Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Echtzeitscanner erkennt 'TR/Patched.Ren.Gen - Outlook startet nicht (https://www.trojaner-board.de/156205-echtzeitscanner-erkennt-tr-patched-ren-gen-outlook-startet.html)

Aldermann 07.07.2014 18:38
Echtzeitscanner erkennt 'TR/Patched.Ren.Gen - Outlook startet nicht
 
EDIT: Win 7 (kann leider Thema nicht editieren)



Hallo zusammen,

ich lag für 10 Wochen im KH; hab mir evtl durch verzögerte Updates den Trojaner gezogen.
Komischerweise stürzt auch nun Ouitlook bei der Serververbindung ab. Evtl gibt's nen Zusammenhang.

Im abgesicherten + Inetverbindung, stürzte der Rechner nachdem ich RKill laufen ließ beim Scan mit Malwareantibytes ab.

Hab vor paar Tagen JRT laufen lassen und Adaware. Angefangen haben die Meldungen am 25.06. nachdem TR/Crypt.XPACK.Gen2 aufgespürt wurde und nicht mehr in Erscheinung trat.


Blockiert der Trojaner auch das Outlook oder ist das nur zufällig?

Wie bekomm ich den weg?


JRT

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:40 on 07/07/2014 (Marcel)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
gmer

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-07 18:13:10
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2320BH_G2 rev.008B000B 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Marcel\AppData\Local\Temp\uwdiypog.sys


---- System - GMER 2.1 ----

SSDT    93D9C716                                                                                                                                                                                                                                                              ZwCreateSection
SSDT    93D9C720                                                                                                                                                                                                                                                              ZwRequestWaitReplyPort
SSDT    93D9C71B                                                                                                                                                                                                                                                              ZwSetContextThread
SSDT    93D9C725                                                                                                                                                                                                                                                              ZwSetSecurityObject
SSDT    93D9C72A                                                                                                                                                                                                                                                              ZwSystemDebugControl
SSDT    93D9C6B7                                                                                                                                                                                                                                                              ZwTerminateProcess

Code    90E04BFC                                                                                                                                                                                                                                                              ZwTraceEvent
Code    90E04BFB                                                                                                                                                                                                                                                              NtTraceEvent

---- Kernel code sections - GMER 2.1 ----

.text    ntoskrnl.exe!ZwRollbackEnlistment + 1409                                                                                                                                                                                                                              834389A5 1 Byte  [06]
.text    ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                                                                                                                                                                                83458512 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text    ntoskrnl.exe!KeRemoveQueueEx + 14BF                                                                                                                                                                                                                                    8345FAB4 4 Bytes  [16, C7, D9, 93]
.text    ntoskrnl.exe!KeRemoveQueueEx + 181B                                                                                                                                                                                                                                    8345FE10 4 Bytes  [20, C7, D9, 93]
.text    ntoskrnl.exe!KeRemoveQueueEx + 185F                                                                                                                                                                                                                                    8345FE54 4 Bytes  [1B, C7, D9, 93]
.text    ntoskrnl.exe!KeRemoveQueueEx + 18DB                                                                                                                                                                                                                                    8345FED0 4 Bytes  [25, C7, D9, 93]
.text    ntoskrnl.exe!KeRemoveQueueEx + 192F                                                                                                                                                                                                                                    8345FF24 4 Bytes  [2A, C7, D9, 93]
.text    ...                                                                                                                                                                                                                                                                   
.text    ntoskrnl.exe!NtTraceEvent                                                                                                                                                                                                                                              83478D9C 5 Bytes  JMP 90E04C00
PAGE    ntoskrnl.exe!NtRequestPort + 2                                                                                                                                                                                                                                        83641E61 5 Bytes  JMP 90E04CA0
PAGE    ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 2                                                                                                                                                                                                                            8364FDDD 5 Bytes  JMP 90E04DE0

---- User code sections - GMER 2.1 ----

.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtClose                                                                                                                                772A5508 5 Bytes  JMP 651AF270 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtCreateFile                                                                                                                          772A5608 5 Bytes  JMP 651BA133 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtCreateKey                                                                                                                            772A5648 5 Bytes  JMP 651AFB12 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtCreateKeyTransacted                                                                                                                  772A5668 5 Bytes  JMP 651AFBB4 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtDeleteFile                                                                                                                          772A5848 5 Bytes  JMP 651BA32B c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtDeleteKey                                                                                                                            772A5858 5 Bytes  JMP 651AD785 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtDeleteValueKey                                                                                                                      772A5888 5 Bytes  JMP 651AE36B c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtDuplicateObject                                                                                                                      772A58D8 5 Bytes  JMP 651AEE45 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtEnumerateKey                                                                                                                        772A5928 5 Bytes  JMP 651AD9B1 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtEnumerateValueKey                                                                                                                    772A5958 5 Bytes  JMP 651AE00D c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtFlushKey                                                                                                                            772A59C8 5 Bytes  JMP 651AD89B c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtNotifyChangeKey                                                                                                                      772A5CA8 5 Bytes  JMP 651AE7F8 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                            772A5CB8 5 Bytes  JMP 651AE994 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtOpenFile                                                                                                                            772A5D18 5 Bytes  JMP 651BA2EE c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtOpenKey                                                                                                                              772A5D48 5 Bytes  JMP 651AF8D2 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtOpenKeyEx                                                                                                                            772A5D58 5 Bytes  JMP 651AF95F c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtOpenKeyTransacted                                                                                                                    772A5D78 5 Bytes  JMP 651AFA82 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtOpenKeyTransactedEx                                                                                                                  772A5D88 5 Bytes  JMP 651AF9EF c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtQueryAttributesFile                                                                                                                  772A5F78 5 Bytes  JMP 651BA417 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtQueryDirectoryFile                                                                                                                  772A5FD8 5 Bytes  JMP 651BA5E9 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtQueryFullAttributesFile                                                                                                              772A6028 5 Bytes  JMP 651BA500 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtQueryKey                                                                                                                            772A6128 5 Bytes  JMP 651ADB69 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtQueryMultipleValueKey                                                                                                                772A6148 5 Bytes  JMP 651AE66B c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtQuerySecurityObject                                                                                                                  772A61E8 5 Bytes  JMP 651AEB58 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtQueryValueKey                                                                                                                        772A6288 5 Bytes  JMP 651ADE5A c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtRenameKey                                                                                                                            772A6408 5 Bytes  JMP 651AE4E3 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtSetInformationFile                                                                                                                  772A6678 5 Bytes  JMP 651BACCC c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtSetInformationKey                                                                                                                    772A6698 5 Bytes  JMP 651ADD12 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtSetSecurityObject                                                                                                                    772A6798 5 Bytes  JMP 651AECDA c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtSetValueKey                                                                                                                          772A6848 5 Bytes  JMP 651AE1B5 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] kernel32.dll!CreateProcessW                                                                                                                      75BF204D 5 Bytes  JMP 651935DA c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] kernel32.dll!CreateProcessA                                                                                                                      75BF2082 5 Bytes  JMP 65193A3E c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] kernel32.dll!CreateProcessAsUserW                                                                                                                75C25ABF 5 Bytes  JMP 651936F4 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] kernel32.dll!WinExec                                                                                                                            75C7F22E 5 Bytes  JMP 65193938 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ADVAPI32.dll!CreateProcessAsUserA                                                                                                                75A62642 5 Bytes  JMP 65193C4B c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] USER32.dll!RegisterClipboardFormatA                                                                                                              75DDC091 5 Bytes  JMP 5F51BBEE C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] USER32.dll!RegisterClipboardFormatW                                                                                                              75DDDF8D 5 Bytes  JMP 5F517099 C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] USER32.dll!BeginPaint                                                                                                                            75DE5D14 5 Bytes  JMP 5F52A336 C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] USER32.dll!ValidateRect                                                                                                                          75DFF089 5 Bytes  JMP 5F690F1A C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] SHELL32.dll!SHParseDisplayName                                                                                                                  764F7ED3 5 Bytes  JMP 5F5E8055 C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ole32.dll!OleLoadFromStream                                                                                                                      757F6143 5 Bytes  JMP 5FC2C9F2 C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ole32.dll!CoResumeClassObjects + 7                                                                                                              757FEA09 7 Bytes  JMP 651CE7F9 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ole32.dll!OleRun                                                                                                                                758007DE 5 Bytes  JMP 651CE338 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ole32.dll!CoRegisterClassObject                                                                                                                  758021E1 5 Bytes  JMP 651D1C0C c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ole32.dll!OleUninitialize                                                                                                                        7580EBA1 6 Bytes  JMP 651CE2AF c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ole32.dll!OleInitialize                                                                                                                          7580EFD7 5 Bytes  JMP 651CE267 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ole32.dll!CoGetClassObject                                                                                                                      758254AD 5 Bytes  JMP 651D0282 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ole32.dll!CoInitializeEx                                                                                                                        758309AD 5 Bytes  JMP 651CE207 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ole32.dll!CoUninitialize                                                                                                                        758386D3 5 Bytes  JMP 651D0C96 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ole32.dll!CoCreateInstance                                                                                                                      75839D0B 5 Bytes  JMP 651D19B3 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ole32.dll!CoCreateInstanceEx                                                                                                                    75839D4E 5 Bytes  JMP 651CF891 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ole32.dll!CoSuspendClassObjects + 7                                                                                                              7585BB09 7 Bytes  JMP 651CE380 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ole32.dll!CoRevokeClassObject                                                                                                                    7587EACF 5 Bytes  JMP 651CFF46 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ole32.dll!CoGetInstanceFromFile                                                                                                                  758B340B 5 Bytes  JMP 651D0D96 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text    c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ole32.dll!OleRegEnumFormatEtc                                                                                                                    758FCFD9 5 Bytes  JMP 651CE2F0 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll

---- Devices - GMER 2.1 ----

Device  \Driver\BTHUSB \Device\0000008e                                                                                                                                                                                                                                        bthport.sys
---- Processes - GMER 2.1 ----

Library  C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll (*** hidden *** ) @ c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [5088]                                                            0x5F4F0000                                                                                                                                         
Library  C:\Program Files\Common Files\Microsoft Shared\Office15\adal.dll (*** hidden *** ) @ c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [5088]                                                            0x5D5E0000                                                                                                                                         
Library  C:\Program Files\Common Files\Microsoft Shared\Office15\csi.dll (*** hidden *** ) @ c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [5088]                                                            0x56970000                                                                                                                                         
Library  C:\Program Files\Common Files\Microsoft Shared\OFFICE15\ACEOLEDB.DLL (*** hidden *** ) @ c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [5088]                                                        0x60E80000                                                                                                                                         

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cf5ca37                                                                                                                                                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cf5ca37@d875336af7d5                                                                                                                                                                              0x5F 0x89 0x30 0xA4 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cf5ca37@a8e0184c7159                                                                                                                                                                              0x2E 0x0B 0xDB 0x80 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cf5ca37@60a10afb4e41                                                                                                                                                                              0x47 0x50 0x6D 0xC0 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cf5ca37@a8e018594c71                                                                                                                                                                              0xCF 0xD2 0x32 0x5C ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cf5ca37@5479758c1ff6                                                                                                                                                                              0x56 0x8E 0xA4 0xD1 ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cf5ca37 (not active ControlSet)                                                                                                                                                                       
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cf5ca37@d875336af7d5                                                                                                                                                                                  0x5F 0x89 0x30 0xA4 ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cf5ca37@a8e0184c7159                                                                                                                                                                                  0x2E 0x0B 0xDB 0x80 ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cf5ca37@60a10afb4e41                                                                                                                                                                                  0x47 0x50 0x6D 0xC0 ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cf5ca37@a8e018594c71                                                                                                                                                                                  0xCF 0xD2 0x32 0x5C ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cf5ca37@5479758c1ff6                                                                                                                                                                                  0x56 0x8E 0xA4 0xD1 ...
Reg      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\349837A032C1F764289D67EC2B21A8F7@\x20ac\x00b47\0003\0004\09\08\0003\0007\0A\0000\0003\0002\0C\0001\0F\0007\0006\0004\0002\08\09\0D\0006\0007\0E\0C\0002\0B\0pä\xbb\0\26ë\xb7n\r  C:\Windows\Microsoft.NET\FrameworJ????@A?????P#??MZ??????????
Reg      HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{B20AF9AD-76D4-11DF-A1C9-806E6F6E6963}                                                                                                                                                14209128576
Reg      HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{B8412A6C-B4C8-11E0-8334-BF6E39AA4C1F}                                                                                                                                                73022936

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                                                                                                                                                  unknown MBR code

---- EOF - GMER 2.1 ----
FRST

Addition

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-07-2014 01
Ran by Marcel at 2014-07-07 16:38:50
Running from C:\Users\Marcel\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

