Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Versteckte Treiber - Speicherveränderung - OTL Report (https://www.trojaner-board.de/153723-versteckte-treiber-speicherveraenderung-otl-report.html)

tett 11.05.2014 23:45
Versteckte Treiber - Speicherveränderung - OTL Report
 
Hallo.

ich habe von antivir free immer diverse versteckte Objekte und einen versteckten Treiber nach einem Scan angezeigt bekommen. Meine Recherche ergab, dass in vielen Beiträgen gesagt wurde, das läge an Programmen wie CloneDrive etc. oder sogar an Windows selbst. Ich habe alle genannten möglichen "Bösewichter" deinstalliert, aber die versteckten Objekte/Treiber wurden immer noch angezeigt. Malwarebytes und Spybot haben nichts gefunden. Es ließ mir jedoch keine Ruhe, die Ursache herauszufinden. Also Antivir gelöscht und bitdefender scannen lassen, Ergebnis - keine Funde. Wem soll ich denn nun trauen? Also habe ich nach Lesen dieser Anleitung von Euch --> (http://www.trojaner-board.de/127353-...itycenter.html) <-- den defogger, aswMBR.exe und den TDSS-Killer prüfen lassen, Ergebnis - keine Befunde. Ist also Antivir zu "blöd" oder zu gut??? Daher habe ich dann einen OTL-Scan gemacht und würde mich freuen, wenn ich diesen hier bewerten lassen könnte, DANKE! :dankeschoen:
Tett
============================================================OTL Logfile:
Code:
OTL logfile created on: 12.05.2014 00:05:43 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = E:\Daten\Programme\Defogger
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 3,43 Gb Available Physical Memory | 43,44% Memory free
15,79 Gb Paging File | 12,00 Gb Available in Paging File | 75,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 35,04 Gb Free Space | 29,39% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 7,12 Gb Free Space | 36,47% Space Free | Partition Type: NTFS
Drive E: | 679,00 Gb Total Space | 415,96 Gb Free Space | 61,26% Space Free | Partition Type: NTFS
 
Computer Name: XPS17-SSD | User Name: Ralf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014.05.11 23:58:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Daten\Programme\Defogger\OTL.exe
PRC - [2014.05.11 23:20:43 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014.03.19 00:04:16 | 000,614,232 | ---- | M] (Bitdefender) -- C:\Programme\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
PRC - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.06.19 23:13:16 | 002,445,304 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013.06.19 22:41:38 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2013.06.18 03:34:34 | 000,054,160 | ---- | M] (Check Point Software Technologies, Ltd.) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
PRC - [2013.04.08 18:44:12 | 001,320,496 | ---- | M] (pdfforge GmbH) -- C:\Program Files (x86)\PDF Architect\HelperService.exe
PRC - [2013.04.08 18:43:36 | 000,799,280 | ---- | M] (pdfforge GmbH) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe
PRC - [2012.12.21 14:48:10 | 000,699,680 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2011.11.04 05:19:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.11.03 13:24:06 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.10.18 11:50:10 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011.10.18 11:50:04 | 001,354,064 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011.10.18 11:49:52 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011.10.18 11:49:48 | 000,846,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
PRC - [2011.09.16 14:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011.09.16 08:32:54 | 001,869,192 | ---- | M] (IBM Corp) -- C:\Program Files (x86)\IBM\Lotus\Notes\nlnotes.exe
PRC - [2011.09.16 08:31:34 | 000,189,832 | ---- | M] (IBM Corp) -- C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe
PRC - [2011.09.16 08:28:56 | 000,016,776 | ---- | M] (IBM Corp) -- C:\Program Files (x86)\IBM\Lotus\Notes\ntaskldr.EXE
PRC - [2011.09.16 08:28:26 | 004,453,768 | ---- | M] (IBM) -- C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe
PRC - [2011.01.12 18:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.01.12 18:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.12.20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.05.21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014.05.11 23:20:43 | 003,839,088 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014.03.15 00:05:14 | 000,204,280 | ---- | M] () -- C:\Programme\Bitdefender\Bitdefender\antispam32\txmlutil.dll
MOD - [2014.02.18 14:14:22 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\a99f3a56bbedaa90734d2132d00016ec\IAStorUtil.ni.dll
MOD - [2014.02.18 14:14:22 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\921a4977671bce1f2f553e9adcdb06ee\IAStorCommon.ni.dll
MOD - [2014.02.18 12:10:35 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014.02.18 12:10:18 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014.02.18 12:10:12 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014.02.18 12:10:03 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014.02.18 12:10:00 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014.02.18 12:09:57 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014.02.18 12:09:56 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014.02.18 12:09:52 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2011.11.03 13:23:54 | 000,266,560 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011.10.10 17:32:32 | 000,122,925 | ---- | M] () -- C:\Program Files (x86)\IBM\Lotus\Notes\mui\de\nimuires.dll.mui
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014.03.24 19:39:27 | 001,523,728 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender\vsserv.exe -- (VSSERV)
SRV:64bit: - [2014.03.06 10:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013.10.07 11:33:30 | 000,067,320 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2010.04.14 15:56:23 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxebcoms.exe -- (lxeb_device)
SRV:64bit: - [2010.04.14 15:56:13 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService)
SRV - [2014.05.11 23:21:31 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.05.11 23:20:43 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.11.21 18:41:50 | 000,077,632 | ---- | M] (Bitdefender) [Disabled | Stopped] -- C:\Programme\Bitdefender\Bitdefender\bdparentalservice.exe -- (BdDesktopParental)
SRV - [2013.06.19 23:13:16 | 002,445,304 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2013.06.18 03:34:34 | 000,054,160 | ---- | M] (Check Point Software Technologies, Ltd.) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService)
SRV - [2013.06.13 21:31:10 | 000,357,144 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2013.04.08 18:44:12 | 001,320,496 | ---- | M] (pdfforge GmbH) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2013.04.08 18:43:36 | 000,799,280 | ---- | M] (pdfforge GmbH) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2012.12.21 14:48:10 | 000,699,680 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate)
SRV - [2011.11.04 05:19:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.11.03 13:24:06 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.11.01 13:37:56 | 001,518,352 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2011.11.01 13:25:42 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2011.11.01 13:22:28 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2011.10.20 18:33:22 | 000,135,440 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV - [2011.10.19 14:25:00 | 000,661,504 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2011.10.18 11:50:10 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011.10.18 11:50:04 | 001,354,064 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011.10.18 11:49:52 | 000,936,272 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011.09.16 08:31:34 | 000,189,832 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe -- (LNSUSvc)
SRV - [2011.09.16 08:28:26 | 004,453,768 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe -- (Lotus Notes Diagnostics)
SRV - [2011.01.12 18:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.12.20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.11.29 15:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2010.08.19 17:43:23 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Programme\Cyberlink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV - [2010.04.14 15:56:13 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService)
SRV - [2010.04.14 15:56:01 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxebcoms.exe -- (lxeb_device)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.12.18 18:16:44 | 000,140,560 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2013.12.02 11:58:48 | 000,635,392 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2013.12.02 11:56:50 | 000,893,440 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2013.11.04 15:47:36 | 000,082,824 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (BDSandBox)
DRV:64bit: - [2013.08.23 12:48:49 | 000,150,256 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\gzflt.sys -- (gzflt)
DRV:64bit: - [2013.08.07 12:46:28 | 000,389,240 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2013.07.24 17:02:55 | 000,034,816 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2013.06.13 16:34:16 | 000,451,096 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2013.05.23 08:12:56 | 000,040,728 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2013.05.23 08:12:52 | 000,059,160 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2013.05.23 08:12:50 | 000,076,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013.03.04 14:24:27 | 000,040,344 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2013.02.18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013.02.12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012.11.02 13:17:46 | 000,261,056 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
DRV:64bit: - [2012.09.20 15:18:34 | 000,632,616 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mod7700.sys -- (mod7700)
DRV:64bit: - [2012.09.20 15:18:34 | 000,025,000 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\modrc.sys -- (MODRC)
DRV:64bit: - [2012.07.12 23:28:21 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012.04.18 15:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.09 19:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011.11.15 01:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011.11.04 05:19:00 | 000,249,152 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt)
DRV:64bit: - [2011.11.04 05:19:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.10.31 15:57:50 | 008,615,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.10.19 14:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011.10.19 14:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.09.13 16:14:44 | 000,212,992 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.09.13 16:14:42 | 000,095,744 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.08.29 16:32:18 | 000,053,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011.08.25 21:09:20 | 000,390,704 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.08.23 21:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.07.19 14:39:56 | 012,287,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.05.19 01:17:02 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)
DRV:64bit: - [2011.05.17 09:27:52 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011.05.17 09:27:50 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.11 23:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2011.01.12 17:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.12.13 09:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010.11.29 15:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.08.20 11:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010.07.02 03:46:56 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013.07.02 13:04:11 | 000,121,928 | ---- | M] (Bitdefender SRL) [Kernel | On_Demand | Stopped] -- C:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys -- (bdfwfpf_pc)
DRV - [2013.02.22 18:46:52 | 000,093,600 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV - [2011.11.14 19:16:37 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7B45d8ff86-d909-11db-9705-005056c00008%7D:1.2.0
FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.5.1
FF - prefs.js..extensions.enabledAddons: %7B0b457cAA-602d-484a-8fe7-c1d894a011ba%7D:0.98.54
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.23
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.5.2: C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.5.2: C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Ralf\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll ( )
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER\BDTBEXT [2014.03.27 19:25:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.10.19 12:19:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014.01.09 13:18:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ffpwdman@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\ [2014.03.27 19:26:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014.05.11 23:20:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014.03.27 19:25:33 | 000,000,000 | ---D | M]
 
