56 - DAZ 3D)
DeviceDiscovery (Version: 140.0.213.000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
ElsterFormular (HKLM\...\ElsterFormular 13.2.0.8623k) (Version: 16.0.15910 - Landesfinanzdirektion Thüringen)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Estlcam (HKLM\...\Estlcam) (Version:  - )
FileZilla Client 3.10.1 (HKLM\...\FileZilla Client) (Version: 3.10.1 - Tim Kosse)
Firebird 2.1.3 (HKLM\...\Lokaler Firebird-Server_is1) (Version:  - )
Firefly (HKLM\...\{E4B24A8D-49F7-4247-98A6-CE48C6EB8B40}) (Version: 1.0.68 - Andrew Payne)
Flip 3.4.7 (HKLM\...\flip.exe) (Version: 3.4.7 - Atmel)
Foscam Web Components Test 2.0.0.99 (HKLM\...\{7E8ADAF8-7E63-4E11-88BF-9E0E7513D7A5}_is1) (Version: 2.0.0.99 - FOSCAM)
Ghostscript GPL 8.64 (Msi Setup) (HKLM\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (Version: 8.64 - Corel Corporation) Hidden
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
Hotfix für Microsoft Visual Basic 2010 Express - DEU (KB2635973) (HKLM\...\{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}.KB2635973) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Designjet 3D Software Solution 1.1 (HKLM\...\{3100A54E-7256-4D77-96B6-F51E910425F4}) (Version: 1.1 - Hewlett-Packard)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet Pro 8000 A809 Series (HKLM\...\{A9E695CB-A6AA-4B4C-9754-BA3CFF1C3B00}) (Version: 14.0 - HP)
HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 140.0.212.000 - Hewlett-Packard) Hidden
IIS 7.5 Express (HKLM\...\{100A46D7-2CA2-4E8A-9D2F-A5D9E66AB228}) (Version: 7.5.1190 - Microsoft Corporation)
IP Camera Viewer 2 (HKLM\...\IP Camera Viewer_is1) (Version:  - DeskShare Inc.)
IPCWebComponents 3.0.0.1 (HKLM\...\{4740E1B2-51CF-4083-8976-D6B3B5A5064F}_is1) (Version: 3.0.0.1 - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
ISO Recorder (HKLM\...\{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}) (Version: 3.0.0 - Alex Feinman)
Java 8 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)
Java SE Development Kit 8 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180000}) (Version: 8.0.0 - Oracle Corporation)
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Lewetz Real-time Driver (HKLM\...\Lewetz Real-time Driver) (Version:  - )
Lotus Organizer 6.0 (HKLM\...\Organizer V99.1) (Version:  - )
MarketResearch (Version: 140.0.214.000 - Hewlett-Packard) Hidden
MeshLab 1.3.3 (HKLM\...\MeshLab) (Version: 1.3.3 - Paolo Cignoni, Guido Ranzuglia VCG - ISTI - CNR)
Meshmixer (HKLM\...\Meshmixer_x86) (Version:  - )
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{A106D33E-6B43-42C0-9BFC-D03303261FA7}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU  (HKLM\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU  (HKLM\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - DEU (HKLM\...\Microsoft Visual Basic 2010 Express - DEU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (HKLM\...\{76DAEC83-AF7B-333C-8A53-83D7C7D39199}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 de) (HKLM\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MSI Afterburner 4.0.0 (HKLM\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
myPrintMileage (Officejet Pro 8000 A809) (HKLM\...\{366584A4-1D35-49B2-97B3-C803DDFCC543}) (Version: 1.00.0000 - Hewlett-Packard)
NEC Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.20.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.20.0 - NEC Electronics Corporation) Hidden
netfabb Basic (HKLM\...\netfabb_51) (Version:  - netfabb GmbH)
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Opera 12.12 (HKLM\...\Opera 12.12.1707) (Version: 12.12.1707 - Opera Software ASA)
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
PDF-XChange Lite 2012 (HKLM\...\{25CFCE3C-5C95-49CB-B63A-E2861E6C0C98}_is1) (Version: 5.0.260.0 - Tracker Software Products Ltd)
Phase 5 HTML-Editor (HKLM\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
PRGrep (HKLM\...\PRGrep) (Version:  - )
ProductContext (Version: 140.0.000.000 - Hewlett-Packard) Hidden
Punch! Shark FX v7 (HKLM\...\Punch! Shark FX v7) (Version:  - Punch Software, LLC)
Punch! Shark FX v7 SP1 (HKLM\...\Punch! Shark FX v7 SP1) (Version:  - Punch Software, LLC)
Python 2.7.6 (HKLM\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E2}) (Version: 2.7.6150 - Python Software Foundation)
Python 3.4.0 (HKLM\...\{a37f2d73-72d1-364d-ba5d-cea430bcc040}) (Version: 3.4.150 - Python Software Foundation)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6151 - Realtek Semiconductor Corp.)
Repetier-Host Version 1.0.6 (HKLM\...\{1143F758-929B-4EEB-8784-46CCB622F037}_is1) (Version: 1.0.6 - repetier)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Rhinoceros 5 (HKLM\...\{697E9620-BEFE-4F0A-866F-743E78ED9840}) (Version: 5.10.41201.11145 - Robert McNeel & Associates)
Rhinoceros 5 Help Media (HKLM\...\{C16F10E2-C495-4A90-9397-D16FB3AA2D38}) (Version: 5.6.31022.17415 - Robert McNeel & Associates)
Rhinoceros 5 Language Pack Installer (de-DE) (HKLM\...\{166FB860-0D9A-4B63-934D-EBEFDB4F99FD}) (Version: 5.6.31022.17415 - Robert McNeel & Associates)
Security Task Manager 2.0d (HKLM\...\Security Task Manager) (Version: 2.0d - Neuber Software)
Serif WebPlus X7 (HKLM\...\{8DAD16D4-733D-4F62-8A36-0B0FB2F72084}) (Version: 15.0.4.38 - Serif (Europe) Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SmartWebPrinting (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Softwarenetz Kassenbuch6 (HKLM\...\Kassenbuch6) (Version:  - Softwarenetz)
SolutionCenter (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Sony PC Companion 2.10.245 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.245 - Sony)
Status (Version: 140.0.256.000 - Hewlett-Packard) Hidden
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
SyncToy 2.1 (x86) (HKLM\...\{A066194B-DC8F-449A-8E0F-B57BDD3A2072}) (Version: 2.1.0 - Microsoft)
TFD128 (HKLM\...\TFD128) (Version: 1.01 - ELV Elektronik AG)
TFD128 (Version: 1.01 - ELV Elektronik AG) Hidden
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-2660644256-920559868-219131753-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Vectric Shell Extensions 1.2 (HKLM\...\VectricThumbnailShellExt) (Version:  - Vectric)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation)
WebPlus Content: Home Improvement & Services Collection 2 (HKLM\...\{E4168A35-5F5F-4FB3-A91C-0327FDA1C622}) (Version: 1.2.0.027 - Serif (Europe) Ltd)
WebReg (Version: 140.0.213.017 - Hewlett-Packard) Hidden
WinAVR 20100110 (remove only) (HKLM\...\WinAVR-20100110) (Version: 20100110 - )
Windows 7 Upgrade Advisor (HKLM\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Arduino LLC (www.arduino.cc) Arduino Boards (01/01/2013 1.0.0.0) (HKLM\...\27F112693ABDF0F56F902294F4BF6B9EE3B8C6D0) (Version: 01/01/2013 1.0.0.0 - Arduino LLC (www.arduino.cc))
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinHTTrack Website Copier 3.48-19 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.19 - HTTrack)
WinMerge 2.14.0 (HKLM\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinRAR 4.11 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
WOW Slider (HKLM\...\WOW Slider_is1) (Version:  - )
ZW3D 2012  (Version: 3.2.12.1018 - ZWCAD Software Co.,Ltd) Hidden
ZW3D 2012 Eng (HKLM\...\{F5E849B9-17EB-4c12-9B48-D18227426E43}) (Version: 3.2.12.1018 - ZWCAD Software Co.,Ltd)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{02629f4c-5f38-5c7d-8484-6a0ddcc77346}\InprocServer32 -> C:\Users\berni\AppData\Local\Autodesk\123DPlugins\Autodesk 123D CNC Utility321.0.33\npAutodesk123DCNC32.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{030B4A80-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{030B4A81-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{030B4A82-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\berni\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{047466F1-82AE-455A-AFC4-D3AC463FBF6B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{1F6F8D20-1B7D-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{21D93911-CB0F-11D0-84AC-00A0C90DC8A9}\InprocServer32 -> C:\Windows\system32\msdbrptr.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{21D93913-CB0F-11D0-84AC-00A0C90DC8A9}\InprocServer32 -> C:\Windows\system32\msdbrptr.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{2B11E9B0-9F09-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\Windows\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\berni\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\berni\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{59245250-7A2F-11D0-9482-00A0C91110ED}\InprocServer32 -> C:\Windows\system32\msbind.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{6262D3A0-531B-11CF-91F6-C2863C385E30}\InprocServer32 -> C:\Windows\System32\WISOFGRD.OCX (Microsoft)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\berni\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\berni\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{642AC766-AAB4-11D0-8494-00A0C90DC8A9}\InprocServer32 -> C:\Windows\system32\msdbrptr.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{699DDBCC-DC7E-11D0-BCF7-00C04FC2FB86}\InprocServer32 -> C:\Windows\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\berni\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{6D835690-900B-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\Windows\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{6FBA474B-43AC-11CE-9A0E-00AA0062BB4C}\InprocServer32 -> C:\Windows\system32\sysinfo.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{78E93847-85FD-11D0-8487-00A0C90DC8A9}\InprocServer32 -> C:\Windows\system32\msdbrptr.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{7EBDAAE0-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{7EBDAAE1-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{7EBDAAE2-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\berni\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{99FF4677-FFC3-11D0-BD02-00C04FC2FB86}\InprocServer32 -> C:\Windows\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\berni\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\berni\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{a81fca08-3174-5e87-a5b2-b1ce197b9def}\InprocServer32 -> C:\Users\berni\AppData\Local\Autodesk\123DPlugins\Autodesk 123D Shapes321.0.97\npAutodesk123DShapes32.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{BBE548D2-26F3-5890-AB5A-7D2B05E689AB}\InprocServer32 -> C:\Users\berni\AppData\Roaming\Autodesk\Autodesk123D32\1.0.5\npAutodesk123D32.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\berni\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\System32\WISOCDLG.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\berni\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\berni\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