Ad-Aware Antivirus (HKLM\...\{CB799B5A-84B8-46A2-BEB5-4FD7D5230361}_AdAwareUpdater) (Version: 11.2.5952.0 - Lavasoft)
AdAwareInstaller (Version: 11.2.5952.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.2.5952.0 - Lavasoft) Hidden
Adblock Plus for IE (32-bit) (HKLM\...\{4653FE0D-2762-41B6-A757-8C4F00B790C3}) (Version: 1.0 - Eyeo GmbH)
Adblock Plus for IE (HKLM\...\{1ce01891-839b-4ad1-b629-2e608ba0c6ba}) (Version: 1.0 - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\{1F5E5F2E-5E61-431D-B796-58CCC6B68E28}) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\{C4B32291-F7B2-4BEC-BA4D-4195676A08CC}) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AFPL Ghostscript 8.54 (HKLM\...\AFPL Ghostscript 8.54) (Version:  - )
AFPL Ghostscript Fonts (HKLM\...\AFPL Ghostscript Fonts) (Version:  - )
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.2.1119 - Atheros)
Auerswald COMset 2.7.2 (HKLM\...\{B1D2A138-D53E-4D3F-B547-EA2277007746}) (Version: 2.7.2 - Auerswald GmbH & Co.KG)
Aunsoft Video Converter Ver 1.3.3.3139 (HKLM\...\{E32B6084-FF45-4649-9810-A057E1F49A9C}_is1) (Version:  - )
AVI Splitter (HKLM\...\AVI Splitter_is1) (Version:  - )
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira)
calibre (HKLM\...\{8985824A-20E6-499F-97E1-6D20D9ECD869}) (Version: 0.9.24 - Kovid Goyal)
Carcassonne CE (HKLM\...\{5B23E5AD-23E2-45C8-A24C-97D3A23FB6EE}) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.00495 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.00495 - Cisco Systems, Inc.) Hidden
Content Manager 2 (HKLM\...\Content Manager 2) (Version: 3.1.2.13971 - NNG Llc.)
CPUID HWMonitor 1.20 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
D3DX10 (Version: 15.0.1166.623 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version:  - Microsoft)
devolo dLAN Cockpit (HKLM\...\dlancockpit) (Version: 1.0 - devolo AG)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)
dLAN Cockpit (Version: 1.19.07 - devolo AG) Hidden
Dragon NaturallySpeaking 12 (HKLM\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.50.000 - Nuance Communications Inc.)
Driver Genius Professional Edition (HKLM\...\Driver Genius Professional Edition_is1) (Version: 11.0 - Driver-Soft Inc.)
DriverAgent by eSupport.com (HKLM\...\DriverAgent.exe) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}) (Version: 4.2.4 - Samsung)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 13.4.0.10136 - Landesfinanzdirektion Thüringen)
EVEREST Ultimate Edition v5.50 (HKLM\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
ffdshow v1.2.4422 [2012-04-09] (HKLM\...\ffdshow_is1) (Version: 1.2.4422.0 - )
fotokasten comfort 4.4 (HKLM\...\fotokasten comfort_is1) (Version:  - )
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free Video Converter (HKLM\...\Free Video Converter) (Version: 1.0.1.4 - Extensoft)
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
GonVisor 1.74 (HKLM\...\GonVisor_is1) (Version:  - G.A.A.)
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Haali Media Splitter (HKLM\...\HaaliMkx) (Version:  - )
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Image Resizer Powertoy Clone for Windows (HKLM\...\{1E5F3CC6-D390-4393-A2AA-6CEC04F1705A}) (Version: 2.1 - Brice Lambson)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.60.19 - Oracle, Inc.) Hidden
JDownloader (HKLM\...\JDownloader) (Version:  - AppWork UG (haftungsbeschränkt))
JRE 1.6.1 (HKLM\...\{B256C380-AC47-4681-8342-7F42E4F0F434}) (Version: 1.6.1 - Auerswald GmbH & Co.KG)
Langenscheidt Vokabeltrainer 4.0 Spanisch (HKLM\...\{3584FC37-0562-45AC-B430-70F8EB182EE7}) (Version: 4.0.0 - Langenscheidt)
LinuxLive USB Creator (HKLM\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 10.70.3.3 - Marvell)
MFC RunTime files (Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Advertising SDK for Windows Phone - ENU (HKLM\...\{656458ED-DA77-4C82-AF2F-1640C191A2A7}) (Version: 5.2.819.0 - Microsoft Corporation)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Expression Blend 3 SDK (HKLM\...\{256E7DAC-9BE8-494E-8DE7-7857BF96B774}) (Version: 1.0.1343.0 - Microsoft Corporation)
Microsoft Expression Blend 4 (HKLM\...\Blend_4.0.30816.0) (Version: 4.0.30816.0 - Microsoft Corporation)
Microsoft Expression Blend 4 (Version: 4.0.30816.0 - Microsoft Corporation) Hidden
Microsoft Expression Blend 4 Add-in for Adobe FXG Import (HKLM\...\{EFBBD030-48F0-43B3-A8AD-789894DAD0B5}) (Version: 1.0.20817.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for .NET 4 (HKLM\...\{9B3A1C97-A361-463E-8817-444F9F88CDFE}) (Version: 2.0.20525.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for Silverlight 4 (HKLM\...\{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}) (Version: 2.0.20525.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for Windows Phone 7 (HKLM\...\{69E11501-75F7-4ACE-8103-52513DDCFE26}) (Version: 2.0.20901.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for Windows Phone OS 7.1 (HKLM\...\{12B8E200-99CC-4203-A8D1-4145FC4D0192}) (Version: 2.0.30816.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4623.1003 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Configuration Analyzer Tool 1.2 (HKLM\...\{3F2A8BF0-392F-4063-80FC-7A637A45DAB9}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1166.0618 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express for Windows Phone 7.1 - ENU (Version: 10.1.40219 - Microsoft Corporation) Hidden
Microsoft Word 2000 SR-1 (HKLM\...\{00170407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft XNA Game Studio 4.0 (XnaLiveProxy) (Version: 4.0.20823.0 - Microsoft Corporation) Hidden
Microsoft XNA Game Studio 4.0 Refresh (ARP entry) (Version: 4.0.30901.0 - Microsoft Corporation) Hidden
Microsoft XNA Game Studio 4.0 Refresh (HKLM\...\XNA Game Studio 4.0) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft XNA Game Studio 4.0 Refresh (Redists) (Version: 4.0.30901.0 - Microsoft Corporation) Hidden
Microsoft XNA Game Studio 4.0 Refresh (Shared Components) (Version: 4.0.30901.0 - Microsoft Corporation) Hidden
Microsoft XNA Game Studio 4.0 Refresh (Visual Studio) (Version: 4.0.30901.0 - Microsoft Corporation) Hidden
Microsoft XNA Game Studio Platform Tools (HKLM\...\{89690B51-2E21-4E93-914E-F9CAC5B24A84}) (Version: 1.4.0.0 - Microsoft Corporation)
mIRC (HKLM\...\mIRC) (Version: 7.19 - mIRC Co. Ltd.)
MKVtoolnix 5.0.1 (HKLM\...\MKVtoolnix) (Version: 5.0.1 - Moritz Bunkus)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 17.0 (x86 de) (HKLM\...\Mozilla Thunderbird 17.0 (x86 de)) (Version: 17.0 - Mozilla)
MPEG4E VFW - H.264/MPEG-4 AVC codec (remove only) (HKLM\...\MPEG4E) (Version:  - )
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Naviextras Toolbox Prerequesities (HKLM\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
Nokia Connectivity Cable Driver (HKLM\...\{2D99A593-C841-43A7-B7C9-D6F3AE70B756}) (Version: 7.1.45.0 - Nokia)
Nokia Ovi Suite (HKLM\...\Nokia Ovi Suite) (Version: 3.1.1.90 - Nokia)
Nokia Ovi Suite (Version: 3.1.1.90 - Nokia) Hidden
Nokia Ovi Suite Software Updater (HKLM\...\{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}) (Version: 02.07.004.45780 - Nokia Corporation)
NVIDIA 3D Vision Controller Driver (Version: 280.19 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller-Treiber 280.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 280.19 - NVIDIA Corporation)
NVIDIA Grafiktreiber 280.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 280.26 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1000.25.170 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Systemsteuerung 280.26 (Version: 280.26 - NVIDIA Corporation) Hidden