[2012.05.07 23:34:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\Extensions
[2014.05.10 15:18:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\Firefox\Profiles\e1ioerkw.default-1390571404132\extensions
[2014.05.04 07:59:45 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Ralf\AppData\Roaming\mozilla\Firefox\Profiles\e1ioerkw.default-1390571404132\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2014.05.02 07:56:19 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Ralf\AppData\Roaming\mozilla\Firefox\Profiles\e1ioerkw.default-1390571404132\extensions\https-everywhere@eff.org
[2014.05.10 15:18:56 | 000,011,641 | ---- | M] () (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\firefox\profiles\e1ioerkw.default-1390571404132\extensions\jid1-JcGokIiQyjoBAQ@jetpack.xpi
[2014.04.24 22:54:15 | 000,061,649 | ---- | M] () (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\firefox\profiles\e1ioerkw.default-1390571404132\extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi
[2014.05.10 09:16:51 | 000,538,139 | ---- | M] () (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\firefox\profiles\e1ioerkw.default-1390571404132\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014.05.01 11:39:22 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\firefox\profiles\e1ioerkw.default-1390571404132\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014.05.11 23:20:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014.05.11 23:20:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: phonostar Detector (Enabled) = C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
CHR - Extension: Google Drive = C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\
CHR - Extension: Adblock Plus = C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.1_0\
CHR - Extension: Google-Suche = C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Logitech Smooth Scrolling = C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.60.170_0\
CHR - Extension: Gmail offline = C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.20_0\
CHR - Extension: Google Wallet = C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Google Mail = C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Bitdefender-Geldbörse) - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Programme\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre8\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Bitdefender-Geldbörse) - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Programme\Bitdefender\Bitdefender\antispam32\pmbxie.dll (Bitdefender)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender\bdagent.exe (Bitdefender)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [Logitech SetPointp] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Bitdefender-Geldbörse] C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe (Bitdefender)
O4 - HKCU..\Run: [Bitdefender-Geldbörse-Agent] C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe (Bitdefender)
O4 - HKCU..\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe (Bitdefender)
O4 - HKCU..\Run: [KeePass Password Safe 2] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 11.5.2)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 11.5.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB357461-BF1A-4CD8-84C3-AADC48F2BD2B}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.04.30 23:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{946b192f-96c5-11e1-b05f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{946b192f-96c5-11e1-b05f-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autoRcd.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.05.11 23:56:47 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Roaming\smkits
[2014.05.11 23:20:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014.05.11 19:36:58 | 000,076,944 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\bdvedisk.sys
[2014.05.11 19:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender
[2014.05.11 19:27:42 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2014.05.11 19:27:40 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\capicom.dll
[2014.05.11 19:27:40 | 000,093,600 | ---- | C] (BitDefender LLC) -- C:\Windows\SysNative\drivers\BdfNdisf6.sys
[2014.05.11 19:27:40 | 000,082,824 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\drivers\bdsandbox.sys
[2014.05.11 19:27:40 | 000,074,512 | ---- | C] (BitDefender SRL) -- C:\Windows\SysWow64\bdsandboxuiskin32.dll
[2014.05.11 19:27:39 | 000,893,440 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys
[2014.05.11 19:27:39 | 000,635,392 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys
[2014.05.11 19:27:39 | 000,261,056 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys
[2014.05.11 19:25:14 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Roaming\Bitdefender
[2014.05.11 19:24:32 | 000,150,256 | ---- | C] (BitDefender LLC) -- C:\Windows\SysNative\drivers\gzflt.sys
[2014.05.11 19:24:32 | 000,084,848 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\BDSandBoxUISkin.dll
[2014.05.11 19:24:32 | 000,074,512 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\bdsandboxuiskin32.dll
[2014.05.11 19:24:32 | 000,034,384 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\BDSandBoxUH.dll
[2014.05.11 19:24:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2014.05.11 19:24:31 | 000,389,240 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys
[2014.05.11 19:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2014.05.11 19:23:52 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Roaming\QuickScan
[2014.05.11 16:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2014.05.10 17:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
[2014.05.10 17:54:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2014.05.10 13:34:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014.05.10 13:34:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014.05.04 15:41:27 | 000,000,000 | ---D | C] -- C:\Users\Ralf\Desktop\!Udis-HH
[2014.05.02 11:33:49 | 000,000,000 | ---D | C] -- C:\Users\Ralf\Desktop\HH
[2014.05.01 18:52:16 | 000,000,000 | ---D | C] -- C:\Users\Ralf\Desktop\Udis Recherche
[2014.04.22 10:50:53 | 000,000,000 | -HSD | C] -- C:\Users\Ralf\AppData\Local\EmieUserList
[2014.04.22 10:50:53 | 000,000,000 | -HSD | C] -- C:\Users\Ralf\AppData\Local\EmieSiteList
[2014.04.22 03:01:40 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Roaming\Wireshark
[2014.04.22 02:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2014.04.21 14:16:20 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Local\KeePass
[2014.04.21 12:27:43 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Roaming\KeePass
[2014.04.21 12:27:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeePass Password Safe 2
[2014.04.17 15:55:18 | 000,000,000 | ---D | C] -- C:\Users\Ralf\Desktop\UDIS
[2014.04.16 08:55:38 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.04.16 08:55:37 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.04.16 08:55:36 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014.04.16 08:55:34 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.04.16 08:55:34 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014.04.16 08:55:34 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.04.16 08:55:34 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.04.16 08:55:33 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.04.16 08:55:33 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014.04.16 08:55:33 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014.04.16 08:55:33 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.04.16 08:55:32 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.04.16 08:55:32 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.04.16 08:55:32 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.04.16 08:55:32 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.04.16 08:55:32 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.04.16 08:55:32 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.04.16 08:55:32 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.04.16 08:55:32 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014.04.16 08:55:30 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014.04.16 08:55:30 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.04.16 08:55:30 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.04.16 08:55:30 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.04.16 08:55:30 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.04.16 08:55:30 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.04.16 08:55:30 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.04.16 08:55:29 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.04.16 08:55:28 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.04.16 08:55:27 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.04.14 22:32:57 | 000,000,000 | ---D | C] -- C:\Users\Ralf\Desktop\konzept
[2014.04.14 08:19:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2014.04.14 08:19:06 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Local\Citrix
[2014.04.12 21:44:40 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Local\Garmin
[2014.04.12 21:44:38 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Local\GARMIN_Corp
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014.05.11 23:58:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.05.11 23:31:00 | 000,000,536 | ---- | M] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-2292069608-270782581-2939998704-1000.job
[2014.05.11 23:21:31 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.05.11 23:21:31 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014.05.11 23:16:25 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.05.11 22:12:27 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.05.11 22:11:43 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.05.11 22:11:43 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.05.11 22:08:44 | 001,557,784 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.05.11 22:08:44 | 000,677,036 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.05.11 22:08:44 | 000,634,072 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.05.11 22:08:44 | 000,140,176 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.05.11 22:08:44 | 000,113,966 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.05.11 22:04:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.05.11 22:04:20 | 2064,252,927 | -HS- | M] () -- C:\hiberfil.sys
[2014.05.11 21:51:23 | 000,000,020 | ---- | M] () -- C:\Users\Ralf\defogger_reenable
[2014.05.11 20:07:45 | 000,000,686 | -H-- | M] () -- C:\bdr-cf01
[2014.05.11 19:36:58 | 000,076,944 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\bdvedisk.sys
[2014.05.11 19:36:57 | 000,074,512 | ---- | M] (BitDefender SRL) -- C:\Windows\SysNative\bdsandboxuiskin32.dll
[2014.05.11 19:28:52 | 000,510,070 | ---- | M] () -- C:\ProgramData\1399829032.bdinstall.bin
[2014.05.11 19:28:12 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml
[2014.05.11 19:27:48 | 000,253,404 | -H-- | M] () -- C:\bdr-ld01
[2014.05.11 19:27:48 | 000,009,216 | -H-- | M] () -- C:\bdr-ld01.mbr
[2014.05.11 19:27:44 | 000,002,193 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk
[2014.05.11 19:27:44 | 000,002,074 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Internet Security.lnk
[2014.05.11 19:27:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2014.05.11 19:21:15 | 000,002,021 | ---- | M] () -- C:\Windows\wininit.ini
[2014.05.10 17:54:47 | 000,001,257 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2014.05.10 13:34:32 | 000,313,256 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2014.05.10 13:34:32 | 000,191,400 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2014.05.10 13:34:32 | 000,190,888 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2014.05.10 13:34:32 | 000,111,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2014.05.10 12:37:26 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2014.05.10 08:17:11 | 000,002,049 | ---- | M] () -- C:\Users\Public\Desktop\Google Slides.lnk
[2014.05.10 08:17:11 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\Google Sheets.lnk
[2014.05.10 08:17:11 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\Google Docs.lnk
[2014.04.30 16:37:13 | 000,000,910 | ---- | M] () -- C:\Windows\wiso.ini
[2014.04.29 07:25:01 | 000,163,199 | ---- | M] () -- C:\Users\Ralf\Desktop\Monterra-Montana-Vergleich.pdf
[2014.04.24 08:29:06 | 000,001,191 | ---- | M] () -- C:\Users\Ralf\Desktop\BaseCamp.lnk
[2014.04.22 02:59:19 | 000,001,565 | ---- | M] () -- C:\Users\Public\Desktop\Wireshark.lnk
[2014.04.21 12:27:11 | 000,001,112 | ---- | M] () -- C:\Users\Ralf\Desktop\KeePass 2.lnk
[2014.04.13 00:26:45 | 000,007,604 | ---- | M] () -- C:\Users\Ralf\AppData\Local\Resmon.ResmonCfg
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014.05.11 21:51:23 | 000,000,020 | ---- | C] () -- C:\Users\Ralf\defogger_reenable
[2014.05.11 19:28:52 | 000,510,070 | ---- | C] () -- C:\ProgramData\1399829032.bdinstall.bin
[2014.05.11 19:28:12 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml
[2014.05.11 19:27:48 | 000,000,686 | -H-- | C] () -- C:\bdr-cf01
[2014.05.11 19:27:44 | 000,002,193 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk
[2014.05.11 19:27:44 | 000,002,074 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Internet Security.lnk
[2014.05.11 19:27:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2014.05.11 19:25:11 | 003,271,472 | -H-- | C] () -- C:\bdr-bz01
[2014.05.11 19:25:11 | 000,009,216 | -H-- | C] () -- C:\bdr-ld01.mbr
[2014.05.11 19:25:10 | 046,879,860 | -H-- | C] () -- C:\bdr-im01.gz
[2014.05.11 19:25:10 | 000,253,404 | -H-- | C] () -- C:\bdr-ld01
[2014.05.10 17:54:47 | 000,001,257 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2014.04.24 08:29:06 | 000,001,191 | ---- | C] () -- C:\Users\Ralf\Desktop\BaseCamp.lnk
[2014.04.21 12:27:11 | 000,001,112 | ---- | C] () -- C:\Users\Ralf\Desktop\KeePass 2.lnk
[2014.04.14 08:19:16 | 000,000,536 | ---- | C] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-2292069608-270782581-2939998704-1000.job
[2014.04.13 00:26:45 | 000,007,604 | ---- | C] () -- C:\Users\Ralf\AppData\Local\Resmon.ResmonCfg
[[2014.01.08 04:32:34 | 000,001,680 | ---- | C] () -- C:\Windows\SysWow64\excltmp~.dat
[2014.01.08 04:32:29 | 000,000,124 | ---- | C] () -- C:\Windows\SysWow64\ctlsw.ini
[2014.01.08 04:32:29 | 000,000,041 | ---- | C] () -- C:\Windows\SysWow64\SWCTL.DLL
[2013.11.17 02:32:18 | 000,000,131 | ---- | C] () -- C:\Windows\bfe_prog.ini
[2013.11.16 23:58:29 | 000,000,037 | -HS- | C] () -- C:\Users\Ralf\AppData\Local\70149b02515b3bb20dd492.47983420
[2013.10.10 12:07:14 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.09.13 18:44:53 | 000,003,584 | ---- | C] () -- C:\Users\Ralf\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.08.27 13:51:59 | 000,002,021 | ---- | C] () -- C:\Windows\wininit.ini
[2013.02.09 22:41:04 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2013.02.09 22:41:04 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2013.02.09 22:41:04 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2013.02.09 22:41:04 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2013.02.09 22:41:04 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2013.02.09 22:41:04 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2013.02.09 22:41:04 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2013.02.09 22:41:04 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2013.02.09 22:41:04 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2013.02.09 22:41:04 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2013.02.09 22:41:04 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2013.02.09 22:41:04 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2013.02.09 22:41:04 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2013.02.09 22:41:04 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2013.02.09 22:41:04 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2013.02.09 22:41:04 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2013.02.09 22:41:04 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2013.02.09 22:41:04 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2013.02.09 22:41:04 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012.12.28 11:59:29 | 000,000,218 | ---- | C] () -- C:\Users\Ralf\.recently-used.xbel
[2012.10.29 11:12:13 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebserv.dll
[2012.10.29 11:12:13 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebusb1.dll
[2012.10.29 11:12:13 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebpmui.dll
[2012.10.29 11:12:13 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebinpa.dll
[2012.10.29 11:12:13 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxebcomx.dll
[2012.10.29 11:12:13 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebiesc.dll
[2012.10.29 11:12:13 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXEBinst.dll
[2012.10.29 11:12:13 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxebins.dll
[2012.10.29 11:12:13 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxebinsb.dll
[2012.10.29 11:12:13 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxebcu.dll
[2012.10.29 11:12:13 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxebinsr.dll
[2012.10.29 11:12:13 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxebcub.dll
[2012.10.29 11:12:13 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxebjswr.dll
[2012.10.29 11:12:13 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxebcur.dll
[2012.10.29 11:12:12 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcomc.dll
[2012.10.29 11:12:12 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebhbn3.dll
[2012.10.29 11:12:12 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcoms.exe
[2012.10.29 11:12:12 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeblmpm.dll
[2012.10.29 11:12:12 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcfg.exe
[2012.10.29 11:12:12 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcomm.dll
[2012.10.29 11:12:12 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebih.exe
[2012.10.29 11:11:45 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEBsm.dll
[2012.10.29 11:11:45 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEBsmr.dll
[2012.07.13 01:41:41 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012.05.07 22:45:57 | 000,054,140 | ---- | C] () -- C:\Users\Ralf\install.xml
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2013.09.13 09:24:14 | 097,443,711 | ---- | M] ()(C:\Windows\SysWow64\???¤) -- C:\Windows\SysWow64\႕⫠轜¤
[2013.09.12 19:07:55 | 097,443,711 | ---- | C] ()(C:\Windows\SysWow64\???¤) -- C:\Windows\SysWow64\႕⫠轜¤