15-02-2015 15:44:31 Revo Uninstaller Pro's restore point - Recuva
15-02-2015 15:45:25 Revo Uninstaller Pro's restore point - Google Chrome
15-02-2015 15:53:30 Revo Uninstaller Pro's restore point - Fine Woodworking Archive 2011
15-02-2015 15:56:14 Removed Fine Woodworking Archive 2011
15-02-2015 19:00:15 Windows-Sicherung
15-02-2015 23:10:06 Revo Uninstaller Pro's restore point - Moment of Inspiration 3.0 trial
15-02-2015 23:17:23 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05E1719B-5D25-49F4-BA41-43395A193EDB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-08-28] (Google Inc.)
Task: {12553AFF-8F72-4D66-95D2-49FCFA97489F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {12EAB35A-9DF9-49FE-B2D0-B8F58EC63A19} - System32\Tasks\{49969818-84B0-4C7E-A79C-77E81596DD42} => Firefox.exe 
Task: {172122A8-2744-4297-806B-F4B6C27EF667} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {1E37A730-B6EE-4E62-A674-3CE779777FD6} - System32\Tasks\{245388A0-3C67-4A5F-91A0-BC41A2F4E602} => pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller"
Task: {37694151-03C6-4F6E-BE48-841A3CDAED55} - System32\Tasks\{9C739D16-D16C-48E6-A463-C15702619639} => pcalua.exe -a F:\Install\setup.exe -d F:\Install
Task: {3E17172E-BE4E-4673-806D-683A641FB3E2} - System32\Tasks\{006A7BC6-2600-4DDA-A83C-1F4E9B9EC3D1} => pcalua.exe -a C:\WORKNC98\exe\msw\setup.exe -d C:\WORKNC98\exe\msw
Task: {42C825CB-CADB-49D0-B1DB-3497DEA0D470} - System32\Tasks\{099029B4-04E6-4A1D-A902-C555BBCA99B7} => pcalua.exe -a F:\start.exe -d F:\
Task: {5445DAA5-21BE-436F-8CB3-5DD1C6EAA1AF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-08-28] (Google Inc.)
Task: {5ECA8259-D7D0-4510-851B-59274F5C953F} - System32\Tasks\CIUZJIT => C:\Users\berni\AppData\Roaming\CIUZJIT.exe <==== ATTENTION
Task: {5FF075F4-EEBE-4EA0-9293-375C2FA4E626} - System32\Tasks\{6743562F-CF73-4546-9C4C-61CFB2677AB0} => pcalua.exe -a D:\daten-privat\bilder-projekte-texte\3d-print\eigener-drucker-bauplaene\RRD_RUMBA_TAURINO_DriverSetup.exe -d D:\daten-privat\bilder-projekte-texte\3d-print\eigener-drucker-bauplaene
Task: {67A92368-986C-4E9A-BACA-B43C993CAF2E} - System32\Tasks\{55BAB9F0-3CD7-40E1-952B-1607723A9AB0} => pcalua.exe -a D:\daten-privat\bilder-projekte\VBA64-KB822150-X86-DEU.exe -d D:\daten-privat\bilder-projekte
Task: {740E1B44-534C-4AAC-A29B-5CB9B428FB21} - System32\Tasks\{C4495108-F060-46ED-9999-4273B867EB8E} => pcalua.exe -a C:\Users\berni\Downloads\VisualCAD-V64-MILL-V91-2012-32Bit-23102012-DEU-DEA-DES.exe -d C:\Users\berni\Downloads
Task: {75241E65-F5E4-4D64-938D-10C8FC54C522} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {76272DF1-8125-436F-A1D0-BF2FDFD2395A} - System32\Tasks\{31E79945-072D-4002-A5DD-FE79EE3E21BB} => pcalua.exe -a "C:\Users\berni\Documents\downloads\complete\Daz3d-Poser-Michael-5-Pro-Bundle.rar\Daz3d Poser Michael 5 Pro Bundle.exe" -d C:\Users\berni\Documents\downloads\complete\Daz3d-Poser-Michael-5-Pro-Bundle.rar
Task: {767187DF-5F7B-4604-8DA2-9B21507D7B1D} - System32\Tasks\{C2D14B9F-3C3C-43CE-83D9-B543954604CC} => Firefox.exe 
Task: {81B01D87-587D-4257-8670-8A8142FA76C0} - System32\Tasks\OLHS => C:\Users\berni\AppData\Roaming\OLHS.exe <==== ATTENTION
Task: {919867C3-F88C-40D1-8344-349253A3A947} - System32\Tasks\{05DBE462-58AF-4B9C-ABA6-629D61E6A34A} => pcalua.exe -a F:\Driver\Setup_Afterburner.exe -d F:\Driver
Task: {C0D8C52A-7B72-4B2F-A7C7-AFB967DBADF2} - System32\Tasks\{7E15388F-5D63-4EB1-B31B-7AB7C87BE947} => pcalua.exe -a "C:\Program Files\WISE Software Solutions\VisualCAM 16.1\Program\VisualCAM.exe" -d "C:\Program Files\WISE Software Solutions\VisualCAM 16.1\Program\"
Task: {EE65E70E-9F51-409A-B0D3-8E105C297482} - System32\Tasks\{4BE8A077-F0F9-488A-9DF0-6B646DDB1668} => pcalua.exe -a C:\Windows\system32\GKSUI20.EXE -c C:\WinPC-NC Economy Demo\UninstallF72F.DAT

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CIUZJIT.job => C:\Users\berni\AppData\Roaming\CIUZJIT.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\OLHS.job => C:\Users\berni\AppData\Roaming\OLHS.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-01-31 14:53 - 2015-01-31 14:53 - 00039200 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00091648 _____ () C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00892416 _____ () C:\Program Files\FileZilla FTP Client\libstdc++-6.dll
2012-04-15 14:21 - 2012-02-17 19:55 - 00166912 _____ () C:\Program Files\WinRAR\rarext.dll
2014-11-29 15:51 - 2009-02-27 15:39 - 00019968 _____ () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.deu
2014-11-29 15:51 - 2009-02-27 15:32 - 00020480 _____ () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
2015-01-16 19:17 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
2015-01-16 19:17 - 2014-12-04 14:18 - 00241152 _____ () C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files\Sony\Sony PC Companion\Report.dll
2015-01-16 19:17 - 2013-05-20 11:58 - 00620718 _____ () C:\Program Files\Sony\Sony PC Companion\sqlite3.dll
2015-01-16 19:17 - 2010-01-11 15:44 - 00053248 _____ () C:\Program Files\Sony\Sony PC Companion\VObject.dll
2014-11-21 12:31 - 2014-11-21 12:31 - 00663040 _____ () C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll
2015-01-16 19:17 - 2014-06-23 08:07 - 00113376 _____ () C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
2014-01-01 13:05 - 2011-05-05 21:36 - 00018432 _____ () C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
2014-01-01 13:05 - 2011-05-05 21:36 - 01221120 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace.dll
2014-01-01 13:05 - 2011-05-05 21:36 - 00791040 _____ () C:\Program Files\DAZ 3D\Content Management Service\VServer_x86.dll
2014-01-01 13:05 - 2011-05-05 21:36 - 00838656 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace_ssl.dll
2014-01-01 13:05 - 2011-05-05 21:36 - 00129536 _____ () C:\Program Files\DAZ 3D\Content Management Service\asnmp.dll
2014-11-20 21:22 - 2014-11-20 21:22 - 00095744 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-01-17 18:21 - 2015-01-17 18:21 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2015-02-05 09:29 - 2015-02-05 09:29 - 16852144 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2660644256-920559868-219131753-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\berni\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^berni^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OPTISetup.lnk => C:\Windows\pss\OPTISetup.lnk.Startup

==================== Accounts: =============================

Administrator (S-1-5-21-2660644256-920559868-219131753-500 - Administrator - Disabled)
berni (S-1-5-21-2660644256-920559868-219131753-1000 - Administrator - Enabled) => C:\Users\berni
Gast (S-1-5-21-2660644256-920559868-219131753-501 - Limited - Enabled)
openpgsvc (S-1-5-21-2660644256-920559868-219131753-1005 - Limited - Enabled) => C:\Users\openpgsvc

==================== Faulty Device Manager Devices =============

Name: Officejet Pro 8000 A809
Description: Officejet Pro 8000 A809
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/15/2015 11:10:06 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {72e42700-abb8-4a71-9fc2-651cc6efbedc}

Error: (02/15/2015 09:12:25 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/15/2015 09:11:33 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/15/2015 09:11:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/15/2015 09:10:03 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/15/2015 08:56:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/15/2015 08:55:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/15/2015 08:54:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/15/2015 08:51:52 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/15/2015 04:19:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.0.5486, Zeitstempel: 0x54af7153
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.0.5486, Zeitstempel: 0x54af69d4
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1640
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3


System errors:
=============
Error: (02/16/2015 11:00:14 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (02/16/2015 11:00:04 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
luafv
SBRE

Error: (02/16/2015 10:59:36 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht.

Error: (02/16/2015 09:28:43 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (02/16/2015 09:28:16 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
luafv
SBRE

Error: (02/16/2015 09:28:05 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht.

Error: (02/16/2015 09:23:17 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (02/16/2015 09:22:42 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
luafv
SBRE

Error: (02/16/2015 09:22:36 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht.

Error: (02/16/2015 01:14:41 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (02/15/2015 11:10:06 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {72e42700-abb8-4a71-9fc2-651cc6efbedc}

Error: (02/15/2015 09:12:25 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Sony\sony pc companion\Drivers\DPInst64.exe

Error: (02/15/2015 09:11:33 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Arduino\drivers\dpinst-amd64.exe

Error: (02/15/2015 09:11:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\AMD\ATI.ACE\core-static\SLSTaskbar64.exe

Error: (02/15/2015 09:10:03 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\Program Files\Microsoft Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe

Error: (02/15/2015 08:56:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Sony\sony pc companion\Drivers\DPInst64.exe

Error: (02/15/2015 08:55:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Arduino\drivers\dpinst-amd64.exe

Error: (02/15/2015 08:54:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\AMD\ATI.ACE\core-static\SLSTaskbar64.exe

Error: (02/15/2015 08:51:52 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\microsoft visual studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe

Error: (02/15/2015 04:19:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.0.548654af7153mozalloc.dll35.0.0.548654af69d48000000300001425164001d049323697c9b7C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dllfacbbb5a-b525-11e4-983c-485b39523f2e


==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X4 925 Processor
Percentage of memory in use: 38%
Total physical RAM: 3327.11 MB
Available physical RAM: 2052.68 MB
Total Pagefile: 6652.52 MB
Available Pagefile: 5196.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1883.52 MB

==================== Drives ================================

Drive c: (papas-system) (Fixed) (Total:931.51 GB) (Free:855.35 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (papas-daten) (Fixed) (Total:931.51 GB) (Free:713.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: EE5BEE5B)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: EE5BEE5C)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus · 16.02.2015, 13:09

Ist das ein gewerblich gentuztes System? Wenn ja, bitte lesen => http://www.trojaner-board.de/108422-...-anfragen.html

bernizde · 16.02.2015, 13:44

Nein, das ist kein gewerblich genutztes System.
Allerdings habe ich in meiner Zeit als Designer und Dozent professionelle Software zu schätzen gelernt und benutze sie auch für alles, was mich interessiert und was hier in Haus und Hof zu erledigen ist. :-)

cosinus · 16.02.2015, 13:51

Ok, sah aber so aus nach Büro-PC mit der Software-Ausstattung...

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

bernizde · 16.02.2015, 15:56

Ok - kein Problem.

Dann geht es jetzt los...

... ich habe gerade Microsoft Security Essentials (MSE) in der Systemsteuerung deaktiviert.
Das Entpacken von Combofix lief glatt durch.
Allerdings meckert Combofix jetzt dass das obige Programm noch aktiv ist.
Hilft hier vielleicht ein Neustart des Rechners mit ausgeschaltetem MSE?

So - nun ist Combofix ohne Stocken durch und hat folgendes Logfile erzeugt:

Code:

ATTFilter

ComboFix 15-02-16.01 - berni 16.02.2015  15:19:25.1.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3327.1841 [GMT 1:00]
ausgeführt von:: c:\users\berni\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\3D3
c:\programdata\3D3\mm.db
c:\programdata\3D3\thumbnail.db
c:\programdata\ntuser.pol
c:\users\berni\AppData\Local\pcc.exe
c:\users\berni\AppData\Roaming\Melt.bat
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\system32\AdobePDF.dll
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_HostService
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-01-16 bis 2015-02-16  ))))))))))))))))))))))))))))))
.
.
2015-02-16 14:26 . 2015-02-16 14:28	--------	d-----w-	c:\users\berni\AppData\Local\temp
2015-02-16 14:26 . 2015-02-16 14:26	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-02-16 13:35 . 2015-02-16 13:35	39464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29A813D9-647C-46EA-AD87-5934887B3DFE}\MpKsl9b4b30ca.sys
2015-02-16 11:03 . 2015-02-16 11:05	--------	d-----w-	C:\FRST
2015-02-16 09:47 . 2015-02-16 09:48	--------	d-----w-	c:\programdata\SecTaskMan
2015-02-16 09:47 . 2015-02-16 09:47	--------	d-----w-	c:\users\berni\AppData\Local\SecTaskMan
2015-02-16 09:20 . 2014-12-02 11:01	9054624	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29A813D9-647C-46EA-AD87-5934887B3DFE}\mpengine.dll
2015-02-15 22:17 . 2014-12-02 11:01	9054624	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-02-15 15:01 . 2015-02-15 15:01	--------	d-----w-	c:\program files\ESET
2015-02-12 14:32 . 2015-01-23 03:43	620032	----a-w-	c:\windows\system32\jscript9diag.dll
2015-02-12 14:32 . 2015-01-23 03:17	4300800	----a-w-	c:\windows\system32\jscript9.dll
2015-02-11 13:04 . 2015-02-11 13:04	--------	d-----w-	c:\users\berni\AppData\Local\Programs
2015-02-11 12:37 . 2015-02-11 12:37	--------	d-----w-	C:\perflogs
2015-02-11 10:01 . 2015-01-14 05:44	3972544	----a-w-	c:\windows\system32\ntkrnlpa.exe
2015-02-11 10:00 . 2015-01-12 02:05	64000	----a-w-	c:\windows\system32\MshtmlDac.dll
2015-02-11 10:00 . 2015-01-12 01:22	1155072	----a-w-	c:\windows\system32\mshtmlmedia.dll
2015-02-11 10:00 . 2015-01-12 01:36	817664	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2015-02-11 10:00 . 2015-01-12 02:16	10948096	----a-w-	c:\program files\Internet Explorer\F12Resources.dll
2015-02-11 10:00 . 2015-01-12 02:08	503296	----a-w-	c:\windows\system32\vbscript.dll
2015-02-11 10:00 . 2014-12-12 05:07	1174528	----a-w-	c:\windows\system32\crypt32.dll
2015-02-11 10:00 . 2014-07-07 01:40	179200	----a-w-	c:\windows\system32\wintrust.dll
2015-02-11 10:00 . 2014-07-07 01:40	143872	----a-w-	c:\windows\system32\cryptsvc.dll
2015-02-11 10:00 . 2014-12-08 02:46	308224	----a-w-	c:\windows\system32\scesrv.dll
2015-02-11 09:59 . 2015-01-13 02:49	1230336	----a-w-	c:\windows\system32\WindowsCodecs.dll
2015-02-11 09:23 . 2014-09-17 07:39	908840	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7D6CE941-8F7E-4D94-9259-DA0835EE8BE8}\gapaengine.dll
2015-02-10 21:38 . 2015-02-10 21:38	--------	d-----w-	c:\program files\Security Task Manager
2015-02-10 17:32 . 2015-02-15 19:18	--------	d-----w-	c:\programdata\{8ad8b9bb-6923-8ea1-8ad8-8b9bb692e6ed}
2015-02-10 15:11 . 2015-02-10 15:11	--------	d-----w-	c:\users\berni\AppData\Local\Wondershare
2015-02-10 15:11 . 2015-02-10 15:11	--------	d-----w-	c:\program files\Common Files\Wondershare
2015-02-06 17:02 . 2006-05-29 00:00	16384	----a-w-	c:\windows\system32\avmprmon.dll
2015-02-06 14:05 . 2006-12-14 11:42	69120	----a-r-	c:\windows\system32\avmadd32.dll
2015-02-06 14:05 . 2015-02-06 14:05	--------	d-----w-	c:\program files\FRITZ!Box
2015-02-03 16:50 . 2015-01-24 17:13	7451478	----a-w-	c:\program files\jes.exe
2015-02-03 16:19 . 2015-01-23 11:38	181976	----a-w-	c:\windows\snui.exe
2015-02-03 16:19 . 2005-05-01 07:00	200704	----a-w-	c:\windows\system32\SELF32.DLL
2015-02-03 16:19 . 2015-02-03 16:19	--------	d-----w-	C:\Softwarenetz
2015-02-03 01:33 . 2015-02-03 01:40	--------	d-----w-	c:\programdata\Buhl Data Service GmbH
2015-01-22 16:54 . 2015-01-22 16:58	--------	d-----w-	c:\users\berni\AppData\Local\elfopatch
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-05 08:29 . 2012-04-12 13:24	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-05 08:29 . 2012-04-12 13:24	701616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-12-31 11:13 . 2012-04-12 11:58	249488	------w-	c:\windows\system32\MpSigStub.exe
2014-12-19 02:43 . 2015-01-14 09:00	164864	----a-w-	c:\windows\system32\profsvc.dll
2014-12-19 01:34 . 2015-01-14 09:00	116224	----a-w-	c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47 . 2015-01-14 09:00	46592	----a-w-	c:\windows\system32\TSWbPrxy.exe
2014-12-06 03:50 . 2015-01-14 09:00	242688	----a-w-	c:\windows\system32\nlasvc.dll
2014-12-02 12:39 . 2014-12-02 12:39	15369544	----a-r-	c:\users\berni\AppData\Roaming\Microsoft\Installer\{413A0A2B-D154-4457-833F-3299DB3183FF}\PhotoSceneEditor.exe
2014-11-21 02:44 . 2014-11-21 02:44	118096	----a-w-	c:\windows\system32\amdhcp32.dll
2014-11-21 02:44 . 2014-11-21 02:44	71704	----a-w-	c:\windows\system32\atimpc32.dll
2014-11-21 02:44 . 2014-11-21 02:44	71704	----a-w-	c:\windows\system32\amdpcom32.dll
2014-11-21 02:44 . 2013-08-30 08:00	126848	----a-w-	c:\windows\system32\atiuxpag.dll
2014-11-21 02:44 . 2014-11-21 02:44	100032	----a-w-	c:\windows\system32\atiu9pag.dll
2014-11-21 02:44 . 2013-08-30 08:00	1127496	----a-w-	c:\windows\system32\aticfx32.dll
2014-11-21 02:44 . 2013-08-30 07:59	9401480	----a-w-	c:\windows\system32\atidxx32.dll
2014-11-21 02:43 . 2014-11-21 02:43	7558816	----a-w-	c:\windows\system32\atiumdva.dll
2014-11-21 02:43 . 2014-11-21 02:43	7077776	----a-w-	c:\windows\system32\atiumdag.dll
2014-11-21 02:41 . 2014-11-21 02:41	265416	----a-w-	c:\windows\system32\drivers\amdacpksd.sys
2014-11-21 02:38 . 2014-11-21 02:38	16955392	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2014-11-21 02:33 . 2014-11-21 02:33	203776	----a-w-	c:\windows\system32\clinfo.exe
2014-11-21 02:33 . 2014-11-21 02:33	83456	----a-w-	c:\windows\system32\OpenVideo.dll
2014-11-21 02:33 . 2014-11-21 02:33	73216	----a-w-	c:\windows\system32\OVDecode.dll
2014-11-21 02:32 . 2014-11-21 02:32	40987136	----a-w-	c:\windows\system32\amdocl.dll
2014-11-21 02:31 . 2014-11-21 02:31	58880	----a-w-	c:\windows\system32\OpenCL.dll
2014-11-21 02:19 . 2014-11-21 02:19	23621632	----a-w-	c:\windows\system32\atioglxx.dll
2014-11-21 02:19 . 2014-11-21 02:19	38912	----a-w-	c:\windows\system32\amdmmcl.dll
2014-11-21 02:18 . 2014-11-21 02:18	113664	----a-w-	c:\windows\system32\mantle32.dll
2014-11-21 02:17 . 2014-11-21 02:17	367104	----a-w-	c:\windows\system32\atiapfxx.exe
2014-11-21 02:17 . 2014-11-21 02:17	52224	----a-w-	c:\windows\system32\aticalrt.dll
2014-11-21 02:16 . 2014-11-21 02:16	49152	----a-w-	c:\windows\system32\aticalcl.dll
2014-11-21 02:16 . 2014-11-21 02:16	14302208	----a-w-	c:\windows\system32\aticaldd.dll
2014-11-21 02:15 . 2014-11-21 02:15	4590592	----a-w-	c:\windows\system32\amdmantle32.dll
2014-11-21 02:13 . 2014-11-21 02:13	85504	----a-w-	c:\windows\system32\mantleaxl32.dll
2014-11-21 02:12 . 2014-11-21 02:12	442368	----a-w-	c:\windows\system32\atidemgy.dll
2014-11-21 02:12 . 2014-11-21 02:12	30720	----a-w-	c:\windows\system32\atimuixx.dll
2014-11-21 02:12 . 2014-11-21 02:12	626688	----a-w-	c:\windows\system32\atieclxx.exe
2014-11-21 02:12 . 2014-11-21 02:12	212992	----a-w-	c:\windows\system32\atiesrxx.exe
2014-11-21 02:12 . 2014-11-21 02:12	164352	----a-w-	c:\windows\system32\atitmmxx.dll
2014-11-21 02:10 . 2014-11-21 02:10	651264	----a-w-	c:\windows\system32\coinst_14.50.dll
2014-11-21 02:09 . 2014-11-21 02:09	90112	----a-w-	c:\windows\system32\amdave32.dll
2014-11-21 02:09 . 2014-11-21 02:09	80896	----a-w-	c:\windows\system32\atisamu32.dll
2014-11-21 02:09 . 2014-11-21 02:09	903168	----a-w-	c:\windows\system32\atiadlxx.dll
2014-11-21 02:09 . 2014-11-21 02:09	69632	----a-w-	c:\windows\system32\atiglpxx.dll
2014-11-21 02:08 . 2014-11-21 02:08	133632	----a-w-	c:\windows\system32\atigktxx.dll
2014-11-21 02:08 . 2014-11-21 02:08	43520	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2014-11-21 02:08 . 2014-11-21 02:08	472576	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2014-11-20 20:35 . 2014-11-20 20:35	38912	----a-w-	c:\windows\system32\kdbsdk32.dll
2014-11-19 03:31 . 2014-11-19 03:31	1217192	----a-w-	c:\windows\system32\FM20.DLL
2014-04-15 11:58 . 2014-04-16 22:23	667136	----a-w-	c:\program files\processing.exe
2014-04-15 11:58 . 2014-04-16 22:23	23040	----a-w-	c:\program files\processing-java.exe
2011-03-04 11:30 . 2015-01-17 17:21	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2014-11-27 466144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-03-30 113296]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-06 9394792]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 978520]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"StartCCC"="c:\program files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe" [2014-11-20 748232]
.
c:\users\berni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Lotus Organizer EasyClip.lnk - c:\lotus\organize\easyclip6.exe /LDE [1999-9-15 229432]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^berni^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OPTISetup.lnk]
path=c:\users\berni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OPTISetup.lnk
backup=c:\windows\pss\OPTISetup.lnk.Startup
backupExtension=.Startup
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 8df1bcd0;Optimizer Pro Crash Monitor;c:\windows\system32\rundll32.exe [2009-07-14 44544]
R2 McNeelUpdate;McNeel Update Service 5.0;c:\program files\McNeelUpdate\5.0\McNeelUpdateService.exe [2014-12-01 67944]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-01-12 102912]
R3 libusb0;Atmel - LibUsb Kernel Driver 10/02/2010 1.2.2.0;c:\windows\system32\DRIVERS\libusb0.sys [2012-07-26 35392]
R3 MSICDSetup;MSICDSetup;F:\CDriver.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-23 1343400]
S1 Kithara-Lewetz;Lewetz Real-time Driver;c:\windows\system32\Lewetz.sys [2010-01-15 302912]
S1 MpKsl9b4b30ca;MpKsl9b4b30ca;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29A813D9-647C-46EA-AD87-5934887B3DFE}\MpKsl9b4b30ca.sys [2015-02-16 39464]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2014-11-21 212992]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [2014-11-20 276992]
S2 AODDriver4.3;AODDriver4.3;c:\program files\AMD\ATI.ACE\Fuel\i386\AODDriver2.sys [2014-02-11 50400]
S2 FirebirdGuardianMondoLocal21;Firebird Guardian - MondoLocal21;c:\program files\Common Files\Mondo Media\FirebirdLocal21\bin\fbguard.exe [2010-05-19 81920]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-11-15 95408]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2014-06-21 77824]
S3 FirebirdServerMondoLocal21;Firebird Server - MondoLocal21;c:\program files\Common Files\Mondo Media\FirebirdLocal21\bin\fbserver.exe [2010-05-19 2736128]
S3 Mach3;Mach3 Pulseing Service;c:\windows\system32\Drivers\Mach3.sys [2011-04-11 109344]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2015-01-30 284472]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-02-24 60544]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-02-24 141568]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2015-02-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 08:29]
.
2015-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-11 22:05]
.
2015-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-11 22:05]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = www.google.com
uDefault_Search_URL = www.google.com
mStart Page = www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{c0e8ae32-0758-4c8d-ab71-23b361fe8964} - c:\users\berni\AppData\Local\Temp\ie_script_fwde.htm
IE: {{B4E30F61-16D9-11D3-85D1-005004229569} - {85E0B172-04FA-11D1-B7DA-00A0C90348D6} - c:\lotus\organize\bandobjs.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\berni\AppData\Roaming\Mozilla\Firefox\Profiles\vl8zykb3.default-1381137676863\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - ExtSQL: !HIDDEN! 2012-05-10 21:58; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{269D0B18-45D0-46D0-A644-2D60D928BC7F} - c:\users\berni\AppData\LocalLow\INTERN~1\bho.dll
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
HKCU-Run-ADF446DD2B8BFA6DF3442CE2A3577885A8E289DE._service_run - c:\users\berni\AppData\Local\Google\Chrome\Application\chrome.exe
HKCU-Run-ISUSPM Startup - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKLM-Run-IATSKY - c:\program files\TFD128\iatsky.exe
AddRemove-Adobe PageMaker 6.5 - c:\windows\unin0407.exe
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
AddRemove-IP Camera Viewer_is1 - c:\program files\Deskshare\IP Camera Viewer 2\unins000.exe
AddRemove-TFD128 - c:\programdata\{39CC6573-EA39-4F26-BB6D-930E0B0E969B}\Setup_TFD128.exe
AddRemove-WOW Slider_is1 - d:\daten-privat\999-internet\0-programme\wordpress-plugins\WOW Slider\unins000.exe
AddRemove-{7E8ADAF8-7E63-4E11-88BF-9E0E7513D7A5}_is1 - c:\program files\Foscam Web Components Test\unins000.exe
AddRemove-{E16CB166-3E84-484C-8F86-2634B42B5C6E} - c:\programdata\{39CC6573-EA39-4F26-BB6D-930E0B0E969B}\Setup_TFD128.exe
AddRemove-UnityWebPlayer - c:\users\berni\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4736)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\program files\FileZilla FTP Client\libstdc++-6.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
c:\windows\system32\conhost.exe
c:\lotus\organize\easyclip6.exe
c:\program files\Microsoft Office\Office14\ONENOTEM.EXE
c:\program files\Sony\Sony PC Companion\PCCompanionInfo.exe
c:\program files\AMD\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\DAZ 3D\Content Management Service\ContentManagementServer.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-02-16  15:34:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-02-16 14:34
.
Vor Suchlauf: 15 Verzeichnis(se), 920.265.351.168 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 919.465.484.288 Bytes frei
.
- - End Of File - - E1716EE3DFC91DE110B6469C42C80A51
A36C5E4F47E84449FF07ED3517B43A31