NVIDIA Update 1.4.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.4.28 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.4.28 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 4.3.10 (HKLM\...\{8CC64E4E-DD74-421D-B3E9-90044732D1EF}) (Version: 4.3.10 - Oracle Corporation)
Ovi Desktop Sync Engine (Version: 1.5.266.0 - Nokia) Hidden
OviMPlatform (Version: 2.7.72.0 - Nokia) Hidden
PantsOff 2.0 (HKLM\...\{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1) (Version: 2.0 - Christoph Bünger Software)
Paragon Backup & Recovery™ 11 Kompakt (HKLM\...\{1E1DFF42-2EE8-4852-A7AB-C5174321D68F}) (Version: 90.00.0003 - Paragon Software)
PC Connectivity Solution (HKLM\...\{C373F7C4-05D2-4047-96D1-6AF30661C6AA}) (Version: 11.4.21.0 - Nokia)
PC Inspector smart recovery (HKLM\...\{C9A87D86-FDFD-418B-BF96-EF09320973B3}) (Version: 4.50 - )
PDF Blender (HKLM\...\PDF Blender) (Version:  - )
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.211.0 - Tracker Software Products Ltd)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
Sandboxie 3.64 (32-bit) (HKLM\...\Sandboxie) (Version: 3.64 - SANDBOXIE L.T.D)
ScummVM 1.4.1 (HKLM\...\ScummVM_is1) (Version:  - The ScummVM Team)
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Sigil 0.7.1 (HKLM\...\Sigil_is1) (Version:  - John Schember)
Smart Data Recovery v4.4 (HKLM\...\Smart Data Recovery_is1) (Version: 4.4 - Smart PC Solutions)
SopCast 3.2.9 (HKLM\...\SopCast) (Version: 3.2.9 - www.sopcast.com)
SRWare Iron Version SRWare Iron 35.0.1900.0 (HKLM\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 35.0.1900.0 - SRWare)
Stellarium 0.12.4 (HKLM\...\Stellarium_is1) (Version: 0.12.4 - Stellarium team)
Studie zur Verbesserung von HP Officejet Pro 8100 Produkten (HKLM\...\{C1756136-D72A-4036-8B12-8A696462504D}) (Version: 28.0.1321.0 - Hewlett-Packard Co.)
Subtitle Workshop 2.51 (HKLM\...\SubtitleWorkshop) (Version:  - )
SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49 (HKLM\...\{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1) (Version: v2011.build.49 - eRightSoft)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
TeraCopy 2.2 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector Inc.)
TreeSize Free V2.5 (HKLM\...\TreeSize Free_is1) (Version: 2.5 - JAM Software)
Trillian (HKLM\...\Trillian) (Version:  - Cerulean Studios, LLC)
TVersity Codec Pack 1.7 (HKLM\...\TVersity Codec Pack) (Version: 1.7 - TVersity Inc.)
TVersity Media Server 1.9.7 (HKLM\...\TVersity Media Server) (Version: 1.9.7 - TVersity)
UltraISO Premium V9.52 (HKLM\...\UltraISO_is1) (Version:  - )
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
USB2.0 UVC 1.3M WebCam (HKLM\...\USB2.0 UVC 1.3M WebCam) (Version:  - )
USB2.0 UVC WebCam (HKLM\...\{960C278D-E4F9-41AD-9073-1B663A7E8CAA}) (Version: 7.11.706.001 - D-MAX)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Veetle TV 0.9.18 (HKLM\...\Veetle TV) (Version: 0.9.18 - Veetle, Inc)
VirtualDubMOD 1.5.10.3 US (HKLM\...\{B158F76F-76AB-4115-A4F0-4C6EF6956093}_is1) (Version: 1.5.10.3 - Trad-Fr)
Visual C++ Runtime for Dragon NaturallySpeaking (HKLM\...\{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}) (Version: 10.00.200.184 - Nuance Communications Inc.)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WCF Data Services SDK for Windows Phone (HKLM\...\{6F33C2E2-5E02-4344-90BC-ED55C48341D2}) (Version: 4.7.6.0 - Microsoft Corporation)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.100 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\B7541EC5F72AA713F557569278EB6273725F5607) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live SOXE (Version: 15.4.3001.0809 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3001.0809 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3001.0809 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3001.0809 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Windows Phone SDK 7.1 - ENU (HKLM\...\Microsoft Visual Studio 2010 Express for Windows Phone 7.1 - ENU) (Version: 10.1.40219 - Microsoft Corporation)
Windows Phone SDK 7.1 Add-in for Visual Studio 2010 - ENU (HKLM\...\{A721BC43-E63E-3531-B1BF-6A405F9530BD}) (Version: 10.0.40219 - Microsoft Corporation)
Windows Phone SDK 7.1 Assemblies (HKLM\...\{9E2F2BAC-A9FD-35BC-B8E0-253FEBED0F9B}) (Version: 10.0.40219 - Microsoft Corporation)
Windows Phone SDK 7.1 Extensions for XNA Game Studio 4.0 (HKLM\...\{A4CC18F6-DB05-4B03-B724-4128322FA85F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
WPF Toolkit February 2010 (Version 3.5.50211.1) (HKLM\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.50211.1 - Microsoft Corporation)
WT-Rate 3.76 (HKLM\...\WT-Rate) (Version:  - )
Xiph.Org Open Codecs 0.85.17777 (HKLM\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Zune (HKLM\...\Zune) (Version: 04.02.0202.00 - Microsoft Corporation)
Zune (Version: 04.02.0202.00 - Microsoft Corporation) Hidden
Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DE) (Version: 04.02.0202.00 - Microsoft Corporation) Hidden
Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ES) (Version: 04.02.0202.00 - Microsoft Corporation) Hidden
Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FR) (Version: 04.02.0202.00 - Microsoft Corporation) Hidden
Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (IT) (Version: 04.02.0202.00 - Microsoft Corporation) Hidden
Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0646B34F-9FBC-4CD1-BAE9-7B047A64A364} - System32\Tasks\{F9209507-77AC-4524-96B4-8035AC9CA90C} => C:\Program Files\Skype\Phone\Skype.exe
Task: {0E387D5A-A385-4DA0-BC74-59B9A9F68873} - System32\Tasks\Microsoft\Office\Office Automatic Updates => c:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2014-05-13] (Microsoft Corporation)
Task: {1BC78BA1-C057-4A2F-A47C-8CEC371E290A} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-09-12] (Samsung Electronics Co., Ltd.)
Task: {1CF38798-4488-4913-8107-D23942BFFFE7} - System32\Tasks\HPCustParticipation HP Officejet Pro 8100 => C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPCustPartic.exe [2012-11-01] (Hewlett-Packard Co.)
Task: {23BF65DE-C52B-4B0A-9A40-96D6F2BA5983} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {68853998-577D-4D75-90B4-85AB261CED08} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {8169E5D6-E186-46B5-ACAB-0EEB91C9FA49} - System32\Tasks\{4ACD39E3-F159-44B8-9E73-A8C7CEB67AC8} => D:\Nokia_Ovi_Suite_webinstaller_ALL.exe
Task: {9B0D0369-E7F8-47DD-9A9D-88AD50A73333} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {ADF53220-43A5-4B3B-BE4E-91930042AD42} - System32\Tasks\InstallShield Software online update program => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
Task: {BA1610C9-A815-4D6B-A4CD-E1D07C3CF6E4} - System32\Tasks\SUPBackground => c:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2009-05-20] ()
Task: {C26A87AE-B86A-4D8F-8F90-F9303A3FBB49} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => c:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-20] (Microsoft Corporation)
Task: {CEF26956-57FC-401E-B343-A61AF7C9498C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-04] (Adobe Systems Incorporated)
Task: {EFF3E2D4-1C04-4F44-9CB6-F47932380A08} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Marcel-PC-Marcel Marcel-PC => c:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-06-20] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2011-07-23 19:46 - 2010-03-15 11:28 - 00141824 _____ () D:\Program Files\WinRAR\rarext.dll
2011-10-20 14:43 - 2009-07-13 23:50 - 00325120 _____ () c:\Program Files\TeraCopy\TeraCopy.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:661DFA1C
AlternateDataStreams: C:\ProgramData\TEMP:7FFED16F
AlternateDataStreams: C:\ProgramData\TEMP:A24211BA
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\ProgramData\TEMP:E8BE05FA