< End of report >
--- --- ---

schrauber 12.05.2014 06:52
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


tett 12.05.2014 08:27
Hi Schrauber, vielen Dank für die schnelle Antwort.
Anbei die logs und :dankeschoen:
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01
Ran by Ralf (administrator) on XPS17-SSD on 12-05-2014 09:17:32
Running from C:\Users\Ralf\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe
(IBM) C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe
( ) C:\Windows\System32\lxebcoms.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL$BSI\Binn\sqlservr.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo64.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818856 2011-08-25] (Synaptics Incorporated)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-11-01] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10357008 2011-10-18] (Intel Corporation)
HKLM\...\Run: [NVHotkey] => C:\Windows\system32\nvHotkey.dll [540992 2011-11-04] (NVIDIA Corporation)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [4146848 2011-08-29] (Dell Inc.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1742064 2014-03-25] (Bitdefender)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-06-19] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl)
HKLM-x32\...\Run: [Logitech SetPointp] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [567888 2014-03-19] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1001536 2014-03-15] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614232 2014-03-19] (Bitdefender)
HKU\S-1-5-21-2292069608-270782581-2939998704-1000\...\Run: [KeePass Password Safe 2] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl)
HKU\S-1-5-21-2292069608-270782581-2939998704-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2292069608-270782581-2939998704-1000\...\Policies\system: [DisableClock] 0
HKU\S-1-5-21-2292069608-270782581-2939998704-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2292069608-270782581-2939998704-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2292069608-270782581-2939998704-1000\...\MountPoints2: {946b192f-96c5-11e1-b05f-806e6f6e6963} - D:\autoRcd.exe
IFEO: [Debugger] logonui.exe
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk
ShortcutTarget: Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk
ShortcutTarget: Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk
ShortcutTarget: Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
BHO: Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\e1ioerkw.default-1390571404132
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Ralf\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @phonostar.de/phonostar - C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll ( )
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: HTTPS-Everywhere - C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\e1ioerkw.default-1390571404132\Extensions\https-everywhere@eff.org [2014-05-02]
FF Extension: FireShot - C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\e1ioerkw.default-1390571404132\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-05-04]
FF Extension: NO Google Analytics - C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\e1ioerkw.default-1390571404132\Extensions\jid1-JcGokIiQyjoBAQ@jetpack.xpi [2014-05-10]
FF Extension: Cookie Monster - C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\e1ioerkw.default-1390571404132\Extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi [2014-04-24]
FF Extension: NoScript - C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\e1ioerkw.default-1390571404132\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-24]
FF Extension: Adblock Plus - C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\e1ioerkw.default-1390571404132\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-24]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-05-11]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-10-19]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-01-09]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\ []
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-05-11]

Chrome:
=======
CHR HomePage:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (phonostar Detector) - C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll ( )
CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
CHR Extension: (Google Drive) - C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-12]
CHR Extension: (YouTube) - C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-03]
CHR Extension: (Adblock Plus) - C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-08]
CHR Extension: (Google-Suche) - C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-03]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-01-09]
CHR Extension: (backgroundPage) - C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-02-08]
CHR Extension: (Google Wallet) - C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-09]
CHR Extension: (Google Mail) - C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-03]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Ralf\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-02-08]
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-05-11]