:-)

cosinus · 16.02.2015, 16:01

Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

bernizde · 16.02.2015, 16:46

Nun der Reihe nach die Logfiles:

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v4.110 - Bericht erstellt 16/02/2015 um 16:13:12
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-14.2 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x86)
# Benutzername : berni - PAPAS
# Gestarted von : C:\Users\berni\Desktop\AdwCleaner_4.110.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\SecTaskMan
Ordner Gelöscht : C:\Users\berni\AppData\Local\SecTaskMan

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v35.0 (x86 de)


*************************

AdwCleaner[R13].txt - [891 Bytes] - [16/02/2015 16:10:16]
AdwCleaner[S11].txt - [813 Bytes] - [16/02/2015 16:13:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S11].txt - [872  Bytes] ##########

Nun JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Professional x86
Ran by berni on 16.02.2015 at 16:19:49,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\berni\AppData\Roaming\mozilla\firefox\profiles\vl8zykb3.default-1381137676863\prefs.js

user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
user_pref("browser.search.searchengine.ptid", "ild");
user_pref("browser.search.searchengine.uid", "WDCXWD10EADS-00M2B0_WD-WCAV5C38346383463");
user_pref("extensions.aLPESNIOB27154074RO39491085com63317.63317.cookie.testingGaq.value", "%22hxxps%3A//extclickmedia-maynemyltf.netdna-ssl.com/Extensions/analytics.php%3Facc%
Emptied folder: C:\Users\berni\AppData\Roaming\mozilla\firefox\profiles\vl8zykb3.default-1381137676863\minidumps [59 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.02.2015 at 16:21:26,52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Von FRST:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
Ran by berni (administrator) on PAPAS on 16-02-2015 16:25:02
Running from C:\Users\berni\Desktop
Loaded Profiles: berni (Available profiles: berni & openpgsvc)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(NEC Electronics Corporation) C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Lotus Development Corporation) C:\lotus\organize\easyclip6.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
(Firebird Project) C:\Program Files\Common Files\Mondo Media\FirebirdLocal21\bin\fbguard.exe
(Robert McNeel & Associates) C:\Program Files\McNeelUpdate\5.0\McNeelUpdateService.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Firebird Project) C:\Program Files\Common Files\Mondo Media\FirebirdLocal21\bin\fbserver.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NUSB3MON] => C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113296 2010-03-30] (NEC Electronics Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9394792 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [AdobeCS4ServiceManager] => C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe_ID0ENQBO] => C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [StartCCC] => C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe [748232 2014-11-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2660644256-920559868-219131753-1000\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\berni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk
ShortcutTarget: Lotus Organizer EasyClip.lnk -> C:\lotus\organize\easyclip6.exe (Lotus Development Corporation)
Startup: C:\Users\berni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2660644256-920559868-219131753-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2660644256-920559868-219131753-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: IEHlprObj Class -> {CE7C3CF0-4B15-11D1-ABED-709549C10000} -> c:\lotus\organize\iehelper.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2660644256-920559868-219131753-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.254

FireFox:
========
FF ProfilePath: C:\Users\berni\AppData\Roaming\Mozilla\Firefox\Profiles\vl8zykb3.default-1381137676863
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @FOSCAM Web Components -> C:\Program Files\Foscam Web Components Test\npIPcam.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @IPCWebComponents -> C:\Program Files\IPCWebComponents\npIPCReg.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2660644256-920559868-219131753-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\berni\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2660644256-920559868-219131753-1000: autodesk.com/Autodesk123D -> C:\Users\berni\AppData\Roaming\Autodesk\Autodesk123D32\1.0.5\npAutodesk123D32.dll (Autodesk)
FF Plugin HKU\S-1-5-21-2660644256-920559868-219131753-1000: autodesk.com/Autodesk123DCNC -> C:\Users\berni\AppData\Local\Autodesk\123DPlugins\Autodesk 123D CNC Utility321.0.33\npAutodesk123DCNC32.dll (Autodesk)
FF Plugin HKU\S-1-5-21-2660644256-920559868-219131753-1000: autodesk.com/Autodesk123DShapes -> C:\Users\berni\AppData\Local\Autodesk\123DPlugins\Autodesk 123D Shapes321.0.97\npAutodesk123DShapes32.dll (Autodesk)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Pin It Button - C:\Users\berni\AppData\Roaming\Mozilla\Firefox\Profiles\vl8zykb3.default-1381137676863\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2014-12-11]
FF Extension: Pin It button - C:\Users\berni\AppData\Roaming\Mozilla\Firefox\Profiles\vl8zykb3.default-1381137676863\Extensions\pinterest@robertnyman.com.xpi [2014-01-11]
FF Extension: {4c52d14f-1bf9-44bc-b739-905ebf974998} - C:\Users\berni\AppData\Roaming\Mozilla\Firefox\Profiles\vl8zykb3.default-1381137676863\Extensions\{4c52d14f-1bf9-44bc-b739-905ebf974998}.xpi [2014-09-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-01-17]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-05-10]
FF HKU\S-1-5-21-2660644256-920559868-219131753-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
StartMenuInternet: FIREFOX.EXE - firefox.exe

Opera: 
=======
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera\Opera.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1423589408&from=ild&uid=WDCXWD10EADS-00M2B0_WD-WCAV5C38346383463

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [276992 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [18432 2011-05-05] () [File not signed]
R2 FirebirdGuardianMondoLocal21; C:\Program Files\Common Files\Mondo Media\FirebirdLocal21\bin\fbguard.exe [81920 2010-05-19] (Firebird Project) [File not signed]
R3 FirebirdServerMondoLocal21; C:\Program Files\Common Files\Mondo Media\FirebirdLocal21\bin\fbserver.exe [2736128 2010-05-19] (Firebird Project) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1045328 2012-10-27] (Flexera Software, Inc.)
R2 McNeelUpdate; C:\Program Files\McNeelUpdate\5.0\McNeelUpdateService.exe [67944 2014-12-01] (Robert McNeel & Associates)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 8df1bcd0; "C:\Windows\system32\rundll32.exe" "c:\Program Files\Optimizer Pro 3.38\OptProMon.dll",ENT