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Marcel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^An OneNote senden.lnk => C:\Windows\pss\An OneNote senden.lnk.Startup
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DBHAgent => D:\Program Files\Paragon Software\Backup and Recovery 11 Kompakt\program\dbhagent.exe
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "c:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: DNS7reminder => "C:\Program Files\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"
MSCONFIG\startupreg: IntelWireless => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: NokiaMServer => C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
MSCONFIG\startupreg: NokiaOviSuite2 => C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RTHDVCPL => c:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
MSCONFIG\startupreg: SandboxieControl => "c:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: UnlockerAssistant => "C:\Program Files\Unlocker\UnlockerAssistant.exe"
MSCONFIG\startupreg: Zune Launcher => "c:\Program Files\Zune\ZuneLauncher.exe"

==================== Faulty Device Manager Devices =============

Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/07/2014 03:35:44 PM) (Source: Microsoft-Windows-CertificateServicesClient) (EventID: 1003) (User: NT-AUTORITÄT)
Description: Zertifikatdienstclient: Die Anbieter konnten nicht als Antwort auf Ereignis 256 aufgerufen werden. Fehlercode 2147942419.

Error: (07/07/2014 03:35:44 PM) (Source: Microsoft-Windows-CertificateServicesClient) (EventID: 1001) (User: NT-AUTORITÄT)
Description: Zertifikatdienstclient: der Anbieter pautoenr.dll konnte nicht geladen werden. Fehlercode 19.

Error: (07/07/2014 01:41:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ISUSPM.exe, Version: 13.0.0.43575, Zeitstempel: 0x4e9664be
Name des fehlerhaften Moduls: ISUSPM.exe, Version: 13.0.0.43575, Zeitstempel: 0x4e9664be
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000ab4b
ID des fehlerhaften Prozesses: 0xf20
Startzeit der fehlerhaften Anwendung: 0xISUSPM.exe0
Pfad der fehlerhaften Anwendung: ISUSPM.exe1
Pfad des fehlerhaften Moduls: ISUSPM.exe2
Berichtskennung: ISUSPM.exe3

Error: (07/06/2014 08:07:02 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/06/2014 07:00:19 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (07/05/2014 05:52:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ssp7msm.exe, Version: 1.1.0.12, Zeitstempel: 0x4e11d0ae
Name des fehlerhaften Moduls: ssp7msm.exe, Version: 1.1.0.12, Zeitstempel: 0x4e11d0ae
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043bed
ID des fehlerhaften Prozesses: 0x1888
Startzeit der fehlerhaften Anwendung: 0xssp7msm.exe0
Pfad der fehlerhaften Anwendung: ssp7msm.exe1
Pfad des fehlerhaften Moduls: ssp7msm.exe2
Berichtskennung: ssp7msm.exe3

Error: (07/05/2014 05:52:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ssp7msm.exe, Version: 1.1.0.12, Zeitstempel: 0x4e11d0ae
Name des fehlerhaften Moduls: ssp7msm.exe, Version: 1.1.0.12, Zeitstempel: 0x4e11d0ae
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043bed
ID des fehlerhaften Prozesses: 0xc28
Startzeit der fehlerhaften Anwendung: 0xssp7msm.exe0
Pfad der fehlerhaften Anwendung: ssp7msm.exe1
Pfad des fehlerhaften Moduls: ssp7msm.exe2
Berichtskennung: ssp7msm.exe3

Error: (07/04/2014 11:55:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 15.0.4623.1000, Zeitstempel: 0x537282b1
Name des fehlerhaften Moduls: pstprx32.dll, Version: 15.0.4621.1000, Zeitstempel: 0x536874b6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000a8608
ID des fehlerhaften Prozesses: 0x4e4
Startzeit der fehlerhaften Anwendung: 0xOUTLOOK.EXE0
Pfad der fehlerhaften Anwendung: OUTLOOK.EXE1
Pfad des fehlerhaften Moduls: OUTLOOK.EXE2
Berichtskennung: OUTLOOK.EXE3

Error: (07/03/2014 07:41:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm OUTLOOK.EXE, Version 15.0.4623.1000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: fa4

Startzeit: 01cf96e5d40e66fc

Endzeit: 461

Anwendungspfad: C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE

Berichts-ID: 336649ad-02d9-11e4-b6a2-001377e2cda9

Error: (07/03/2014 07:39:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 15.0.4623.1000, Zeitstempel: 0x537282b1
Name des fehlerhaften Moduls: pstprx32.dll, Version: 15.0.4621.1000, Zeitstempel: 0x536874b6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000a8608
ID des fehlerhaften Prozesses: 0x1e2c
Startzeit der fehlerhaften Anwendung: 0xOUTLOOK.EXE0
Pfad der fehlerhaften Anwendung: OUTLOOK.EXE1
Pfad des fehlerhaften Moduls: OUTLOOK.EXE2
Berichtskennung: OUTLOOK.EXE3


System errors:
=============
Error: (07/07/2014 04:38:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/07/2014 04:38:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/07/2014 04:38:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/07/2014 04:36:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/07/2014 04:36:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/07/2014 04:36:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/07/2014 04:36:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/07/2014 04:36:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/07/2014 04:36:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/07/2014 04:33:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068


Microsoft Office Sessions:
=========================
Error: (07/07/2014 03:35:44 PM) (Source: Microsoft-Windows-CertificateServicesClient) (EventID: 1003) (User: NT-AUTORITÄT)
Description: 2562147942419

Error: (07/07/2014 03:35:44 PM) (Source: Microsoft-Windows-CertificateServicesClient) (EventID: 1001) (User: NT-AUTORITÄT)
Description: pautoenr.dll19

Error: (07/07/2014 01:41:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ISUSPM.exe13.0.0.435754e9664beISUSPM.exe13.0.0.435754e9664bec00000050000ab4bf2001cf976c976d4d96C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exeC:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe92ef86aa-05cb-11e4-a1f1-b246f61c6738

Error: (07/06/2014 08:07:02 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Users\Public\Documents\DriverGenius\Temp\Realtek_HD_Audio_Vista_Win7_Win8_R270\Realtek_HD_Audio_Vista_Win7_Win8_R270\Vista64\MaxxAudioControl64.exe