==================== Services (Whitelisted) =================

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2013-11-21] (Bitdefender)
R2 LNSUSvc; C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe [189832 2011-09-16] (IBM Corp)
R2 Lotus Notes Diagnostics; C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe [4453768 2011-09-16] (IBM)
S2 lxebCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxeb_device; C:\Windows\system32\lxebcoms.exe [1052328 2010-04-14] ( )
R2 lxeb_device; C:\Windows\SysWOW64\lxebcoms.exe [598696 2010-04-14] ( )
R2 MSSQL$BSI; C:\Program Files (x86)\Microsoft SQL Server\MSSQL$BSI\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-11-01] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 RichVideo64; C:\Program Files\Cyberlink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
S3 SQLAgent$BSI; C:\Program Files (x86)\Microsoft SQL Server\MSSQL$BSI\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation)
R2 StarMoney 8.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2013-10-07] (Bitdefender)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445304 2013-06-19] (Check Point Software Technologies LTD)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1523728 2014-03-24] (Bitdefender)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [54160 2013-06-18] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2013-12-02] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2013-12-02] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-02-22] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [632616 2012-09-20] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [25000 2012-09-20] (DiBcom S.A.)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [249152 2011-11-04] (NVIDIA Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2012-07-12] (Duplex Secure Ltd.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-08-07] (BitDefender S.R.L.)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [113936 2013-12-18] (Oracle Corporation)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [451096 2013-06-13] (Check Point Software Technologies LTD)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-12 09:17 - 2014-05-12 09:17 - 00024481 _____ () C:\Users\Ralf\Desktop\FRST.txt
2014-05-12 09:17 - 2014-05-12 09:17 - 00000000 ____D () C:\FRST
2014-05-12 08:45 - 2014-05-12 08:45 - 02066944 _____ (Farbar) C:\Users\Ralf\Desktop\FRST64.exe
2014-05-12 08:26 - 2014-05-12 08:26 - 00000056 _____ () C:\Windows\setupact.log
2014-05-12 08:26 - 2014-05-12 08:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-12 02:34 - 2014-05-12 03:05 - 00000481 _____ () C:\Windows\system32\checkdnsid.xml
2014-05-11 23:20 - 2014-05-11 23:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-11 22:44 - 2014-05-11 22:44 - 00002346 _____ () C:\Users\Ralf\Desktop\aswMBR.txt
2014-05-11 21:51 - 2014-05-11 21:51 - 00000020 _____ () C:\Users\Ralf\defogger_reenable
2014-05-11 21:42 - 2014-05-11 21:42 - 00000385 _____ () C:\Users\Ralf\AppData\Roaminguser_gensett.xml
2014-05-11 19:36 - 2014-05-11 19:36 - 00076944 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2014-05-11 19:28 - 2014-05-11 19:28 - 00510070 _____ () C:\ProgramData\1399829032.bdinstall.bin
2014-05-11 19:28 - 2014-05-11 19:28 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2014-05-11 19:27 - 2014-05-11 20:07 - 00000686 ____H () C:\bdr-cf01
2014-05-11 19:27 - 2014-05-11 19:27 - 00002193 _____ () C:\Users\Public\Desktop\Bitdefender Safepay.lnk
2014-05-11 19:27 - 2014-05-11 19:27 - 00002074 _____ () C:\Users\Public\Desktop\Bitdefender Internet Security.lnk
2014-05-11 19:27 - 2014-05-11 19:27 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-05-11 19:27 - 2014-05-11 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender
2014-05-11 19:27 - 2014-05-11 19:27 - 00000000 ____D () C:\ProgramData\BDLogging
2014-05-11 19:27 - 2013-12-02 11:58 - 00635392 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2014-05-11 19:27 - 2013-12-02 11:56 - 00893440 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2014-05-11 19:27 - 2013-11-04 15:47 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2014-05-11 19:27 - 2013-11-04 15:47 - 00074512 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll
2014-05-11 19:27 - 2013-02-22 18:46 - 00093600 _____ (BitDefender LLC) C:\Windows\system32\Drivers\BdfNdisf6.sys
2014-05-11 19:27 - 2012-11-02 13:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-05-11 19:27 - 2007-04-11 10:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2014-05-11 19:25 - 2014-05-11 19:27 - 00253404 ____H () C:\bdr-ld01
2014-05-11 19:25 - 2014-05-11 19:27 - 00009216 ____H () C:\bdr-ld01.mbr
2014-05-11 19:25 - 2014-05-11 19:25 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\Bitdefender
2014-05-11 19:25 - 2013-09-24 15:38 - 46879860 ____H () C:\bdr-im01.gz
2014-05-11 19:25 - 2013-08-13 12:38 - 03271472 ____H () C:\bdr-bz01
2014-05-11 19:24 - 2014-05-11 19:36 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2014-05-11 19:24 - 2014-05-11 19:28 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-05-11 19:24 - 2014-05-11 19:24 - 00000000 ____D () C:\Program Files\Bitdefender
2014-05-11 19:24 - 2013-11-04 15:47 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUISkin.dll
2014-05-11 19:24 - 2013-11-04 15:46 - 00034384 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUH.dll
2014-05-11 19:24 - 2013-08-23 12:48 - 00150256 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2014-05-11 19:24 - 2013-08-07 12:46 - 00389240 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-05-11 19:23 - 2014-05-11 19:23 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\QuickScan
2014-05-11 19:15 - 2014-05-11 19:15 - 00000186 _____ () C:\Users\Ralf\Desktop\bitdefnder.txt
2014-05-11 16:39 - 2014-05-11 19:24 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-05-10 17:54 - 2014-05-10 17:54 - 00001257 _____ () C:\Users\Public\Desktop\Virtual CloneDrive.lnk
2014-05-10 17:54 - 2014-05-10 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2014-05-10 17:54 - 2014-05-10 17:54 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-05-10 16:14 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-10 16:14 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-10 16:14 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-10 16:14 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-10 13:34 - 2014-05-10 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-10 08:17 - 2014-05-10 08:17 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-05-10 08:17 - 2014-05-10 08:17 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-05-04 15:41 - 2014-05-04 16:04 - 00000000 ____D () C:\Users\Ralf\Desktop\!Udis-HH
2014-05-02 11:33 - 2014-05-04 07:51 - 00000000 ____D () C:\Users\Ralf\Desktop\HH
2014-05-01 18:52 - 2014-05-04 15:07 - 00000000 ____D () C:\Users\Ralf\Desktop\Udis Recherche
2014-04-29 10:27 - 2014-04-29 10:27 - 00008355 _____ () C:\Users\Ralf\Desktop\UDIS-IHV.xlsx
2014-04-28 00:06 - 2014-04-28 00:03 - 00002187 _____ () C:\Users\Ralf\Desktop\WISO Steuer-Sparbuch 2014.lnk
2014-04-24 08:29 - 2014-04-24 08:29 - 00001191 _____ () C:\Users\Ralf\Desktop\BaseCamp.lnk
2014-04-22 10:50 - 2014-04-22 10:50 - 00000000 __SHD () C:\Users\Ralf\AppData\Local\EmieUserList
2014-04-22 10:50 - 2014-04-22 10:50 - 00000000 __SHD () C:\Users\Ralf\AppData\Local\EmieSiteList
2014-04-22 03:28 - 2014-04-22 03:28 - 02787006 _____ () C:\Users\Ralf\Downloads\fritzbox-vcc16_22.04.14_0327.eth
2014-04-22 03:01 - 2014-04-22 03:01 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\Wireshark
2014-04-22 02:59 - 2014-04-22 02:59 - 00001565 _____ () C:\Users\Public\Desktop\Wireshark.lnk
2014-04-22 02:59 - 2014-04-22 02:59 - 00000000 ____D () C:\Program Files\Wireshark
2014-04-22 02:55 - 2014-04-22 02:56 - 27997568 _____ (Wireshark development team) C:\Users\Ralf\Downloads\Wireshark-win64-1.10.6.exe
2014-04-21 14:16 - 2014-04-21 15:50 - 00000000 ____D () C:\Users\Ralf\AppData\Local\KeePass
2014-04-21 12:27 - 2014-05-12 03:16 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\KeePass
2014-04-21 12:27 - 2014-04-21 15:45 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2014-04-21 12:27 - 2014-04-21 12:27 - 00001124 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2014-04-21 12:27 - 2014-04-21 12:27 - 00001112 _____ () C:\Users\Ralf\Desktop\KeePass 2.lnk
2014-04-17 15:55 - 2014-04-17 15:55 - 00000000 ____D () C:\Users\Ralf\Desktop\UDIS
2014-04-16 08:55 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-16 08:55 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-16 08:55 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-16 08:55 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-16 08:55 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-16 08:55 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-16 08:55 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-16 08:55 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-16 08:55 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-16 08:55 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-16 08:55 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-16 08:55 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-16 08:55 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-16 08:55 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-16 08:55 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-16 08:55 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-16 08:55 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-16 08:55 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-16 08:55 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-16 08:55 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-16 08:55 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-16 08:55 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-16 08:55 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-16 08:55 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-16 08:55 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-16 08:55 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-16 08:55 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-16 08:55 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-16 08:55 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-16 08:55 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-16 08:55 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-16 08:55 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-16 08:55 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-16 08:55 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-16 08:55 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-16 08:55 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-16 08:55 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-16 08:55 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-16 08:55 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-16 08:55 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-16 08:55 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-16 08:55 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-16 08:55 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-16 08:55 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-14 22:32 - 2014-04-14 22:46 - 00000000 ____D () C:\Users\Ralf\Desktop\konzept
2014-04-14 17:09 - 2014-04-14 17:09 - 00001263 _____ () C:\Users\Ralf\Desktop\1.txt
2014-04-14 08:19 - 2014-05-12 08:31 - 00000536 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2292069608-270782581-2939998704-1000.job
2014-04-14 08:19 - 2014-04-14 12:05 - 00000000 ____D () C:\Users\Ralf\AppData\Local\Citrix
2014-04-14 08:19 - 2014-04-14 08:19 - 00003566 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2292069608-270782581-2939998704-1000
2014-04-14 08:19 - 2014-04-14 08:19 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-04-13 00:26 - 2014-05-12 03:15 - 00007606 _____ () C:\Users\Ralf\AppData\Local\Resmon.ResmonCfg
2014-04-12 22:03 - 2014-04-12 22:03 - 00012991 _____ () C:\Users\Ralf\Desktop\JDownloader2.exe - Verknüpfung.lnk
2014-04-12 21:44 - 2014-04-13 11:47 - 00000000 ____D () C:\Users\Ralf\AppData\Local\Garmin
2014-04-12 21:44 - 2014-04-12 21:44 - 00000000 ____D () C:\Users\Ralf\AppData\Local\GARMIN_Corp