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\i386\AODDriver2.sys [50400 2014-02-11] (Advanced Micro Devices)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [57672 2009-10-01] (FTDI Ltd.)
R1 Kithara-Lewetz; C:\Windows\System32\Lewetz.sys [302912 2010-01-15] (Kithara Software GmbH) [File not signed]
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [35392 2012-07-26] (hxxp://libusb-win32.sourceforge.net)
R3 Mach3; C:\Windows\System32\Drivers\Mach3.sys [109344 2011-04-11] (Your Corporation) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
S3 s125bus; C:\Windows\System32\DRIVERS\s125bus.sys [83336 2007-04-24] (MCCI Corporation)
S3 s125mdfl; C:\Windows\System32\DRIVERS\s125mdfl.sys [15112 2007-04-24] (MCCI Corporation)
S3 s125mdm; C:\Windows\System32\DRIVERS\s125mdm.sys [108680 2007-04-24] (MCCI Corporation)
S3 s125mgmt; C:\Windows\System32\DRIVERS\s125mgmt.sys [100488 2007-04-24] (MCCI Corporation)
S3 s125obex; C:\Windows\System32\DRIVERS\s125obex.sys [98696 2007-04-24] (MCCI Corporation)
S3 catchme; \??\C:\Users\berni\AppData\Local\Temp\catchme.sys [X]
S3 MSICDSetup; \??\F:\CDriver.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 16:25 - 2015-02-16 16:25 - 00018267 _____ () C:\Users\berni\Desktop\FRST.txt
2015-02-16 16:22 - 2015-02-16 16:22 - 00001322 _____ () C:\Users\berni\Desktop\JRT[neu-01].txt
2015-02-16 16:18 - 2015-02-16 16:18 - 01388274 _____ (Thisisu) C:\Users\berni\Desktop\JRT.exe
2015-02-16 16:16 - 2015-02-16 16:16 - 00000952 _____ () C:\Users\berni\Desktop\AdwCleaner[neu-01].txt
2015-02-16 16:10 - 2015-02-16 16:13 - 00000000 ____D () C:\AdwCleaner
2015-02-16 16:08 - 2015-02-16 16:08 - 02112512 _____ () C:\Users\berni\Desktop\AdwCleaner_4.110.exe
2015-02-16 15:34 - 2015-02-16 15:34 - 00020831 _____ () C:\ComboFix.txt
2015-02-16 15:17 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-16 15:17 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-16 15:17 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-16 15:17 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-16 15:17 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-16 15:17 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-16 15:17 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-16 15:17 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-16 14:35 - 2015-02-16 15:35 - 00000000 ____D () C:\Qoobox
2015-02-16 14:35 - 2015-02-16 15:34 - 00000000 ____D () C:\Windows\erdnt
2015-02-16 14:23 - 2015-02-16 14:24 - 05611903 ____R (Swearware) C:\Users\berni\Desktop\ComboFix.exe
2015-02-16 12:03 - 2015-02-16 16:25 - 00000000 ____D () C:\FRST
2015-02-16 12:00 - 2015-02-16 12:00 - 01125888 _____ (Farbar) C:\Users\berni\Desktop\FRST.exe
2015-02-15 16:13 - 2015-02-15 16:13 - 00448512 _____ (OldTimer Tools) C:\Users\berni\Desktop\TFC.exe
2015-02-15 16:01 - 2015-02-15 16:01 - 00000000 ____D () C:\Program Files\ESET
2015-02-12 15:32 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 15:32 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 12:12 - 2015-02-11 12:12 - 00195371 _____ () C:\Users\berni\Downloads\FRITZ.Box 7490 113.06.23_11.02.15_1212.export
2015-02-11 11:02 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 11:02 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 11:02 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 11:02 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 11:02 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 11:02 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 11:02 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 11:02 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 11:02 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 11:02 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 11:02 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 11:02 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 11:02 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 11:01 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 11:01 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 11:01 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 11:01 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 11:01 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 11:01 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 11:01 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 11:01 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 11:01 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-11 11:01 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 11:01 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 11:01 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 11:01 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 11:01 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 11:01 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 11:01 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 11:01 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 11:01 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 11:01 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 11:01 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 11:01 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 11:01 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 11:01 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 11:01 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 11:01 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 11:01 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 11:01 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 11:01 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 11:01 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 11:01 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 11:01 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 11:01 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 11:01 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 11:01 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 11:01 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 11:01 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 11:01 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 11:01 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 11:01 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 11:01 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 11:01 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 11:01 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-02-11 11:00 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 11:00 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 11:00 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 11:00 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 11:00 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 11:00 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 11:00 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 11:00 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 11:00 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 11:00 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 10:59 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 22:38 - 2015-02-10 22:38 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2015-02-10 22:38 - 2015-02-10 22:38 - 00001149 _____ () C:\Users\Public\Desktop\Security Task Manager.lnk
2015-02-10 22:38 - 2015-02-10 22:38 - 00000000 ____D () C:\Program Files\Security Task Manager
2015-02-10 22:09 - 2015-02-10 22:09 - 00000000 ____D () C:\Windows\pss
2015-02-10 18:32 - 2015-02-15 20:18 - 00000000 ____D () C:\ProgramData\{8ad8b9bb-6923-8ea1-8ad8-8b9bb692e6ed}
2015-02-10 16:11 - 2015-02-10 16:11 - 00000000 ____D () C:\Users\berni\Documents\My Data Files
2015-02-10 16:11 - 2015-02-10 16:11 - 00000000 ____D () C:\Users\berni\AppData\Local\Wondershare
2015-02-10 16:11 - 2015-02-10 16:11 - 00000000 ____D () C:\Program Files\Common Files\Wondershare
2015-02-09 13:28 - 2015-02-09 13:28 - 02125667 _____ () C:\Users\berni\Downloads\Extruder_Base.stl
2015-02-09 13:28 - 2015-02-09 13:28 - 00768539 _____ () C:\Users\berni\Downloads\Extruder_Arm-rotated.stl
2015-02-08 23:41 - 2015-02-08 23:41 - 00530863 _____ () C:\Users\berni\Downloads\8BitHeart.stl
2015-02-08 23:18 - 2015-02-08 23:18 - 03794984 _____ () C:\Users\berni\Downloads\heartbox.stl
2015-02-07 15:15 - 2015-02-07 15:15 - 00200770 _____ () C:\Users\berni\Downloads\FRITZ.Box 7490 113.06.23_07.02.15_1515.export
2015-02-06 20:18 - 2015-02-06 20:18 - 00000567 _____ () C:\Users\berni\Downloads\FRITZ!Box_7490_113.06.23_06.02.2015_20_18-diagnose.csv
2015-02-06 18:02 - 2015-02-06 18:03 - 00000000 ____D () C:\Program Files\FRITZ!BoxPrint
2015-02-06 18:02 - 2006-05-29 01:00 - 00016384 _____ (AVM Berlin GmbH) C:\Windows\system32\avmprmon.dll
2015-02-06 17:56 - 2015-02-06 17:56 - 00000963 _____ () C:\Users\berni\Desktop\familiez-fritzbox.lnk
2015-02-06 17:30 - 2015-02-06 17:30 - 00191301 _____ () C:\Users\berni\Downloads\FRITZ.Box 7490 113.06.20_06.02.15_1730.export
2015-02-06 16:49 - 2015-02-06 16:49 - 00000796 _____ () C:\Users\berni\Downloads\FRITZ!Box_7490_113.06.20_06.02.2015_16_50-diagnose.csv
2015-02-06 15:05 - 2015-02-06 18:03 - 00002465 _____ () C:\Windows\avmadd32.log
2015-02-06 15:05 - 2015-02-06 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Box
2015-02-06 15:05 - 2015-02-06 15:05 - 00000000 ____D () C:\Program Files\FRITZ!Box
2015-02-06 15:05 - 2006-12-14 12:42 - 00069120 ____R (AVM Berlin) C:\Windows\system32\avmadd32.dll
2015-02-05 14:34 - 2015-02-05 14:35 - 01542084 _____ () C:\Users\berni\Downloads\dust_filter.STL
2015-02-04 19:32 - 2015-02-04 19:32 - 00424102 _____ () C:\Users\berni\Downloads\compact_direct_drive_extruder_base.stl
2015-02-04 19:30 - 2015-02-04 19:30 - 00163579 _____ () C:\Users\berni\Downloads\compact_direct_drive_extruder_idler.stl
2015-02-04 19:15 - 2015-02-04 19:15 - 01319284 _____ () C:\Users\berni\Downloads\dolphin_dad.stl
2015-02-04 12:54 - 2015-02-04 14:55 - 00013030 _____ () C:\PDOXUSRS.NET
2015-02-04 12:06 - 2004-11-07 17:35 - 00837392 _____ (MindFusion Limited) C:\Windows\system32\WISOFLCH.DLL
2015-02-04 12:06 - 2004-03-15 15:28 - 00607432 _____ (Software FX, Inc.) C:\Windows\system32\WISOCHFX.OCX
2015-02-04 12:06 - 2004-03-09 01:00 - 00124688 _____ (Microsoft Corporation) C:\Windows\system32\WISOWINS.OCX
2015-02-04 12:06 - 2003-10-30 17:48 - 00134144 _____ (Software FX, Inc.) C:\Windows\system32\SFXBAR.DLL
2015-02-04 12:06 - 2003-10-17 11:15 - 00229376 _____ (ComponentOne ) C:\Windows\system32\WISOPDF.OCX
2015-02-04 12:06 - 2003-10-17 11:12 - 00417792 _____ (ComponentOne) C:\Windows\system32\WISOPRNT.OCX
2015-02-04 12:06 - 2003-02-27 15:33 - 00067584 _____ (Software FX, Inc.) C:\Windows\system32\CFX4DATA.DLL
2015-02-04 12:06 - 2001-08-23 00:00 - 01355776 _____ (Microsoft Corporation) C:\Windows\system32\MSVBVM50.dll
2015-02-04 12:06 - 2000-04-25 22:40 - 00204296 _____ (Microsoft Corporation) C:\Windows\system32\WISORCHT.OCX
2015-02-04 12:06 - 1998-06-24 01:00 - 00140096 _____ (Microsoft Corporation) C:\Windows\system32\WISOCDLG.OCX
2015-02-04 12:06 - 1998-05-22 01:00 - 01059336 _____ (Microsoft Corporation) C:\Windows\system32\WISOCCTL.OCX
2015-02-04 12:06 - 1997-01-16 01:00 - 00958224 _____ (Microsoft Corporation) C:\Windows\system32\WISOCHAR.OCX
2015-02-04 12:06 - 1997-01-16 00:00 - 00200976 _____ (Microsoft) C:\Windows\system32\WISOFGRD.OCX
2015-02-04 12:06 - 1997-01-13 13:26 - 00045840 _____ (Microsoft Corporation) C:\Windows\system32\Msjint35.dll
2015-02-04 12:06 - 1996-12-21 03:15 - 01039360 _____ (Microsoft Corporation) C:\Windows\system32\Msjet35.dll
2015-02-04 12:06 - 1996-12-05 05:17 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\Odbctl32.dll
2015-02-04 12:06 - 1996-12-05 05:15 - 00403216 _____ (Microsoft Corporation) C:\Windows\system32\Msrepl35.dll
2015-02-04 12:06 - 1996-12-05 05:15 - 00251664 _____ (Microsoft Corporation) C:\Windows\system32\Msrd2x35.dll
2015-02-04 12:06 - 1996-12-05 05:15 - 00024336 _____ (Microsoft Corporation) C:\Windows\system32\Msjter35.dll
2015-02-04 12:06 - 1996-01-12 01:00 - 00200704 _____ (Sheridan Software Systems, Inc.) C:\Windows\system32\WISOTHRE.OCX
2015-02-04 12:06 - 1996-01-12 01:00 - 00052736 _____ (Outrider Systems, Inc.) C:\Windows\system32\WISOSPIN.OCX
2015-02-03 17:50 - 2015-01-24 18:13 - 07451478 _____ () C:\Program Files\jes.exe
2015-02-03 17:19 - 2015-02-03 17:19 - 00001729 _____ () C:\Users\berni\Desktop\Kassenbuch6.lnk
2015-02-03 17:19 - 2015-02-03 17:19 - 00000000 ____D () C:\Users\berni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoftwareNetz
2015-02-03 17:19 - 2015-02-03 17:19 - 00000000 ____D () C:\Softwarenetz
2015-02-03 17:19 - 2015-01-23 12:38 - 00181976 _____ (SoftwareNetz) C:\Windows\snui.exe
2015-02-03 17:19 - 2005-05-01 08:00 - 00200704 _____ (DATEV eG Nürnberg) C:\Windows\system32\SELF32.DLL
2015-02-03 17:19 - 2005-05-01 08:00 - 00020864 _____ () C:\Windows\system32\SELF32.TLB
2015-02-03 17:19 - 2005-05-01 08:00 - 00015602 _____ () C:\Windows\system32\SELF32.INI
2015-02-03 10:36 - 2015-02-03 10:36 - 00001343 _____ () C:\Windows\system32\eric.log
2015-02-03 02:33 - 2015-02-03 02:40 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2015-02-03 01:28 - 2015-02-04 15:09 - 00013861 _____ () C:\Users\berni\Documents\easyct.ini
2015-01-25 17:12 - 2015-01-25 17:12 - 00002086 _____ () C:\Users\berni\AppData\Roaming\CIUZJIT
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\berni\AppData\Roaming\OLHS
2015-01-22 17:54 - 2015-01-22 17:58 - 00000000 ____D () C:\Users\berni\AppData\Local\elfopatch
2015-01-22 10:43 - 2015-01-22 10:43 - 00002028 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-01-17 18:21 - 2015-01-17 18:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 16:22 - 2012-06-23 07:54 - 00018400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-16 16:22 - 2012-06-23 07:54 - 00018400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-16 16:18 - 2012-04-12 12:12 - 02071150 _____ () C:\Windows\WindowsUpdate.log
2015-02-16 16:14 - 2012-09-11 11:48 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-16 16:14 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-16 16:14 - 2009-07-14 05:39 - 00017149 _____ () C:\Windows\setupact.log
2015-02-16 15:34 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-02-16 15:34 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-02-16 15:30 - 2013-09-21 09:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-16 15:28 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-02-16 15:27 - 2012-04-15 10:03 - 00388530 _____ () C:\Windows\PFRO.log
2015-02-16 15:27 - 2009-07-14 03:03 - 84410368 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-02-16 15:27 - 2009-07-14 03:03 - 21495808 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-02-16 15:27 - 2009-07-14 03:03 - 01835008 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-02-16 15:27 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-02-16 15:27 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-02-16 11:04 - 2012-04-12 12:23 - 00000000 ____D () C:\Users\berni
2015-02-15 20:47 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-02-15 20:17 - 2014-09-12 09:43 - 00000000 ____D () C:\Users\berni\AppData\Roaming\Host System
2015-02-15 15:57 - 2012-04-12 12:50 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-15 15:46 - 2012-09-11 11:48 - 00000000 ____D () C:\Program Files\Google
2015-02-15 15:46 - 2012-06-28 09:23 - 00000000 ____D () C:\Users\berni\AppData\Local\Google
2015-02-15 15:27 - 2014-02-19 19:15 - 00000000 ____D () C:\Windows\Minidump
2015-02-15 15:03 - 2009-07-14 09:57 - 00000000 ____D () C:\Windows\CSC
2015-02-15 15:01 - 2012-04-12 12:23 - 00000000 ____D () C:\Recovery
2015-02-15 15:01 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-02-13 00:45 - 2012-05-29 10:31 - 00000000 ____D () C:\Users\berni\AppData\Local\Alibre Design
2015-02-13 00:01 - 2012-05-29 10:31 - 00000000 ____D () C:\Users\berni\AppData\Roaming\Alibre Design
2015-02-12 23:58 - 2012-10-26 23:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DRAGON
2015-02-12 23:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-12 22:58 - 2012-06-08 23:20 - 00000500 _____ () C:\Windows\system32\Drivers\iaxext_836.set
2015-02-12 22:58 - 2012-06-08 23:20 - 00000500 _____ () C:\Windows\system32\Drivers\dcompbg374.dat
2015-02-12 22:58 - 2012-06-08 23:20 - 00000500 _____ () C:\Windows\d_iclink327.ini
2015-02-12 22:44 - 2012-11-07 14:20 - 00000000 ____D () C:\Users\berni\AppData\Roaming\ZW3D 2012 Eng
2015-02-12 22:17 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-12 10:19 - 2009-07-14 05:33 - 02849808 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 00:53 - 2014-12-11 11:14 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 00:53 - 2014-05-01 00:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 00:53 - 2013-08-15 23:49 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 00:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-02-12 00:47 - 2012-04-15 15:53 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-12 00:46 - 2012-04-14 23:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-12 00:46 - 2009-07-14 03:04 - 00000604 _____ () C:\Windows\win.ini
2015-02-12 00:43 - 2012-05-01 00:32 - 00002173 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-12 00:43 - 2012-04-12 15:36 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-02-12 00:43 - 2012-04-12 15:35 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-11 19:01 - 2012-12-09 15:02 - 00000000 ____D () C:\Users\berni\AppData\Roaming\Autodesk
2015-02-10 22:52 - 2012-09-16 18:09 - 00001084 _____ () C:\Users\berni\Desktop\iexplore.lnk
2015-02-10 22:52 - 2012-06-22 10:07 - 00001075 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-10 22:52 - 2012-06-22 10:07 - 00001063 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-10 22:52 - 2012-04-20 14:38 - 00000989 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-02-10 22:52 - 2012-04-20 14:38 - 00000977 _____ () C:\Users\Public\Desktop\Opera.lnk
2015-02-10 22:52 - 2012-04-12 12:23 - 00001204 _____ () C:\Users\berni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-10 22:20 - 2012-05-02 09:27 - 00000000 ____D () C:\Program Files\phase5
2015-02-10 19:13 - 2012-04-14 18:40 - 00000000 ____D () C:\Program Files\Adobe
2015-02-10 18:49 - 2014-05-11 16:54 - 00000000 ____D () C:\Users\berni\Documents\Visual Studio 2010
2015-02-10 18:47 - 2012-04-12 13:26 - 00000000 ____D () C:\Users\berni\AppData\Local\Downloaded Installations
2015-02-10 10:37 - 2009-07-14 03:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-02-09 16:03 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Public\Libraries
2015-02-08 01:17 - 2012-04-12 12:20 - 01608924 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-05 09:29 - 2012-04-12 14:24 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 09:29 - 2012-04-12 14:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-04 19:02 - 2012-06-11 00:24 - 00000390 _____ () C:\Windows\wiso.ini
2015-02-04 18:45 - 2013-05-07 20:54 - 00189432 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-02-04 18:35 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-04 15:12 - 2012-06-07 23:09 - 00000082 _____ () C:\Windows\odbc_merge.INI
2015-02-04 09:21 - 2012-09-11 11:48 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-02 12:01 - 2012-04-17 10:00 - 00001901 _____ () C:\Windows\panose.bin
2015-02-02 08:19 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-31 19:11 - 2012-04-13 17:37 - 00000000 ____D () C:\Users\berni\AppData\Roaming\FileZilla
2015-01-31 18:49 - 2012-11-20 17:07 - 00002002 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2015-01-31 18:49 - 2012-11-20 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-01-31 18:49 - 2012-04-13 17:38 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2015-01-23 00:44 - 2012-04-29 11:17 - 00000000 ____D () C:\Users\berni\AppData\Roaming\MyPhoneExplorer
2015-01-22 17:58 - 2012-04-23 10:04 - 00000000 ____D () C:\Program Files\ElsterFormular
2015-01-22 17:55 - 2013-12-21 15:52 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-22 10:43 - 2015-01-16 19:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-01-22 10:43 - 2012-04-29 11:38 - 01237986 _____ () C:\Windows\DPINST.LOG
2015-01-18 10:47 - 2012-06-22 10:07 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2015-02-03 17:50 - 2015-01-24 18:13 - 7451478 _____ () C:\Program Files\jes.exe
2014-04-16 23:23 - 2014-04-15 12:58 - 0023040 _____ () C:\Program Files\processing-java.exe
2014-04-16 23:23 - 2014-04-15 12:58 - 0667136 _____ () C:\Program Files\processing.exe
2014-04-16 23:23 - 2014-04-15 12:57 - 0182855 _____ () C:\Program Files\revisions.txt
2014-09-12 00:08 - 2014-09-12 22:53 - 0001161 _____ () C:\Users\berni\AppData\Roaming\ACInitialize.log
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\berni\AppData\Roaming\CIUZJIT
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\berni\AppData\Roaming\OLHS
2014-01-07 17:22 - 2014-01-07 17:22 - 0000016 ____H () C:\Users\berni\AppData\Local\citpt.dat
2012-08-10 23:02 - 2012-08-10 23:02 - 0000004 _____ () C:\Users\berni\AppData\Local\pcdit.dat
2013-02-18 23:53 - 2013-02-19 00:24 - 0000012 _____ () C:\ProgramData\.glInit02.dat
2014-12-15 19:24 - 2014-12-15 19:24 - 0005054 _____ () C:\ProgramData\eqkupahe.bft
2012-05-10 20:54 - 2012-11-22 18:07 - 0001175 _____ () C:\ProgramData\hpzinstall.log
2012-05-25 22:46 - 2012-05-25 22:46 - 0000036 _____ () C:\ProgramData\InstallAlibre.config
2013-12-12 12:22 - 2013-12-12 12:22 - 0005084 _____ () C:\ProgramData\yotmwslu.srw