Error: (07/06/2014 07:00:19 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: F:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (07/05/2014 05:52:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ssp7msm.exe1.1.0.124e11d0aessp7msm.exe1.1.0.124e11d0aec000000500043bed188801cf9869223b0adbC:\windows\system32\spool\drivers\w32x86\3\ssp7msm.exeC:\windows\system32\spool\drivers\w32x86\3\ssp7msm.exe60cf2298-045c-11e4-a1f1-b246f61c6738

Error: (07/05/2014 05:52:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ssp7msm.exe1.1.0.124e11d0aessp7msm.exe1.1.0.124e11d0aec000000500043bedc2801cf98690ce1f276C:\windows\system32\spool\drivers\w32x86\3\ssp7msm.exeC:\windows\system32\spool\drivers\w32x86\3\ssp7msm.exe4cc87fc7-045c-11e4-a1f1-b246f61c6738

Error: (07/04/2014 11:55:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: OUTLOOK.EXE15.0.4623.1000537282b1pstprx32.dll15.0.4621.1000536874b6c0000005000a86084e401cf976e107ef5f8C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXEc:\Program Files\Microsoft Office 15\Root\Office15\pstprx32.dll5b9fe805-0361-11e4-a1f1-00242cf5ca37

Error: (07/03/2014 07:41:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OUTLOOK.EXE15.0.4623.1000fa401cf96e5d40e66fc461C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE336649ad-02d9-11e4-b6a2-001377e2cda9

Error: (07/03/2014 07:39:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OUTLOOK.EXE15.0.4623.1000537282b1pstprx32.dll15.0.4621.1000536874b6c0000005000a86081e2c01cf96e5c608cbdfC:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXEc:\Program Files\Microsoft Office 15\Root\Office15\pstprx32.dll0b8017e5-02d9-11e4-b6a2-001377e2cda9


==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 3066.62 MB
Available physical RAM: 2262.7 MB
Total Pagefile: 6129.47 MB
Available Pagefile: 5447.9 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:151.6 GB) (Free:16.9 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:146.48 GB) (Free:44.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: DF16504F)
Partition 1: (Active) - (Size=152 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Aldermann 07.07.2014 18:39
FRST log --- hier da sonst zu groß gewesen



FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01
Ran by Marcel (administrator) on MARCEL-PC on 07-07-2014 17:41:16
Running from C:\Users\Marcel\Downloads
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
() C:\Program Files\devolo\dlan\devolonetsvc.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\dgnsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Syntek America Inc.) C:\Windows\System32\StkCSrv.exe
() C:\ProgramData\TVersity\Media Server\MediaServer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe
(Microsoft Corporation) C:\Users\Marcel\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Cerulean Studios) C:\Program Files\Trillian\trillian.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_14_0_0_125_ActiveX.exe
(SRWare) D:\Program Files\SRWare Iron\iron.exe
(SRWare) D:\Program Files\SRWare Iron\iron.exe
(SRWare) D:\Program Files\SRWare Iron\iron.exe
(SRWare) D:\Program Files\SRWare Iron\iron.exe
() D:\Defogger.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM\...\Run: [avgnt] => c:\Program Files\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe [6699864 2014-06-03] ()
HKU\S-1-5-21-1547209296-3416004275-3127000392-1001\...\Run: [] => [X]
HKU\S-1-5-21-1547209296-3416004275-3127000392-1001\...\Run: [SkyDrive] => C:\Users\Marcel\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [251048 2014-06-24] (Microsoft Corporation)
HKU\S-1-5-21-1547209296-3416004275-3127000392-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\S-1-5-21-1547209296-3416004275-3127000392-1001\...\Run: [GoogleChromeAutoLaunch_138BD65B420CFEBE93B2B3E75256C440] => C:\Program Files\SRWare Iron\iron.exe [2278400 2014-01-31] ()
HKU\S-1-5-21-1547209296-3416004275-3127000392-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1547209296-3416004275-3127000392-1001\...\MountPoints2: {1a1c229d-ad23-11df-b5d0-00242cf5ca37} - F:\AutoRun.exe
HKU\S-1-5-21-1547209296-3416004275-3127000392-1003\...\Run: [ISUSPM Startup] => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
HKU\S-1-5-21-1547209296-3416004275-3127000392-1003\...\Run: [] => [X]
HKU\S-1-5-21-1547209296-3416004275-3127000392-1003\...\Run: [SandboxieControl] => c:\Program Files\Sandboxie\SbieCtrl.exe [451856 2012-02-06] (SANDBOXIE L.T.D)
HKU\S-1-5-21-1547209296-3416004275-3127000392-1003\...\MountPoints2: {1a1c229d-ad23-11df-b5d0-00242cf5ca37} - F:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
ShortcutTarget: Trillian.lnk -> C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Live Streaming Video / Watch Free Live Sport Streams - Live Matches-StreamHunter
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x01F7D7484E29CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
BHO: Dragon NaturallySpeaking Rich Internet Application Support - Extension - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files\Nuance\NaturallySpeaking12\Program\ieShim.dll (Nuance Communications, Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - E:\PFiles\Common\System\OLEDB\MSDAIPP.DLL No File
Handler: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - E:\PFiles\Common\System\OLEDB\MSDAIPP.DLL No File
Handler: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - E:\PFiles\Common\System\OLEDB\MSDAIPP.DLL No File
Handler: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - E:\PFiles\Common\System\OLEDB\MSDAIPP.DLL No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - E:\PFiles\Common\System\OLEDB\MSDAIPP.DLL No File
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - E:\PFiles\Common\System\OLEDB\MSDAIPP.DLL No File
Handler: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - E:\PFiles\Common\System\OLEDB\MSDAIPP.DLL No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\hshw0q5o.default
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - c:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - d:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - c:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer - C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - c:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 - d:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - d:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: @videolan.org/vlc,version=2.1.0 - c:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - c:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: nuance.com/DragonRIAPlugin - C:\PROGRA~1\Nuance\NATURA~1\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - c:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: c:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: c:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: c:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: c:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: c:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: c:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: c:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: c:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: c:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: c:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: c:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: TVU Web Player - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\hshw0q5o.default\Extensions\firefox@tvunetworks.com [2010-08-15]
FF Extension: FoxyProxy Standard - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\hshw0q5o.default\Extensions\foxyproxy@eric.h.jung [2012-10-30]
FF Extension: Lavasoft Search Plugin - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\hshw0q5o.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-03-22]
FF Extension: YouTube to MP3 - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\hshw0q5o.default\Extensions\youtube2mp3@mondayx.de [2011-08-28]
FF Extension: QuickShare Widget - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\hshw0q5o.default\Extensions\{5b6a1955-80e6-4f12-5670-eae98f59190a} [2014-06-24]
FF Extension: DownloadHelper - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\hshw0q5o.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012-09-17]
FF Extension: Exif Viewer - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\hshw0q5o.default\Extensions\exif_viewer@mozilla.doslash.org.xpi [2012-07-24]
FF Extension: Embedded Objects - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\hshw0q5o.default\Extensions\firefox@red-cog.com.xpi [2012-01-02]
FF Extension: NoScript - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\hshw0q5o.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-01-02]
FF Extension: Adblock Plus - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\hshw0q5o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-02]
FF Extension: BetterPrivacy - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\hshw0q5o.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-03-18]
FF Extension: Skype extension for Firefox - c:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010-10-03]
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2011-09-06]
FF HKLM\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: No Name - C:\Program Files\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-10-15]
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2011-09-06]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Extension: (Cooliris) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\noocneohefmdhonidldnlhaainpiomkp [2010-06-16]
CHR HKLM\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-10-15]