==================== One Month Modified Files and Folders =======

2014-05-12 09:17 - 2014-05-12 09:17 - 00024481 _____ () C:\Users\Ralf\Desktop\FRST.txt
2014-05-12 09:17 - 2014-05-12 09:17 - 00000000 ____D () C:\FRST
2014-05-12 09:16 - 2012-10-03 20:05 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-12 08:58 - 2012-07-12 23:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-12 08:45 - 2014-05-12 08:45 - 02066944 _____ (Farbar) C:\Users\Ralf\Desktop\FRST64.exe
2014-05-12 08:33 - 2013-02-23 14:11 - 01056566 _____ () C:\Windows\WindowsUpdate.log
2014-05-12 08:33 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-12 08:33 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-12 08:32 - 2012-10-03 20:05 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-12 08:31 - 2014-04-14 08:19 - 00000536 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2292069608-270782581-2939998704-1000.job
2014-05-12 08:30 - 2012-05-06 03:16 - 00677036 _____ () C:\Windows\system32\perfh007.dat
2014-05-12 08:30 - 2012-05-06 03:16 - 00140176 _____ () C:\Windows\system32\perfc007.dat
2014-05-12 08:30 - 2009-07-14 07:13 - 01557784 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-12 08:26 - 2014-05-12 08:26 - 00000056 _____ () C:\Windows\setupact.log
2014-05-12 08:26 - 2014-05-12 08:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-12 08:26 - 2012-05-07 23:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-12 08:26 - 2012-05-07 22:46 - 00059146 _____ () C:\SUService.log
2014-05-12 08:26 - 2012-05-05 17:53 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-12 08:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-12 03:16 - 2014-04-21 12:27 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\KeePass
2014-05-12 03:15 - 2014-04-13 00:26 - 00007606 _____ () C:\Users\Ralf\AppData\Local\Resmon.ResmonCfg
2014-05-12 03:11 - 2012-05-10 22:31 - 00000000 ____D () C:\Users\Ralf\Documents\ccleaner Sicherungen
2014-05-12 03:05 - 2014-05-12 02:34 - 00000481 _____ () C:\Windows\system32\checkdnsid.xml
2014-05-11 23:21 - 2012-07-12 23:34 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-11 23:21 - 2012-05-10 22:08 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-11 23:21 - 2012-05-10 22:08 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-11 23:20 - 2014-05-11 23:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-11 22:44 - 2014-05-11 22:44 - 00002346 _____ () C:\Users\Ralf\Desktop\aswMBR.txt
2014-05-11 21:51 - 2014-05-11 21:51 - 00000020 _____ () C:\Users\Ralf\defogger_reenable
2014-05-11 21:51 - 2012-05-05 17:21 - 00000000 ____D () C:\Users\Ralf
2014-05-11 21:42 - 2014-05-11 21:42 - 00000385 _____ () C:\Users\Ralf\AppData\Roaminguser_gensett.xml
2014-05-11 20:07 - 2014-05-11 19:27 - 00000686 ____H () C:\bdr-cf01
2014-05-11 19:36 - 2014-05-11 19:36 - 00076944 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2014-05-11 19:36 - 2014-05-11 19:24 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2014-05-11 19:28 - 2014-05-11 19:28 - 00510070 _____ () C:\ProgramData\1399829032.bdinstall.bin
2014-05-11 19:28 - 2014-05-11 19:28 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2014-05-11 19:28 - 2014-05-11 19:24 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-05-11 19:27 - 2014-05-11 19:27 - 00002193 _____ () C:\Users\Public\Desktop\Bitdefender Safepay.lnk
2014-05-11 19:27 - 2014-05-11 19:27 - 00002074 _____ () C:\Users\Public\Desktop\Bitdefender Internet Security.lnk
2014-05-11 19:27 - 2014-05-11 19:27 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-05-11 19:27 - 2014-05-11 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender
2014-05-11 19:27 - 2014-05-11 19:27 - 00000000 ____D () C:\ProgramData\BDLogging
2014-05-11 19:27 - 2014-05-11 19:25 - 00253404 ____H () C:\bdr-ld01
2014-05-11 19:27 - 2014-05-11 19:25 - 00009216 ____H () C:\bdr-ld01.mbr
2014-05-11 19:25 - 2014-05-11 19:25 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\Bitdefender
2014-05-11 19:24 - 2014-05-11 19:24 - 00000000 ____D () C:\Program Files\Bitdefender
2014-05-11 19:24 - 2014-05-11 16:39 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-05-11 19:23 - 2014-05-11 19:23 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\QuickScan
2014-05-11 19:21 - 2013-08-27 13:51 - 00002021 _____ () C:\Windows\wininit.ini
2014-05-11 19:21 - 2013-08-27 13:10 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-05-11 19:15 - 2014-05-11 19:15 - 00000186 _____ () C:\Users\Ralf\Desktop\bitdefnder.txt
2014-05-11 19:15 - 2014-01-17 00:11 - 00000000 ____D () C:\Users\Ralf\AppData\Local\JDownloader v2.0
2014-05-11 18:48 - 2012-09-22 14:55 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\vlc
2014-05-11 16:40 - 2013-08-08 17:09 - 00000000 ____D () C:\ProgramData\Avira
2014-05-11 16:26 - 2013-08-04 17:29 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\MediaMonkey
2014-05-10 21:20 - 2012-10-29 11:11 - 00000000 ____D () C:\Program Files (x86)\Lexmark Pro200-S500 Series
2014-05-10 18:27 - 2012-10-29 11:12 - 00016054 _____ () C:\ProgramData\lxebscan.log
2014-05-10 17:54 - 2014-05-10 17:54 - 00001257 _____ () C:\Users\Public\Desktop\Virtual CloneDrive.lnk
2014-05-10 17:54 - 2014-05-10 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2014-05-10 17:54 - 2014-05-10 17:54 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-05-10 13:34 - 2014-05-10 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-10 13:34 - 2012-09-08 12:12 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-10 13:34 - 2012-09-08 12:12 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-10 13:34 - 2012-09-08 12:12 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-10 13:34 - 2012-09-08 12:12 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-05-10 13:34 - 2012-05-05 18:05 - 00000000 ____D () C:\Program Files\Java
2014-05-10 12:37 - 2014-01-09 13:18 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-05-10 11:25 - 2013-01-04 00:54 - 00000000 ____D () C:\Program Files (x86)\Motorola Mobility
2014-05-10 09:12 - 2012-06-02 23:09 - 00000000 ____D () C:\Program Files\VirtualCloneDrive
2014-05-10 08:17 - 2014-05-10 08:17 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-05-10 08:17 - 2014-05-10 08:17 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-05-10 08:17 - 2014-02-08 17:58 - 00002049 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-05-10 08:17 - 2014-02-08 17:58 - 00002047 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-05-10 08:17 - 2014-02-08 17:58 - 00002037 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-05-10 08:17 - 2014-02-08 17:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-05-10 08:11 - 2012-10-03 20:05 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-10 08:11 - 2012-10-03 20:05 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-04 16:39 - 2014-01-12 23:07 - 00000000 ____D () C:\ProgramData\Lx_cats
2014-05-04 16:30 - 2009-07-14 04:34 - 00000443 _____ () C:\Windows\win.ini
2014-05-04 16:04 - 2014-05-04 15:41 - 00000000 ____D () C:\Users\Ralf\Desktop\!Udis-HH
2014-05-04 15:07 - 2014-05-01 18:52 - 00000000 ____D () C:\Users\Ralf\Desktop\Udis Recherche
2014-05-04 07:51 - 2014-05-02 11:33 - 00000000 ____D () C:\Users\Ralf\Desktop\HH
2014-04-30 16:37 - 2012-07-29 15:08 - 00000910 _____ () C:\Windows\wiso.ini
2014-04-29 16:01 - 2014-05-10 16:14 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-10 16:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 14:48 - 2014-05-10 16:14 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-10 16:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-29 10:27 - 2014-04-29 10:27 - 00008355 _____ () C:\Users\Ralf\Desktop\UDIS-IHV.xlsx
2014-04-28 00:03 - 2014-04-28 00:06 - 00002187 _____ () C:\Users\Ralf\Desktop\WISO Steuer-Sparbuch 2014.lnk
2014-04-25 07:33 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-24 08:29 - 2014-04-24 08:29 - 00001191 _____ () C:\Users\Ralf\Desktop\BaseCamp.lnk
2014-04-22 10:50 - 2014-04-22 10:50 - 00000000 __SHD () C:\Users\Ralf\AppData\Local\EmieUserList
2014-04-22 10:50 - 2014-04-22 10:50 - 00000000 __SHD () C:\Users\Ralf\AppData\Local\EmieSiteList
2014-04-22 03:28 - 2014-04-22 03:28 - 02787006 _____ () C:\Users\Ralf\Downloads\fritzbox-vcc16_22.04.14_0327.eth
2014-04-22 03:01 - 2014-04-22 03:01 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\Wireshark
2014-04-22 02:59 - 2014-04-22 02:59 - 00001565 _____ () C:\Users\Public\Desktop\Wireshark.lnk
2014-04-22 02:59 - 2014-04-22 02:59 - 00000000 ____D () C:\Program Files\Wireshark
2014-04-22 02:56 - 2014-04-22 02:55 - 27997568 _____ (Wireshark development team) C:\Users\Ralf\Downloads\Wireshark-win64-1.10.6.exe
2014-04-21 15:50 - 2014-04-21 14:16 - 00000000 ____D () C:\Users\Ralf\AppData\Local\KeePass
2014-04-21 15:45 - 2014-04-21 12:27 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2014-04-21 12:27 - 2014-04-21 12:27 - 00001124 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2014-04-21 12:27 - 2014-04-21 12:27 - 00001112 _____ () C:\Users\Ralf\Desktop\KeePass 2.lnk
2014-04-17 15:55 - 2014-04-17 15:55 - 00000000 ____D () C:\Users\Ralf\Desktop\UDIS
2014-04-16 11:53 - 2013-09-27 10:09 - 00000000 ____D () C:\Windows\rescache
2014-04-16 09:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-16 08:55 - 2013-08-08 17:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-16 08:54 - 2012-06-02 13:47 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-14 22:46 - 2014-04-14 22:32 - 00000000 ____D () C:\Users\Ralf\Desktop\konzept
2014-04-14 17:09 - 2014-04-14 17:09 - 00001263 _____ () C:\Users\Ralf\Desktop\1.txt
2014-04-14 12:05 - 2014-04-14 08:19 - 00000000 ____D () C:\Users\Ralf\AppData\Local\Citrix
2014-04-14 08:19 - 2014-04-14 08:19 - 00003566 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2292069608-270782581-2939998704-1000
2014-04-14 08:19 - 2014-04-14 08:19 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-04-13 11:47 - 2014-04-12 21:44 - 00000000 ____D () C:\Users\Ralf\AppData\Local\Garmin
2014-04-13 00:25 - 2012-07-28 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-04-13 00:25 - 2012-07-28 23:04 - 00000000 ____D () C:\Program Files (x86)\Garmin GPS Plugin
2014-04-12 22:03 - 2014-04-12 22:03 - 00012991 _____ () C:\Users\Ralf\Desktop\JDownloader2.exe - Verknüpfung.lnk
2014-04-12 21:44 - 2014-04-12 21:44 - 00000000 ____D () C:\Users\Ralf\AppData\Local\GARMIN_Corp
2014-04-12 21:44 - 2012-07-28 22:59 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\GARMIN
2014-04-12 21:34 - 2012-07-28 23:03 - 00000000 ____D () C:\Program Files (x86)\Garmin