Files to move or delete:
====================
C:\ProgramData\.glInit02.dat


Some content of TEMP:
====================
C:\Users\berni\AppData\Local\temp\Quarantine.exe
C:\Users\berni\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-15 20:37

==================== End Of Log ============================

--- --- ---

--- --- ---

... und last but noch least Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-02-2015
Ran by berni at 2015-02-16 16:26:11
Running from C:\Users\berni\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

123D Design R1.6 (HKLM\...\123D Design) (Version: 1.6.41 - Autodesk, Inc.)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
8000A809 (Version: 140.0.000.000 - Hewlett-Packard) Hidden
8000A809_eDocs (Version: 140.0.000.000 - Hewlett-Packard) Hidden
8000A809_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Design Standard (HKLM\...\Adobe_1e3ba55b33b1e8227645fb9c82acca3) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alibre Design (HKLM\...\{127D8270-7240-4427-BCD5-F7409CB63F40}) (Version: 14.0.4.14056 - Alibre, Inc.)
AMD Catalyst Install Manager (HKLM\...\{DE7D695C-2EC7-AFDF-F786-6E938DE83175}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Antenna (HKLM\...\Antenna) (Version: 4.81.0.593 - by Stormdance)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arduino (HKLM\...\Arduino) (Version: 1.0.5-r2 - Arduino LLC)
Artisteer 4 (HKLM\...\Artisteer 4) (Version: 4.1 - Extensoft)
Aspire 3.0 (HKLM\...\Aspire) (Version: 3.0 - Vectric)
Autodesk 123D 32 Bit (HKLM\...\{ED02E3F5-2E0E-4FD8-9FE9-185194B66A5C}) (Version: 1.0.5 - Autodesk)
Autodesk 123D Catch (HKLM\...\{413A0A2B-D154-4457-833F-3299DB3183FF}) (Version: 1.0.654 - Autodesk)
Autodesk 123D Make 1.6.0 (HKLM\...\{88FF8A21-F198-43DF-A5D9-80009EB620A8}) (Version: 1.60.0000 - Autodesk)
Autodesk Material Library 2013 (HKLM\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.14 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.14 - Autodesk)
Avanquest update (HKLM\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.31 - Avanquest Software)
AVM FRITZ!Box Dokumentation (HKLM\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
BPDSoftware (Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
Bryce 7.1 (HKLM\...\Bryce 7.1 7.1.0.74) (Version: 7.1.0.74 - DAZ 3D)
BufferChm (Version: 140.0.213.000 - Hewlett-Packard) Hidden
CamBam plus 0.9.8 (HKLM\...\{1512CC8C-3392-4496-B883-DD37FB246586}) (Version: 0.9.9006 - HexRay Ltd)
Carrara  8.5 (HKLM\...\Carrara  8.5 8.5.0.243) (Version: 8.5.0.243 - DAZ 3D)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Corel Graphics - Windows Shell Extension (HKLM\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - BR (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - DE (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - EN (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - ES (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Extra Content (HKLM\...\_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}) (Version:  - Corel Corporation)
CorelDRAW Graphics Suite X5 - Extra Content (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FR (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IT (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - NL (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Premium Fonts (Version: 1.00.0000 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X5 (HKLM\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation)
CR2 Converter (HKLM\...\{775F32A5-7BA0-4717-89D0-32B3EC25B2C9}_is1) (Version:  - cr2converter.com)
Cut3D 1.025 (HKLM\...\Cut3D) (Version: 1.025 - Vectric Limited)
DAZ Content Management Service (HKLM\...\DAZ Content Management Service 4.8.1.7) (Version: 4.8.1.7 - DAZ 3D)
DAZ Install Manager (HKLM\...\DAZ Install Manager 1.0.1.108) (Version: 1.0.1.108 - DAZ 3D)
DAZ Studio 4.5 (HKLM\...\DAZ Studio 4.5 4.5.1.56) (Version: 4.5.1.56 - DAZ 3D)
DeviceDiscovery (Version: 140.0.213.000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
ElsterFormular (HKLM\...\ElsterFormular 13.2.0.8623k) (Version: 16.0.15910 - Landesfinanzdirektion Thüringen)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Estlcam (HKLM\...\Estlcam) (Version:  - )
FileZilla Client 3.10.1 (HKLM\...\FileZilla Client) (Version: 3.10.1 - Tim Kosse)
Firebird 2.1.3 (HKLM\...\Lokaler Firebird-Server_is1) (Version:  - )
Firefly (HKLM\...\{E4B24A8D-49F7-4247-98A6-CE48C6EB8B40}) (Version: 1.0.68 - Andrew Payne)
Flip 3.4.7 (HKLM\...\flip.exe) (Version: 3.4.7 - Atmel)
Ghostscript GPL 8.64 (Msi Setup) (HKLM\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (Version: 8.64 - Corel Corporation) Hidden
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
Hotfix für Microsoft Visual Basic 2010 Express - DEU (KB2635973) (HKLM\...\{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}.KB2635973) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Designjet 3D Software Solution 1.1 (HKLM\...\{3100A54E-7256-4D77-96B6-F51E910425F4}) (Version: 1.1 - Hewlett-Packard)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet Pro 8000 A809 Series (HKLM\...\{A9E695CB-A6AA-4B4C-9754-BA3CFF1C3B00}) (Version: 14.0 - HP)
HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 140.0.212.000 - Hewlett-Packard) Hidden
IIS 7.5 Express (HKLM\...\{100A46D7-2CA2-4E8A-9D2F-A5D9E66AB228}) (Version: 7.5.1190 - Microsoft Corporation)
IPCWebComponents 3.0.0.1 (HKLM\...\{4740E1B2-51CF-4083-8976-D6B3B5A5064F}_is1) (Version: 3.0.0.1 - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
ISO Recorder (HKLM\...\{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}) (Version: 3.0.0 - Alex Feinman)
Java 8 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)
Java SE Development Kit 8 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180000}) (Version: 8.0.0 - Oracle Corporation)
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Lewetz Real-time Driver (HKLM\...\Lewetz Real-time Driver) (Version:  - )
Lotus Organizer 6.0 (HKLM\...\Organizer V99.1) (Version:  - )
MarketResearch (Version: 140.0.214.000 - Hewlett-Packard) Hidden
MeshLab 1.3.3 (HKLM\...\MeshLab) (Version: 1.3.3 - Paolo Cignoni, Guido Ranzuglia VCG - ISTI - CNR)
Meshmixer (HKLM\...\Meshmixer_x86) (Version:  - )
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{A106D33E-6B43-42C0-9BFC-D03303261FA7}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU  (HKLM\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU  (HKLM\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - DEU (HKLM\...\Microsoft Visual Basic 2010 Express - DEU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (HKLM\...\{76DAEC83-AF7B-333C-8A53-83D7C7D39199}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 de) (HKLM\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MSI Afterburner 4.0.0 (HKLM\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
myPrintMileage (Officejet Pro 8000 A809) (HKLM\...\{366584A4-1D35-49B2-97B3-C803DDFCC543}) (Version: 1.00.0000 - Hewlett-Packard)
NEC Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.20.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.20.0 - NEC Electronics Corporation) Hidden
netfabb Basic (HKLM\...\netfabb_51) (Version:  - netfabb GmbH)
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Opera 12.12 (HKLM\...\Opera 12.12.1707) (Version: 12.12.1707 - Opera Software ASA)
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
PDF-XChange Lite 2012 (HKLM\...\{25CFCE3C-5C95-49CB-B63A-E2861E6C0C98}_is1) (Version: 5.0.260.0 - Tracker Software Products Ltd)
Phase 5 HTML-Editor (HKLM\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
PRGrep (HKLM\...\PRGrep) (Version:  - )
ProductContext (Version: 140.0.000.000 - Hewlett-Packard) Hidden
Punch! Shark FX v7 (HKLM\...\Punch! Shark FX v7) (Version:  - Punch Software, LLC)
Punch! Shark FX v7 SP1 (HKLM\...\Punch! Shark FX v7 SP1) (Version:  - Punch Software, LLC)
Python 2.7.6 (HKLM\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E2}) (Version: 2.7.6150 - Python Software Foundation)
Python 3.4.0 (HKLM\...\{a37f2d73-72d1-364d-ba5d-cea430bcc040}) (Version: 3.4.150 - Python Software Foundation)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6151 - Realtek Semiconductor Corp.)
Repetier-Host Version 1.0.6 (HKLM\...\{1143F758-929B-4EEB-8784-46CCB622F037}_is1) (Version: 1.0.6 - repetier)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Rhinoceros 5 (HKLM\...\{697E9620-BEFE-4F0A-866F-743E78ED9840}) (Version: 5.10.41201.11145 - Robert McNeel & Associates)
Rhinoceros 5 Help Media (HKLM\...\{C16F10E2-C495-4A90-9397-D16FB3AA2D38}) (Version: 5.6.31022.17415 - Robert McNeel & Associates)
Rhinoceros 5 Language Pack Installer (de-DE) (HKLM\...\{166FB860-0D9A-4B63-934D-EBEFDB4F99FD}) (Version: 5.6.31022.17415 - Robert McNeel & Associates)
Security Task Manager 2.0d (HKLM\...\Security Task Manager) (Version: 2.0d - Neuber Software)
Serif WebPlus X7 (HKLM\...\{8DAD16D4-733D-4F62-8A36-0B0FB2F72084}) (Version: 15.0.4.38 - Serif (Europe) Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SmartWebPrinting (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Softwarenetz Kassenbuch6 (HKLM\...\Kassenbuch6) (Version:  - Softwarenetz)
SolutionCenter (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Sony PC Companion 2.10.245 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.245 - Sony)
Status (Version: 140.0.256.000 - Hewlett-Packard) Hidden
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
SyncToy 2.1 (x86) (HKLM\...\{A066194B-DC8F-449A-8E0F-B57BDD3A2072}) (Version: 2.1.0 - Microsoft)
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Vectric Shell Extensions 1.2 (HKLM\...\VectricThumbnailShellExt) (Version:  - Vectric)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation)
WebPlus Content: Home Improvement & Services Collection 2 (HKLM\...\{E4168A35-5F5F-4FB3-A91C-0327FDA1C622}) (Version: 1.2.0.027 - Serif (Europe) Ltd)
WebReg (Version: 140.0.213.017 - Hewlett-Packard) Hidden
WinAVR 20100110 (remove only) (HKLM\...\WinAVR-20100110) (Version: 20100110 - )
Windows 7 Upgrade Advisor (HKLM\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Arduino LLC (www.arduino.cc) Arduino Boards (01/01/2013 1.0.0.0) (HKLM\...\27F112693ABDF0F56F902294F4BF6B9EE3B8C6D0) (Version: 01/01/2013 1.0.0.0 - Arduino LLC (www.arduino.cc))
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinHTTrack Website Copier 3.48-19 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.19 - HTTrack)
WinMerge 2.14.0 (HKLM\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinRAR 4.11 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
ZW3D 2012  (Version: 3.2.12.1018 - ZWCAD Software Co.,Ltd) Hidden
ZW3D 2012 Eng (HKLM\...\{F5E849B9-17EB-4c12-9B48-D18227426E43}) (Version: 3.2.12.1018 - ZWCAD Software Co.,Ltd)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{02629f4c-5f38-5c7d-8484-6a0ddcc77346}\InprocServer32 -> C:\Users\berni\AppData\Local\Autodesk\123DPlugins\Autodesk 123D CNC Utility321.0.33\npAutodesk123DCNC32.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{030B4A80-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{030B4A81-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{030B4A82-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\berni\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{047466F1-82AE-455A-AFC4-D3AC463FBF6B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{1F6F8D20-1B7D-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{21D93911-CB0F-11D0-84AC-00A0C90DC8A9}\InprocServer32 -> C:\Windows\system32\msdbrptr.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{21D93913-CB0F-11D0-84AC-00A0C90DC8A9}\InprocServer32 -> C:\Windows\system32\msdbrptr.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{2B11E9B0-9F09-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\Windows\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\berni\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\berni\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{59245250-7A2F-11D0-9482-00A0C91110ED}\InprocServer32 -> C:\Windows\system32\msbind.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{6262D3A0-531B-11CF-91F6-C2863C385E30}\InprocServer32 -> C:\Windows\System32\WISOFGRD.OCX (Microsoft)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\berni\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\berni\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{642AC766-AAB4-11D0-8494-00A0C90DC8A9}\InprocServer32 -> C:\Windows\system32\msdbrptr.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{699DDBCC-DC7E-11D0-BCF7-00C04FC2FB86}\InprocServer32 -> C:\Windows\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\berni\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{6D835690-900B-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\Windows\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{6FBA474B-43AC-11CE-9A0E-00AA0062BB4C}\InprocServer32 -> C:\Windows\system32\sysinfo.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{78E93847-85FD-11D0-8487-00A0C90DC8A9}\InprocServer32 -> C:\Windows\system32\msdbrptr.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{7EBDAAE0-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{7EBDAAE1-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{7EBDAAE2-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\berni\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{99FF4677-FFC3-11D0-BD02-00C04FC2FB86}\InprocServer32 -> C:\Windows\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\berni\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\berni\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{a81fca08-3174-5e87-a5b2-b1ce197b9def}\InprocServer32 -> C:\Users\berni\AppData\Local\Autodesk\123DPlugins\Autodesk 123D Shapes321.0.97\npAutodesk123DShapes32.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{BBE548D2-26F3-5890-AB5A-7D2B05E689AB}\InprocServer32 -> C:\Users\berni\AppData\Roaming\Autodesk\Autodesk123D32\1.0.5\npAutodesk123D32.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\berni\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\System32\WISOCDLG.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\berni\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2660644256-920559868-219131753-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\berni\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