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; c:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; c:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; c:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1028688 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1565880 2014-05-21] (Microsoft Corporation)
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [2231616 2010-07-19] ()
R2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [311184 2013-10-15] (Nuance Communications, Inc.)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [655352 2014-06-03] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [211216 2009-09-21] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 nvUpdatusService; c:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2255464 2011-08-03] (NVIDIA Corporation)
S3 Paragon System Backup Dienst; D:\Program Files\Paragon Software\Backup and Recovery 11 Kompakt\program\dbhservice.exe [150096 2010-07-14] (Paragon Software Group)
R2 SbieSvc; c:\Program Files\Sandboxie\SbieSvc.exe [74512 2012-02-06] (SANDBOXIE L.T.D)
R2 Secunia PSI Agent; c:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; c:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [633856 2011-06-08] (Nokia) [File not signed]
R2 StkSSrv; C:\Windows\System32\StkCSrv.exe [31248 2009-05-03] (Syntek America Inc.)
R2 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [1249064 2011-07-29] ()
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [537592 2012-08-03] (Cisco Systems, Inc.)
S3 ZuneWlanCfgSvc; c:\Windows\system32\ZuneWlanCfgSvc.exe [447216 2010-01-07] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-08-03] (Cisco Systems, Inc.)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2910720 2012-05-07] (Qualcomm Atheros Communications, Inc.)
S3 auusb; C:\Windows\System32\DRIVERS\auusb.sys [158640 2012-02-14] (Auerswald GmbH & Co.KG                        )
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-14] (Avira Operations GmbH & Co. KG)
S3 DrvAgent32; C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2010-06-14] (Phoenix Technologies) [File not signed]
S3 EverestDriver; D:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [27760 2010-03-31] ()
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-03-22] (GFI Software)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [56208 2010-07-14] (Paragon Software Group)
R1 ISODrive; c:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2010-01-29] (EZB Systems, Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-07] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKslf3441b58; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9FCCE827-3733-4DC0-9B0B-C802DB376C05}\MpKslf3441b58.sys [39464 2014-07-07] (Microsoft Corporation)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2010-06-10] (CACE Technologies) [File not signed]
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
R3 SbieDrv; c:\Program Files\Sandboxie\SbieDrv.sys [133392 2012-02-06] (SANDBOXIE L.T.D)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-26] (Avira GmbH)
R3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1436560 2009-07-03] (Syntek)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [360376 2014-04-22] (BitDefender S.R.L.)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [37080 2010-07-14] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [395464 2010-07-14] (Paragon)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S4 bmqsqcmq; \??\C:\Windows\system32\drivers\bmqsqcmq.sys [X]
S4 dbctjwpj; \??\C:\Windows\system32\drivers\dbctjwpj.sys [X]
S4 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]
S4 irwostzd; \??\C:\Windows\system32\drivers\irwostzd.sys [X]
S4 keybtgxh; \??\C:\Windows\system32\drivers\keybtgxh.sys [X]
S1 mekcglui; \??\C:\Windows\system32\drivers\mekcglui.sys [X]
S4 orfuvxuc; \??\C:\Windows\system32\drivers\orfuvxuc.sys [X]
S4 qsrmzjke; \??\C:\Windows\system32\drivers\qsrmzjke.sys [X]
S4 snwrexcs; \??\C:\Windows\system32\drivers\snwrexcs.sys [X]
S4 tpysywyt; \??\C:\Windows\system32\drivers\tpysywyt.sys [X]
U5 UnlockerDriver5; c:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
S4 vmm; \??\C:\Windows\system32\Drivers\vmm.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-07 17:40 - 2014-07-07 17:40 - 00000000 _____ () C:\Users\Marcel\defogger_reenable
2014-07-07 16:38 - 2014-07-07 16:39 - 00048257 _____ () C:\Users\Marcel\Downloads\Addition.txt
2014-07-07 16:36 - 2014-07-07 17:41 - 00023832 _____ () C:\Users\Marcel\Downloads\FRST.txt
2014-07-07 16:36 - 2014-07-07 17:41 - 00000000 ____D () C:\FRST
2014-07-07 16:36 - 2014-07-07 17:08 - 01074688 _____ (Farbar) C:\Users\Marcel\Downloads\FRST.exe
2014-07-07 16:30 - 2014-07-07 16:31 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Marcel\Downloads\rkill (1).com
2014-07-07 16:05 - 2014-07-07 16:06 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Marcel\Downloads\rkill.com
2014-07-07 16:02 - 2014-07-07 16:02 - 04161050 _____ () C:\Users\Marcel\Downloads\tdsskiller.zip
2014-07-07 15:45 - 2014-07-07 15:57 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-07 15:44 - 2014-07-07 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-07 15:44 - 2014-07-07 15:44 - 00000000 ____D () c:\Program Files\Malwarebytes Anti-Malware
2014-07-07 15:44 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-07 15:44 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-07 14:33 - 2014-06-05 20:39 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Marcel\Desktop\TDSSKiller.exe
2014-07-05 17:52 - 2014-07-07 13:41 - 00000000 ____D () C:\Users\Marcel\AppData\Local\CrashDumps
2014-07-05 10:45 - 2014-07-05 10:46 - 00257464 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2014-07-03 19:38 - 2014-07-03 19:38 - 00002717 _____ () C:\Users\Marcel\Desktop\JRT.txt
2014-07-03 19:33 - 2014-07-03 19:33 - 00000000 ____D () C:\Windows\ERUNT
2014-07-03 19:24 - 2014-07-03 19:24 - 00000000 ____D () C:\Users\Marcel\AppData\Local\graphicport.net
2014-07-03 19:03 - 2014-07-03 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2014-07-03 19:03 - 2014-03-26 20:24 - 00204064 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2014-07-03 19:02 - 2014-07-03 19:02 - 00000000 ____D () c:\Program Files\Oracle
2014-07-03 19:02 - 2014-03-26 20:23 - 00104736 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2014-07-03 18:57 - 2014-07-04 11:47 - 00002156 _____ () C:\Windows\SecuniaPackage.log
2014-07-03 18:36 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-03 18:28 - 2014-07-03 18:28 - 00001031 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-07-03 18:28 - 2014-07-03 18:28 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Secunia PSI
2014-07-03 18:27 - 2014-07-03 18:27 - 00000000 ____D () c:\Program Files\Secunia
2014-07-02 13:40 - 2014-07-02 13:40 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-02 13:40 - 2014-07-02 13:40 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-02 12:18 - 2014-07-02 12:18 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Lavasoft
2014-06-25 20:33 - 2014-07-07 17:06 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-06-25 20:33 - 2014-06-25 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-06-25 20:32 - 2014-06-25 20:32 - 00000000 ____D () c:\Program Files\Lavasoft
2014-06-25 20:16 - 2014-06-25 20:16 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-06-25 19:41 - 2014-06-25 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Configuration Analyzer Tool 1.2
2014-06-25 19:41 - 2014-06-25 19:41 - 00000000 ____D () c:\Program Files\Microsoft OffCAT
2014-06-24 23:23 - 2014-06-24 23:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-24 23:23 - 2014-06-24 23:23 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-24 23:23 - 2014-05-07 15:02 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-06-24 23:23 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-24 23:23 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-24 23:23 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-24 23:22 - 2014-06-24 23:23 - 00004551 _____ () C:\Windows\system32\jupdate-1.7.0_60-b19.log
2014-06-24 14:05 - 2014-06-24 14:05 - 00000000 __SHD () C:\Users\Marcel\AppData\Local\EmieUserList
2014-06-24 14:05 - 2014-06-24 14:05 - 00000000 __SHD () C:\Users\Marcel\AppData\Local\EmieSiteList
2014-06-22 12:15 - 2014-06-22 12:15 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-21 13:38 - 2014-06-21 13:45 - 00001100 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Inspector smart recovery.lnk
2014-06-21 13:38 - 2014-06-21 13:45 - 00001088 _____ () C:\Users\Public\Desktop\PC Inspector smart recovery.lnk
2014-06-21 13:38 - 2014-06-21 13:38 - 00000000 ____D () c:\Program Files\Convar
2014-06-21 13:38 - 2003-07-18 13:58 - 00516784 ____R (Xceed Software Inc (450) 442-2626 support@xceedsoft.com Xceed Home) C:\Windows\system32\XceedCry.dll
2014-06-21 13:38 - 2002-04-12 13:19 - 00028672 _____ () C:\Windows\system32\DartWeb.oca
2014-06-21 13:38 - 2002-02-28 09:46 - 00217088 _____ (Dart Communications) C:\Windows\system32\DartSock.dll
2014-06-21 13:38 - 2002-02-21 10:12 - 00118784 _____ (Dart Communications) C:\Windows\system32\DartWeb.dll
2014-06-21 13:38 - 2002-02-04 02:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\msxml4a.dll
2014-06-21 13:38 - 2000-10-02 12:27 - 00125712 _____ (Microsoft Corporation) C:\Windows\system32\VB6DE.DLL
2014-06-21 13:38 - 2000-05-22 00:00 - 00140488 _____ (Microsoft Corporation) C:\Windows\system32\COMDLG32.OCX
2014-06-21 13:38 - 1998-06-13 22:53 - 00044544 _____ () C:\Windows\system32\Gif89.dll
2014-06-21 13:31 - 2014-06-21 13:31 - 00002059 _____ () C:\Users\Marcel\Desktop\Klicken Sie hier, um PC-Fehler zu finden und zu reparieren.lnk
2014-06-21 13:31 - 2014-06-21 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Data Recovery
2014-06-21 13:31 - 2014-06-21 13:31 - 00000000 ____D () c:\Program Files\Smart PC Solutions
2014-06-21 13:26 - 1998-06-18 00:00 - 00089360 _____ (Microsoft Corporation) C:\Windows\system32\VB5DB.DLL
2014-06-21 13:25 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-21 13:25 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-21 13:25 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-21 13:25 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-21 13:25 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-21 13:25 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-21 13:25 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-21 13:25 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-21 13:25 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-21 13:25 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-21 13:25 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-21 13:25 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-21 13:25 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-21 13:25 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-21 13:25 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-21 13:25 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-21 13:25 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-21 13:25 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-21 13:25 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-21 13:25 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-21 13:25 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-21 13:25 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-21 13:25 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-21 13:25 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-21 13:25 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-21 13:25 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-21 13:25 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-21 13:25 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-21 13:24 - 2014-06-08 10:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-21 13:24 - 2014-06-08 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-21 13:24 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-21 13:24 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-21 13:24 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-21 13:24 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-21 13:24 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-21 13:24 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-21 13:23 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-20 18:08 - 2014-05-08 11:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-20 18:08 - 2014-05-08 11:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-08 16:42 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-06-08 16:42 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-06-08 16:42 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-06-08 16:42 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-06-08 16:41 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-06-08 16:41 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-06-08 16:41 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-06-08 16:41 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-06-08 16:41 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-06-08 16:41 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-06-08 16:41 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-06-08 16:41 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-06-08 16:41 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-06-08 16:41 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-06-08 16:41 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-06-08 16:41 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-06-08 16:41 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-06-08 16:41 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-06-08 16:41 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-06-08 16:41 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-06-08 16:41 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-06-08 16:41 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-06-08 16:41 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-06-08 16:41 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-06-08 16:41 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