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\Default\AppData\Local\Temp\avgnt.exe
C:\Users\Default User\AppData\Local\Temp\avgnt.exe
C:\Users\Ralf\AppData\Local\Temp\install_flash_player_ax.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-29 09:44

==================== End Of Log ============================
--- --- ---

--- --- ---
FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2014 01
Ran by Ralf at 2014-05-12 09:18:03
Running from C:\Users\Ralf\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AllDup 3.4.24 (HKLM-x32\...\AllDup_is1) (Version: 3.4.24 - Michael Thummerer Software Design)
Anti-Twin (Installation 11.01.2014) (HKLM-x32\...\Anti-Twin 2014-01-11 13.25.31) (Version:  - Joerg Rosenthal, Germany)
Apple Application Support (HKLM-x32\...\{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}) (Version: 2.0.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Art Effects for PDR10 (HKLM\...\NewBlue Art Effects for PDR10) (Version: 2.0 - NewBlue)
Bitdefender Internet Security (HKLM\...\Bitdefender) (Version: 17.27.0.1146 - Bitdefender)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
calibre 64bit (HKLM\...\{E7329553-0C6D-40C0-842A-16B2716497EC}) (Version: 1.19.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 3.18 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.1.3243 - CDBurnerXP)
CrystalDiskMark 3.0.2e Shizuku Edition (HKLM\...\CrystalDiskMark_is1) (Version: 3.0.2e - Crystal Dew World)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.1012 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.1012 - CyberLink Corp.) Hidden
CyberLink True Love_16_9 (HKLM-x32\...\InstallShield_{1EC8CE10-0A3A-4C42-AC0D-3449520CD317}) (Version: 1.0 - CyberLink Corp.)
CyberLink True Love_16_9 (x32 Version: 1.0 - CyberLink Corp.) Hidden
CyberLink WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.3320 - CyberLink Corp.)
CyberLink WaveEditor (x32 Version: 1.0.1.3320 - CyberLink Corp.) Hidden
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
DrEditHD (remove only) (HKLM-x32\...\DrEditHD) (Version:  - )
DVBViewer TERRATEC Edition (HKLM-x32\...\DVBViewer TERRATEC Edition_is1) (Version:  - CM&V)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Free Audio Converter version 5.0.27.725 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.27.725 - DVDVideoSoft Ltd.)
FreeFileSync 6.1 (HKLM-x32\...\FreeFileSync) (Version: 6.1 - Zenju)
Freizeitkarte_DEU (Ausgabe 14.03) (HKLM-x32\...\Freizeitkarte_DEU) (Version:  - )
Garmin BaseCamp (HKLM-x32\...\{EBAC8FD4-28EC-46F7-BF9E-89D6E6673001}) (Version: 4.2.5 - Garmin Ltd or its subsidiaries)
Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin TOPO Deutschland v3 (HKLM-x32\...\{AE255C55-E0CF-4591-AA86-CAA19AA32C53}) (Version: 3.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin TOPO Deutschland v6 PRO (HKLM-x32\...\{A501E1DE-2D39-4A63-B05D-A0C196452309}) (Version: 6.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
GeoSetter 3.4.16 (HKLM-x32\...\GeoSetter_is1) (Version:  - Friedemann Schmidt)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.1.43.5119 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Drive (HKLM-x32\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
GoToMeeting 6.2.0.1350 (HKCU\...\GoToMeeting) (Version: 6.2.0.1350 - CitrixOnline)
GSTOOL (HKLM-x32\...\{067C81F6-EB50-475B-AEED-229BEE58293A}) (Version: 4.5 - Bundesamt für Sicherheit in der Informationstechnik)
HotkeyPro 2.0.13284.420 (HKLM\...\HotkeyPro) (Version: 2.0.13284.420 - Digital Dynamic)
inSSIDer 3 (HKLM-x32\...\{A80CEA4E-74C1-4F9F-806B-E1D9AFC01768}) (Version: 3.0.7.48 - MetaGeek, LLC)
Intel PROSet Wireless (Version:  - ) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2455 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}) (Version: 14.03.0000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
IT-Sicherheit (HKLM-x32\...\IT-Sicherheit) (Version:  - )
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417007FF}) (Version: 7.0.70 - Oracle)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KeePass Password Safe 2.26 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.26 - Dominik Reichl)
LAV Filters 0.53.2 (HKLM-x32\...\lavfilters_is1) (Version: 0.53.2 - Hendrik Leppkes)
Lazesoft Recovery Suite version 3.4 Home Edition (HKLM-x32\...\LS-32CB12D5-CC47-4BC8-BC97-0613CDCB0406_is1) (Version: 3.4 - Lazesoft)
Lexmark Pro200-S500 Series (HKLM\...\Lexmark Pro200-S500 Series) (Version:  - Lexmark International, Inc.)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Lotus Notes 8.5.3 de (HKLM-x32\...\{D17BC5AF-E3C4-4217-83EF-D228A8A154D9}) (Version: 8.53.11286 - IBM)
LUMIX Map Tool (HKLM-x32\...\InstallShield_{7DCF5B1D-79C2-4F24-9746-511436EBC6B4}) (Version: 1.00.0000 - Panasonic Corporation)
LUMIX Map Tool (x32 Version: 1.00.0000 - Panasonic Corporation) Hidden
Malwarebytes Anti-Malware Version 1.65.1.1000 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.65.1.1000 - Malwarebytes Corporation)
MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MPlayer für Windows (Full Package) (HKLM-x32\...\{DB9E4EAB-2717-499F-8D56-4CC8A644AB60}) (Version:  - LoRd MuldeR)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 285.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 285.77 - NVIDIA Corporation)
NVIDIA Grafiktreiber 285.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 285.77 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.5.21 (Version: 1.5.21 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.8577 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 285.77 (Version: 285.77 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.5.21 - NVIDIA Corporation) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.212.0 - Tracker Software Products Ltd)
phonostar-Player Version 3.02.5 (HKLM-x32\...\phonostar3RadioPlayer_is1) (Version:  - )
PHOTOfunSTUDIO 8.1 PE (HKLM-x32\...\{5F58EF0F-3E92-49B9-A315-872C65F30F05}) (Version: 8.01.710 - Panasonic Corporation)
PokerTH (HKLM-x32\...\PokerTH 0.9.4) (Version: 0.9.4 - www.pokerth.net)
PolarEditOctagon 1018 v 0.6.2.3 (HKLM-x32\...\{7AA2C7DA-ECDD-46CC-9716-313B0EA050EB}_is1) (Version:  - Polarstern)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.22 - Dell Inc.)
QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.48 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden
RSDLite (HKLM-x32\...\{EAC93E1D-4807-43E2-B39A-8170B731B7D0}) (Version: 5.6 - Motorola)
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden
StarMoney (x32 Version: 3.0.2.50 - StarFinanz) Hidden
StarMoney 8.0 S-Edition (HKLM-x32\...\{34517C06-7386-41EB-B0DA-57B18167FE40}) (Version: 8.0 - Star Finanz GmbH)
StreamTransport version: 1.0.2.2171 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.22.0 - Synaptics Incorporated)
TELL ME MORE (HKLM-x32\...\TMM90) (Version:  - )
TERRATEC Cinergy DT USB XS Diversity (64 Bit) (HKLM-x32\...\{715544BD-B49A-40A0-938B-152C5A1D99C3}) (Version: 3.12.00.00 - TERRATEC Electronic GmbH)
THC Codec Patch (HKLM-x32\...\{03DF2CB2-FF23-47F7-8754-8C3938A5F44C}) (Version: 1.00.0000 - )
THC codec patch (HKLM-x32\...\{667774E0-26BB-4194-9854-656A8DC5337B}) (Version: 1.00.0000 - TERRATEC)
Tilgungsplaner Professional  7 (HKLM-x32\...\{4F5C17F0-0CD3-4DB3-81CB-8138788F8D2A}) (Version: 7.2.2.206 - métier 2000 - Softwareentwicklung GmbH)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0 - Microsoft Corporation) Hidden
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows-Treiberpaket - TerraTec  (mod7700) Media  (05/10/2009 3.12.0.0) (HKLM\...\2FAC7F7117585E142DED89EB34FB4C6D8A98A092) (Version: 05/10/2009 3.12.0.0 - TerraTec )
Windows-Treiberpaket - TerraTec  (mod7700) Media  (05/23/2009 3.12.0.0) (HKLM\...\2515928E07E927502134BBB67FFBDA000C7CE116) (Version: 05/23/2009 3.12.0.0 - TerraTec )
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinX DVD Author 6.2 (HKLM-x32\...\WinX DVD Author_is1) (Version:  - DigiartySoft, Inc.)
Wireshark 1.10.6 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.6 - The Wireshark developer community, hxxp://www.wireshark.org)
WISO Steuer-Sparbuch 2012 (HKLM-x32\...\{0CC1DAFB-40C8-4903-953D-471E541477C7}) (Version: 19.00.7303 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2013 (HKCU\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{65E2E8EB-E290-456A-8B93-0559271E881D}) (Version: 21.01.8499 - Buhl Data Service GmbH)
XMedia Recode Version 3.1.2.5 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.2.5 - XMedia Recode)
YTD Video Downloader 3.9.3 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version:  - GreenTree Applications SRL) <==== ATTENTION
ZoneAlarm Firewall (x32 Version: 11.0.768.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 11.0.768.000 - Check Point)
ZoneAlarm Security (x32 Version: 11.0.768.000 - Check Point Software Technologies Ltd.) Hidden