15-02-2015 15:39:53 Revo Uninstaller Pro's restore point - Auslogics Registry Cleaner
15-02-2015 15:44:31 Revo Uninstaller Pro's restore point - Recuva
15-02-2015 15:45:25 Revo Uninstaller Pro's restore point - Google Chrome
15-02-2015 15:46:54 Revo Uninstaller Pro's restore point - Wondershare Data Recovery(Build 4.7.0.5)
15-02-2015 15:47:54 Revo Uninstaller Pro's restore point - iSpy
15-02-2015 15:48:10 Removed iSpy
15-02-2015 15:50:00 Revo Uninstaller Pro's restore point - Raptr
15-02-2015 15:53:30 Revo Uninstaller Pro's restore point - Fine Woodworking Archive 2011
15-02-2015 15:56:14 Removed Fine Woodworking Archive 2011
15-02-2015 19:00:15 Windows-Sicherung
15-02-2015 23:10:06 Revo Uninstaller Pro's restore point - Moment of Inspiration 3.0 trial
15-02-2015 23:11:54 Revo Uninstaller Pro's restore point - Kitsi (1. Quartal 2015)       
15-02-2015 23:17:23 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2015-02-16 15:28 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05E1719B-5D25-49F4-BA41-43395A193EDB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-08-28] (Google Inc.)
Task: {12553AFF-8F72-4D66-95D2-49FCFA97489F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {12EAB35A-9DF9-49FE-B2D0-B8F58EC63A19} - System32\Tasks\{49969818-84B0-4C7E-A79C-77E81596DD42} => Firefox.exe 
Task: {172122A8-2744-4297-806B-F4B6C27EF667} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {1E37A730-B6EE-4E62-A674-3CE779777FD6} - System32\Tasks\{245388A0-3C67-4A5F-91A0-BC41A2F4E602} => pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller"
Task: {37694151-03C6-4F6E-BE48-841A3CDAED55} - System32\Tasks\{9C739D16-D16C-48E6-A463-C15702619639} => pcalua.exe -a F:\Install\setup.exe -d F:\Install
Task: {3E17172E-BE4E-4673-806D-683A641FB3E2} - System32\Tasks\{006A7BC6-2600-4DDA-A83C-1F4E9B9EC3D1} => pcalua.exe -a C:\WORKNC98\exe\msw\setup.exe -d C:\WORKNC98\exe\msw
Task: {42C825CB-CADB-49D0-B1DB-3497DEA0D470} - System32\Tasks\{099029B4-04E6-4A1D-A902-C555BBCA99B7} => pcalua.exe -a F:\start.exe -d F:\
Task: {5445DAA5-21BE-436F-8CB3-5DD1C6EAA1AF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-08-28] (Google Inc.)
Task: {5FF075F4-EEBE-4EA0-9293-375C2FA4E626} - System32\Tasks\{6743562F-CF73-4546-9C4C-61CFB2677AB0} => pcalua.exe -a D:\daten-privat\bilder-projekte-texte\3d-print\eigener-drucker-bauplaene\RRD_RUMBA_TAURINO_DriverSetup.exe -d D:\daten-privat\bilder-projekte-texte\3d-print\eigener-drucker-bauplaene
Task: {67A92368-986C-4E9A-BACA-B43C993CAF2E} - System32\Tasks\{55BAB9F0-3CD7-40E1-952B-1607723A9AB0} => pcalua.exe -a D:\daten-privat\bilder-projekte\VBA64-KB822150-X86-DEU.exe -d D:\daten-privat\bilder-projekte
Task: {740E1B44-534C-4AAC-A29B-5CB9B428FB21} - System32\Tasks\{C4495108-F060-46ED-9999-4273B867EB8E} => pcalua.exe -a C:\Users\berni\Downloads\VisualCAD-V64-MILL-V91-2012-32Bit-23102012-DEU-DEA-DES.exe -d C:\Users\berni\Downloads
Task: {75241E65-F5E4-4D64-938D-10C8FC54C522} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {76272DF1-8125-436F-A1D0-BF2FDFD2395A} - System32\Tasks\{31E79945-072D-4002-A5DD-FE79EE3E21BB} => pcalua.exe -a "C:\Users\berni\Documents\downloads\complete\Daz3d-Poser-Michael-5-Pro-Bundle.rar\Daz3d Poser Michael 5 Pro Bundle.exe" -d C:\Users\berni\Documents\downloads\complete\Daz3d-Poser-Michael-5-Pro-Bundle.rar
Task: {767187DF-5F7B-4604-8DA2-9B21507D7B1D} - System32\Tasks\{C2D14B9F-3C3C-43CE-83D9-B543954604CC} => Firefox.exe 
Task: {919867C3-F88C-40D1-8344-349253A3A947} - System32\Tasks\{05DBE462-58AF-4B9C-ABA6-629D61E6A34A} => pcalua.exe -a F:\Driver\Setup_Afterburner.exe -d F:\Driver
Task: {C0D8C52A-7B72-4B2F-A7C7-AFB967DBADF2} - System32\Tasks\{7E15388F-5D63-4EB1-B31B-7AB7C87BE947} => pcalua.exe -a "C:\Program Files\WISE Software Solutions\VisualCAM 16.1\Program\VisualCAM.exe" -d "C:\Program Files\WISE Software Solutions\VisualCAM 16.1\Program\"
Task: {EE65E70E-9F51-409A-B0D3-8E105C297482} - System32\Tasks\{4BE8A077-F0F9-488A-9DF0-6B646DDB1668} => pcalua.exe -a C:\Windows\system32\GKSUI20.EXE -c C:\WinPC-NC Economy Demo\UninstallF72F.DAT