==================== Restore Points  =========================

02-05-2014 06:57:41 Windows Update
10-05-2014 07:13:15 Removed Motorola Software Update
10-05-2014 07:13:35 Removed Motorola MMCP Drivers Installation 1.0.3
10-05-2014 07:22:45 Removed Oracle VM VirtualBox 4.3.6
10-05-2014 09:25:37 Entfernt Motorola Device Manager
10-05-2014 11:34:24 Installed Java 8 Update 5 (64-bit)
10-05-2014 14:14:38 Windows Update
10-05-2014 15:54:41 Gerätetreiber-Paketinstallation: Elaborate Bytes AG Speichercontroller

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {01A2627A-DCA9-48EA-BC55-6E1283A7A910} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-03] (Google Inc.)
Task: {08571089-29B4-47CE-A607-17ABC9E9CA8A} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {4D2BDF4C-81B4-4B66-B683-C83281A4AF5F} - System32\Tasks\G2MUpdateTask-S-1-5-21-2292069608-270782581-2939998704-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\1350\g2mupdate.exe [2014-04-14] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {A8ED7C3B-4A1F-42C2-AA3B-FD1AE62CC347} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-03] (Google Inc.)
Task: {DB3CD1F6-F774-48FE-BA15-3D0DF9DC2AC3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2292069608-270782581-2939998704-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\1350\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-11 19:27 - 2013-06-19 11:45 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2014-05-11 19:27 - 2014-03-27 19:18 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui
2014-05-11 19:27 - 2011-11-14 19:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll
2014-05-11 19:27 - 2014-03-27 19:18 - 00005120 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui
2014-05-11 19:27 - 2014-03-25 10:53 - 00771328 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_001_001\ashttpbr.mdl
2014-05-11 19:27 - 2014-03-25 10:53 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_001_001\ashttpdsp.mdl
2014-05-11 19:27 - 2014-03-25 10:53 - 02593416 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_001_001\ashttpph.mdl
2014-05-11 19:27 - 2014-03-25 10:53 - 01317216 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_001_001\ashttprbl.mdl
2011-11-01 12:58 - 2011-11-01 12:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2012-10-29 11:13 - 2009-11-04 09:17 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxebdrpp.dll
2012-05-16 23:41 - 2010-08-19 17:43 - 00386344 ____N () C:\Program Files\Cyberlink\Shared files\RichVideo64.exe
2011-11-01 12:58 - 2011-11-01 12:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2012-05-05 17:46 - 2011-07-19 14:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-02-06 00:08 - 2011-01-13 10:44 - 00232800 ____N () C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\PATCHW32.dll
2014-02-18 14:14 - 2014-02-18 14:14 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3e27ac2000641918e7215d97c63e957d\IsdiInterop.ni.dll
2012-05-05 17:43 - 2011-01-12 17:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Ralf\Desktop\FRST64.exe:BDU

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ksupmgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ksupmgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 8.1 PE.lnk => C:\Windows\pss\PHOTOfunSTUDIO 8.1 PE.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Ralf^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Ralf^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk => C:\Windows\pss\Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Bitdefender-Geldbörse => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
MSCONFIG\startupreg: Bitdefender-Geldbörse-Agent => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
MSCONFIG\startupreg: Bitdefender-Geldbörse-Anwendungs-Agent => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: dellsupportcenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe"
MSCONFIG\startupreg: FlashPlayerUpdate => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe -update plugin
MSCONFIG\startupreg: FreeFallProtection => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MSCONFIG\startupreg: GoogleChromeAutoLaunch_41A14711F994142C0CBF0BA254561EA4 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HotkeyMaster => C:\Program Files\Digital Dynamic\HotkeyPro\hotkeypro.exe -m
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: lxebmon.exe => "C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe"
MSCONFIG\startupreg: phonostar-PlayerTimer => "C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SDTray => "C:\Programme\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files\VirtualCloneDrive\VCDDaemon.exe" /s

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/12/2014 08:26:25 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2014 08:26:24 AM) (Source: MSSQL$BSI) (User: ) (EventID: 19011)
Description: FillAddress(MSAFD-Tcpip [TCP/IPv6]) : Error 0

Error: (05/11/2014 10:58:52 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771, Zeitstempel: 0x5147644e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002e41b
ID des fehlerhaften Prozesses: 0x1a64
Startzeit der fehlerhaften Anwendung: 0xaswMBR.exe0
Pfad der fehlerhaften Anwendung: aswMBR.exe1
Pfad des fehlerhaften Moduls: aswMBR.exe2
Berichtskennung: aswMBR.exe3

Error: (05/11/2014 10:38:56 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771, Zeitstempel: 0x5147644e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002dfe4
ID des fehlerhaften Prozesses: 0x1960
Startzeit der fehlerhaften Anwendung: 0xaswMBR.exe0
Pfad der fehlerhaften Anwendung: aswMBR.exe1
Pfad des fehlerhaften Moduls: aswMBR.exe2
Berichtskennung: aswMBR.exe3

Error: (05/11/2014 10:37:58 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771, Zeitstempel: 0x5147644e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002dfe4
ID des fehlerhaften Prozesses: 0x1a68
Startzeit der fehlerhaften Anwendung: 0xaswMBR.exe0
Pfad der fehlerhaften Anwendung: aswMBR.exe1
Pfad des fehlerhaften Moduls: aswMBR.exe2
Berichtskennung: aswMBR.exe3

Error: (05/11/2014 10:18:22 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771, Zeitstempel: 0x5147644e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002dfe4
ID des fehlerhaften Prozesses: 0x1b44
Startzeit der fehlerhaften Anwendung: 0xaswMBR.exe0
Pfad der fehlerhaften Anwendung: aswMBR.exe1
Pfad des fehlerhaften Moduls: aswMBR.exe2
Berichtskennung: aswMBR.exe3

Error: (05/11/2014 10:16:09 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771, Zeitstempel: 0x5147644e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002dfe4
ID des fehlerhaften Prozesses: 0xdd0
Startzeit der fehlerhaften Anwendung: 0xaswMBR.exe0
Pfad der fehlerhaften Anwendung: aswMBR.exe1
Pfad des fehlerhaften Moduls: aswMBR.exe2
Berichtskennung: aswMBR.exe3

Error: (05/11/2014 10:15:24 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771, Zeitstempel: 0x5147644e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002dfe4
ID des fehlerhaften Prozesses: 0x1694
Startzeit der fehlerhaften Anwendung: 0xaswMBR.exe0
Pfad der fehlerhaften Anwendung: aswMBR.exe1
Pfad des fehlerhaften Moduls: aswMBR.exe2
Berichtskennung: aswMBR.exe3

Error: (05/11/2014 10:04:32 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2014 10:04:32 PM) (Source: MSSQL$BSI) (User: ) (EventID: 19011)
Description: FillAddress(MSAFD-Tcpip [TCP/IPv6]) : Error 0


System errors:
=============
Error: (05/12/2014 08:26:24 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "lxebCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (05/12/2014 08:26:24 AM) (Source: Service Control Manager) (User: ) (EventID: 7009)
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxebCATSCustConnectService erreicht.

Error: (05/12/2014 08:26:18 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/12/2014 03:15:27 AM) (Source: Service Control Manager) (User: ) (EventID: 7031)
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/12/2014 02:08:18 AM) (Source: Server) (User: ) (EventID: 2505)
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{1963D1DE-1F51-4E5D-B094-EF84D9234DE4} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (05/12/2014 02:08:16 AM) (Source: Server) (User: ) (EventID: 2505)
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{1963D1DE-1F51-4E5D-B094-EF84D9234DE4} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (05/12/2014 02:08:06 AM) (Source: Server) (User: ) (EventID: 2505)
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{1963D1DE-1F51-4E5D-B094-EF84D9234DE4} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (05/11/2014 10:04:31 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "lxebCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (05/11/2014 10:04:31 PM) (Source: Service Control Manager) (User: ) (EventID: 7009)
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxebCATSCustConnectService erreicht.

Error: (05/11/2014 10:04:30 PM) (Source: Service Control Manager) (User: ) (EventID: 7003)
Description: Der Dienst "Avira Browser-Schutz" ist von folgendem Dienst abhängig: AntiVirService. Dieser Dienst ist eventuell nicht installiert.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-01-09 12:53:56.729
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\SysWOW64\wdrvtd64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-08 12:00:28.478
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\SysWOW64\wdrvtd64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-08 04:19:47.799
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\SysWOW64\wdrvtd64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-08 04:02:08.532
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\SysWOW64\wdrvtd64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-27 15:38:03.781
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-27 15:13:30.693
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-27 15:03:30.663
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-27 13:38:13.964
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-27 13:08:08.319
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-27 13:01:06.773
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 8086.17 MB
Available physical RAM: 5819.79 MB
Total Pagefile: 16170.52 MB
Available Pagefile: 13665.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:119.24 GB) (Free:33.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:19.53 GB) (Free:7.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Daten) (Fixed) (Total:679 GB) (Free:416.14 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=679 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: B5934CC9)
Partition 1: (Active) - (Size=119 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

schrauber 12.05.2014 17:46
1) Antivir is scheisse
2) Du hast zuviel Security drauf, weg mit ZoneAlarm
3) alles entfernt? Deinstallier mal VirtualCloneDrive, mal sehen ob Antivir dann immer noch meckert ;)

tett 13.05.2014 18:12
Hi Schrauber,
:dankeschoen: für die Tipps!
CloneDrive, VirtualBox, ZoneAlarm hab ich deinstalliert und den defogger ausgeführt, aber Antivir zeigt weiterhin hartnäckig den versteckten Treiber etc. an :heulen:
Sind denn meine bisherigen logs ok, also ohne verdächtige Einträge?
Und ist Bitdefender inet Security ok? bzw welche Firewall Antivirussoftware empfiehlst Du?
VG
tett

schrauber 14.05.2014 19:07
Logs sind sauber.

Aber wir schauen nochmal genauer:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


Mit Bitdefender Internet Security ist ne FIrewall dabei.

tett 15.05.2014 23:20
Hi Schrauber,

anbei das mbar-log. Nix gefunden, also nach all den befundlosen Scans muss mein System doch sauber sein und antivir ist halt an der Stelle "versteckte Treiber" nicht wissend genug ..., oder ?

Dann habe ich noch zwei Fragen:
1. Ich wollte spenden (denn das trojaner-board und dein Service sind klasse) und kann lesen ;)...die Frage dazu: warum steht überall, auch bei PayPal "Abo", obwohl es doch keins ist? Die ganzen stänigen Warnmeldungen zu Abos haben mich anscheinend auch schon ganz kirre gemacht, sorry!
2. der Bitdefender Virus-Scan meldet, dass eine Dateien nicht gescannt werden konnte, weil sie passwortgeschützt ist:
Datei: C:\Program Files (x86)\InstallShield Installation Information\{E8C64028-08E5-4BF0-B1C0-DBAAC6A77DF1}\SupportFiles.7z=>Product.ico
Jetzt will ich die "Deinstallations-Datei" nicht einfach löschen. Weißt Du, ob so etwas gefährlich sein kann bzw. wie ich den Passwortschutz weg bekomme? (hab dazu nix sinniges googlen können)

:dankeschoen:
und VG, tett

Code:
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.05.14.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17105
Ralf :: XPS17-SSD [administrator]

15.05.2014 07:43:21
mbar-log-2014-05-15 (07-43-21).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 365795
Time elapsed: 7 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
Info-Update:
1. Bitdefender hat nach und nach mein System massiv verlangsamt, also vor allem Firefox (alles ruckelte nur noch)
- habe es deinstalliert und teste jetzt Kaspersky - das System ist wieder fix wie zuvor !
Keine Ahnung, warum 2 Testsieger so unterschiedlich laufen

2. Vor der Installation von Kaspersky habe ich mal so aus reiner Neugier Antivir frisch runtergeladen, installiert und gescannt. Und ich wäre fast vom Stuhl gekippt, nun hat auch Antivir keine versteckten Objekte, Treiber und Speicherveränderungen mehr :crazy: obwohl ich ja keine Funde mit Bitdefender, Kaspersky und den diversen Tools hatte. Also habe ich auch nichts entfernt. Jedoch habe ich etwas aufgeräumt und habe Windows von ca. 4 GB alten Updatedateien und einigen Wiederherstellungspunkten befreit - nach allen Virenscans ohne Befund-. Kann es das gewesen sein?:wtf:

Fazit: Warum auch immer, "das Ding scheint durch zu sein" und Bitdefender ist sch***e

schrauber 16.05.2014 12:55
Dieser eine Fund ist eine Systemdatei, das muss so sein. Also Finger weg :)

also in meinem Link zur Spende steht eindeutig dass es kein Abo is :)


Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

tett 19.05.2014 09:43
Hi Schrauber,
klasse Anleitung :daumenhoc, also habe ich jetzt das Wichtigste getan:
- Die Anleitung abgearbeitet
- gespendet

:dankeschoen: für die super Hilfe!!!

Dann noch einige Anmerkungen und 3 (hoffentlich letzte) Fragen:
Von Deinen Tipps zur Absicherung des Systems hatte ich glücklicherweise schon ne ganze Menge berücksichtigt,
so z.B. die don'ts, Firefox (mit noscript, adblockPlus UND auch noch https everywhere und Cookie Monster), regelmäßiges Windows-Update usw.

Sehr praktisch sind TFC und Secunia und Filepony.de kannte ich auch noch nicht (und natürlich die diversen jetzt gelöschten Analysetools auch nicht).

Noch mal richtig nacharbeiten muss ich Deinen Punkt "Sicheres Browsen", hatte ich jetzt noch keine Zeit, bin ich nur mal kurz drüber geflogen (s. Frage 3).
Dann werde ich mir auch noch eine kleine "Wartungsanleitung" schreiben, damit das alles nicht wieder in der Versenkung verschwindet.


So, dann habe ich noch 3 Fragen:
1. zu "Halte dich fern von jedlichen Registry Cleanern."
Ich benutze den ccleaner, der von überall hoch gelobt wird und auch bei Fileponey gelistet ist (s. dazu Frage 2). Ich habe die Meinung auf Miekemoes Blogspot gelesen und die ist für mich auch nachvollziehbar. Allerdings dachte ich bislang immer, der ccleaner macht das schon richtig, ich habe nicht wirklich tiefere Kenntnisse von der Reg und lasse ccleaner ja Sicherungen erstellen. Jetzt bin ich etwas verunsichert:
- Soll ich den ccleaner zum RegCleanen echt nicht mehr einsetzen und somit die Reg sich selbst überlassen oder was ist die Alternative ?

2. zu Fileponey:
Ich gehe davon aus, dass die dort erhältliche Software frei von Viren und Malware ist.
- Ist es aber auch immer "gute" Software - siehe das "Problem" mit den RegCleanern -?-

3. Zu "Sicheres Browsen"
Hierzu befürchte ich immer, dass das Browsen dann auch einfach zu langsam wird. Bei Verwendung von noscript ist es absolut spürbar.
- Wie ist bei den von Dir genannten Tools SpywareBlaster und MVPs hosts file?
Auch überschneiden sich die Tools/Add-ons teilweise in ihrer Funktionalität.
- Was wäre also Deiner Meinung nach die ideale Kombi dieser Tools/Add-ons für Schutz ohne zu hohe Performanceeinbuße?

VG
Ralf

schrauber 20.05.2014 08:42
Zitat:
- Soll ich den CCleaner zum RegCleanen echt nicht mehr einsetzen und somit die Reg sich selbst überlassen oder was ist die Alternative ?
Nein! Finger weg von der Registry. Du gewinnst dadurch gar nix, ausser nen getoasteten rechner. Temps leeren mit Ccleaner kannste aber machen.
Zitat:
2. zu Fileponey:
Ich gehe davon aus, dass die dort erhältliche Software frei von Viren und Malware ist.
- Ist es aber auch immer "gute" Software - siehe das "Problem" mit den RegCleanern -?-
Die Seite ist von uns. Dort findest du eigentlich alles was du brauchst, wir arbeiten auch nicht wie andere mit einem Downloadmanager, der Dir noch irgend nen Scheiss mit installieren will. Wenn Dir dort was fehlt an Software einfach bescheid geben :)
Zitat:
Was wäre also Deiner Meinung nach die ideale Kombi dieser Tools/Add-ons für Schutz ohne zu hohe Performanceeinbuße?
NoScript zieht Performance? Hör ich zum ersten Mal, noch nie was von gemerkt. Noscript und Adblock Plus, oder noch besser Adblock Edge, das sollte schon passen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:43 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131