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-11-29 15:51 - 2009-02-27 15:39 - 00019968 _____ () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.deu
2014-11-29 15:51 - 2009-02-27 15:32 - 00020480 _____ () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
2015-01-16 19:17 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
2015-01-16 19:17 - 2014-12-04 14:18 - 00241152 _____ () C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files\Sony\Sony PC Companion\Report.dll
2015-01-16 19:17 - 2013-05-20 11:58 - 00620718 _____ () C:\Program Files\Sony\Sony PC Companion\sqlite3.dll
2015-01-16 19:17 - 2010-01-11 15:44 - 00053248 _____ () C:\Program Files\Sony\Sony PC Companion\VObject.dll
2014-11-21 12:31 - 2014-11-21 12:31 - 00663040 _____ () C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll
2015-01-16 19:17 - 2014-06-23 08:07 - 00113376 _____ () C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
2014-11-20 21:22 - 2014-11-20 21:22 - 00095744 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-01-01 13:05 - 2011-05-05 21:36 - 00018432 _____ () C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
2014-01-01 13:05 - 2011-05-05 21:36 - 01221120 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace.dll
2014-01-01 13:05 - 2011-05-05 21:36 - 00791040 _____ () C:\Program Files\DAZ 3D\Content Management Service\VServer_x86.dll
2014-01-01 13:05 - 2011-05-05 21:36 - 00838656 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace_ssl.dll
2014-01-01 13:05 - 2011-05-05 21:36 - 00129536 _____ () C:\Program Files\DAZ 3D\Content Management Service\asnmp.dll
2015-01-31 14:53 - 2015-01-31 14:53 - 00039200 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00091648 _____ () C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00892416 _____ () C:\Program Files\FileZilla FTP Client\libstdc++-6.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2012-04-15 14:21 - 2012-02-17 19:55 - 00166912 _____ () C:\Program Files\WinRAR\rarext.dll
2015-01-17 18:21 - 2015-01-17 18:21 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2015-02-05 09:29 - 2015-02-05 09:29 - 16852144 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2660644256-920559868-219131753-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\berni\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^berni^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OPTISetup.lnk => C:\Windows\pss\OPTISetup.lnk.Startup

==================== Accounts: =============================

Administrator (S-1-5-21-2660644256-920559868-219131753-500 - Administrator - Disabled)
berni (S-1-5-21-2660644256-920559868-219131753-1000 - Administrator - Enabled) => C:\Users\berni
Gast (S-1-5-21-2660644256-920559868-219131753-501 - Limited - Enabled)
openpgsvc (S-1-5-21-2660644256-920559868-219131753-1005 - Limited - Enabled) => C:\Users\openpgsvc

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8000 A809
Description: Officejet Pro 8000 A809
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X4 925 Processor
Percentage of memory in use: 32%
Total physical RAM: 3327.11 MB
Available physical RAM: 2245.61 MB
Total Pagefile: 6652.52 MB
Available Pagefile: 5517.03 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.86 MB

==================== Drives ================================

Drive c: (papas-system) (Fixed) (Total:931.51 GB) (Free:856.46 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (papas-daten) (Fixed) (Total:931.51 GB) (Free:713.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: EE5BEE5B)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: EE5BEE5C)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus · 16.02.2015, 17:36

FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2660644256-920559868-219131753-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera\Opera.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1423589408&from=ild&uid=WDCXWD10EADS-00M2B0_WD-WCAV5C38346383463
S2 8df1bcd0; "C:\Windows\system32\rundll32.exe" "c:\Program Files\Optimizer Pro 3.38\OptProMon.dll",ENT
c:\Program Files\Optimizer Pro 3.38
C:\ProgramData\.glInit02.dat
C:\ProgramData\.glInit02.dat
C:\ProgramData\eqkupahe.bft
C:\ProgramData\yotmwslu.srw
C:\Users\berni\AppData\Roaming\CIUZJIT
C:\Users\berni\AppData\Roaming\OLHS
C:\Users\berni\AppData\Local\citpt.dat
C:\Users\berni\AppData\Local\pcdit.dat
C:\Program Files\jes.exe
C:\Program Files\processing-java.exe
C:\Program Files\processing.exe
C:\Program Files\revisions.txt
C:\Users\berni\AppData\Roaming\CIUZJIT
C:\Users\berni\AppData\Roaming\OLHS
C:\ProgramData\{8ad8b9bb-6923-8ea1-8ad8-8b9bb692e6ed}
EmptyTemp:
Hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

bernizde · 16.02.2015, 17:53

Fixlauf ging glatt durch...

Hier das Ergebnis:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-02-2015
Ran by berni at 2015-02-16 17:44:52 Run:1
Running from C:\Users\berni\Desktop
Loaded Profiles: berni (Available profiles: berni & openpgsvc)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2660644256-920559868-219131753-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera\Opera.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1423589408&from=ild&uid=WDCXWD10EADS-00M2B0_WD-WCAV5C38346383463
S2 8df1bcd0; "C:\Windows\system32\rundll32.exe" "c:\Program Files\Optimizer Pro 3.38\OptProMon.dll",ENT
c:\Program Files\Optimizer Pro 3.38
C:\ProgramData\.glInit02.dat
C:\ProgramData\.glInit02.dat
C:\ProgramData\eqkupahe.bft
C:\ProgramData\yotmwslu.srw
C:\Users\berni\AppData\Roaming\CIUZJIT
C:\Users\berni\AppData\Roaming\OLHS
C:\Users\berni\AppData\Local\citpt.dat
C:\Users\berni\AppData\Local\pcdit.dat
C:\Program Files\jes.exe
C:\Program Files\processing-java.exe
C:\Program Files\processing.exe
C:\Program Files\revisions.txt
C:\Users\berni\AppData\Roaming\CIUZJIT
C:\Users\berni\AppData\Roaming\OLHS
C:\ProgramData\{8ad8b9bb-6923-8ea1-8ad8-8b9bb692e6ed}
EmptyTemp:
Hosts:
*****************

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-2660644256-920559868-219131753-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\Opera\shell\open\command\\Default => Value was restored successfully.
8df1bcd0 => Service deleted successfully.
"c:\Program Files\Optimizer Pro 3.38" => File/Directory not found.
C:\ProgramData\.glInit02.dat => Moved successfully.
"C:\ProgramData\.glInit02.dat" => File/Directory not found.
C:\ProgramData\eqkupahe.bft => Moved successfully.
C:\ProgramData\yotmwslu.srw => Moved successfully.
C:\Users\berni\AppData\Roaming\CIUZJIT => Moved successfully.
C:\Users\berni\AppData\Roaming\OLHS => Moved successfully.
C:\Users\berni\AppData\Local\citpt.dat => Moved successfully.
C:\Users\berni\AppData\Local\pcdit.dat => Moved successfully.
C:\Program Files\jes.exe => Moved successfully.
C:\Program Files\processing-java.exe => Moved successfully.
C:\Program Files\processing.exe => Moved successfully.
C:\Program Files\revisions.txt => Moved successfully.
"C:\Users\berni\AppData\Roaming\CIUZJIT" => File/Directory not found.
"C:\Users\berni\AppData\Roaming\OLHS" => File/Directory not found.
C:\ProgramData\{8ad8b9bb-6923-8ea1-8ad8-8b9bb692e6ed} => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 145.1 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 17:44:57 ====

cosinus · 17.02.2015, 10:53

Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

bernizde · 17.02.2015, 22:06

Hallo Cosinus -
ich wollte mich einfach mal für dein bisheriges Engagament bedanken!

Zum aktuellen Stand:
ESET ist ca. 3Std. am Laufen und hat 30% geschafft.
Kann mit den Logfiles also noch ein Weilchen dauern...

So - geschafft :-)

hier die Ergebnisse von MBBAM

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 17.02.2015
Suchlauf-Zeit: 13:07:15
Logdatei: mbbam-01.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.17.07
Rootkit Datenbank: v2015.02.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: berni

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 345001
Verstrichene Zeit: 12 Min, 37 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Warnen

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 1
Trojan.FakeAV.AI, C:\Users\berni\Desktop\AdwCleaner_4.110.exe, In Quarantäne, [3bd7021892f8112596e99d868b7707f9], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

Nun das File vom richtig lange gelaufenen ESET

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=097c1df55a565e428c966d807d28aa27
# engine=22482
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-02-15 07:17:57
# local_time=2015-02-15 08:17:57 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 329677 118209081 0 0
# scanned=609587
# found=6
# cleaned=4
# scan_time=11544
sh=5902814743CE0C6EC619967150893D7550E30DFE ft=1 fh=3d2b4843632f5413 vn="Variante von Win32/OptimizerEliteMax.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\{8ad8b9bb-6923-8ea1-8ad8-8b9bb692e6ed}\OPTISetup.exe"
sh=A00730AF3C06D6972D3F5DF328D721937DD1D566 ft=1 fh=082638f20d6ad23f vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Users\berni\Downloads\moi_v3_trial_setup.exe"
sh=16A9F50D9E0ED205CFF4474BD99E2900FEB16F19 ft=1 fh=50427314871b5fda vn="Variante von Win32/Adware.Synatix.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\berni\AppData\Roaming\Security Systems\uninstall.exe.vir"
sh=6B05B504C7D82297D1E969AF383B0EE8E501A068 ft=1 fh=ce34f8838b055d38 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files\MoI 3.0 trial\moi_lib.dll"
sh=5902814743CE0C6EC619967150893D7550E30DFE ft=1 fh=3d2b4843632f5413 vn="Variante von Win32/OptimizerEliteMax.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\{8ad8b9bb-6923-8ea1-8ad8-8b9bb692e6ed}\OPTISetup.exe"
sh=52C62112EBE6C00644D6A5C3A1DA1D4124BB31A7 ft=1 fh=6d95cedaba666fcd vn="Variante von Win32/Adware.Synatix.A Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart) - in Quarantäne kopiert)" ac=C fn="C:\Users\berni\AppData\Roaming\Host System\host.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=097c1df55a565e428c966d807d28aa27
# engine=22512
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-17 12:38:41
# local_time=2015-02-17 01:38:41 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 478521 118357925 0 0
# scanned=761
# found=0
# cleaned=0
# scan_time=49
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=097c1df55a565e428c966d807d28aa27
# engine=22512
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-17 08:38:02
# local_time=2015-02-17 09:38:02 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 510882 118386686 0 0
# scanned=604196
# found=8
# cleaned=0
# scan_time=28484
sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\berni\AppData\Roaming\CIUZJIT.xBAD"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\berni\AppData\Roaming\OLHS.xBAD"
sh=BAEA20991374D8298364A6C28036097DEC4E737B ft=1 fh=6acedf7fdd6bc5ca vn="Win32/Toolbar.SearchSuite.Y evtl. unerwünschte Anwendung" ac=I fn="D:\daten-privat\programme\iMeshV12.exe"
sh=DA5455CE1CCC08125E61E7FAA05C34CE30F2F06B ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="D:\PAPAS\Backup Set 2015-01-25 190002\Backup Files 2015-02-08 190001\Backup files 6.zip"
sh=C984D6B7B782379D4E94D33B8608A29A19055169 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="D:\PAPAS\Backup Set 2015-02-13 005817\Backup Files 2015-02-13 005817\Backup files 15.zip"
sh=F260CB9BCFEB1145ACF066EA9AE3A3F4F5A584A5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="D:\PAPAS\Backup Set 2015-02-13 005817\Backup Files 2015-02-13 005817\Backup files 3.zip"
sh=128A3454E69DC5145C51FD136115F311CF5FED1F ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="D:\PAPAS\Backup Set 2015-02-15 190002\Backup Files 2015-02-15 190002\Backup files 10.zip"
sh=92A3586C0419D5B984BEC4DDB9D38E8F8521376F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="D:\PAPAS\Backup Set 2015-02-15 190002\Backup Files 2015-02-15 190002\Backup files 3.zip"

Scheint aus meiner laienhaften Sicht, als wären die Macken mit in die Windows-Sicherungen übernommen worden... was ja im Grunde auch kein Wunder ist.

cosinus · 18.02.2015, 09:52

FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

D:\daten-privat\programme\iMeshV12.exe
EmptyTemp:
Hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

bernizde · 18.02.2015, 10:14

Moin, Cosinus -

das ging diesmal fix ;-) mit dem Fixlog:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-02-2015
Ran by berni at 2015-02-18 10:01:19 Run:2
Running from C:\Users\berni\Desktop
Loaded Profiles: berni (Available profiles: berni & openpgsvc)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
D:\daten-privat\programme\iMeshV12.exe
EmptyTemp:
Hosts:
*****************

D:\daten-privat\programme\iMeshV12.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 85.4 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 10:01:51 ====

16.02.2015, 13:09	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Eset findet Adware.Synatix.A, OptimizerEliteMax.C, Packed.Themida. Im Taskmanager ist 8df1bcd0 Ist das ein gewerblich gentuztes System? Wenn ja, bitte lesen => http://www.trojaner-board.de/108422-...-anfragen.html __________________ Logfiles bitte immer in CODE-Tags posten

Eset findet Adware.Synatix.A, OptimizerEliteMax.C, Packed.Themida. Im Taskmanager ist 8df1bcd0

Plagegeister aller Art und deren Bekämpfung: Eset findet Adware.Synatix.A, OptimizerEliteMax.C, Packed.Themida. Im Taskmanager ist 8df1bcd0