==================== One Month Modified Files and Folders =======

2014-07-07 17:41 - 2014-07-07 16:36 - 00023832 _____ () C:\Users\Marcel\Downloads\FRST.txt
2014-07-07 17:41 - 2014-07-07 16:36 - 00000000 ____D () C:\FRST
2014-07-07 17:40 - 2014-07-07 17:40 - 00000000 _____ () C:\Users\Marcel\defogger_reenable
2014-07-07 17:40 - 2010-06-13 12:26 - 00000000 ____D () C:\Users\Marcel
2014-07-07 17:22 - 2009-07-14 06:34 - 00016896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-07 17:22 - 2009-07-14 06:34 - 00016896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-07 17:10 - 2010-06-13 12:19 - 02076675 _____ () C:\Windows\WindowsUpdate.log
2014-07-07 17:08 - 2014-07-07 16:36 - 01074688 _____ (Farbar) C:\Users\Marcel\Downloads\FRST.exe
2014-07-07 17:06 - 2014-06-25 20:33 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-07-07 17:06 - 2013-08-05 11:01 - 00000000 ___RD () C:\Users\Marcel\Dropbox
2014-07-07 17:06 - 2013-08-05 10:54 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Dropbox
2014-07-07 17:05 - 2014-05-18 15:08 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\DropboxMaster
2014-07-07 17:04 - 2013-02-01 15:43 - 00000000 ___RD () C:\Users\Marcel\SkyDrive
2014-07-07 17:00 - 2013-11-19 22:11 - 00017188 _____ () C:\Windows\setupact.log
2014-07-07 17:00 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-07 16:39 - 2014-07-07 16:38 - 00048257 _____ () C:\Users\Marcel\Downloads\Addition.txt
2014-07-07 16:33 - 2013-10-05 18:11 - 00002598 _____ () C:\Users\Marcel\Desktop\Rkill.txt
2014-07-07 16:31 - 2014-07-07 16:30 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Marcel\Downloads\rkill (1).com
2014-07-07 16:06 - 2014-07-07 16:05 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Marcel\Downloads\rkill.com
2014-07-07 16:02 - 2014-07-07 16:02 - 04161050 _____ () C:\Users\Marcel\Downloads\tdsskiller.zip
2014-07-07 15:57 - 2014-07-07 15:45 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-07 15:45 - 2012-03-20 23:29 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Malwarebytes
2014-07-07 15:44 - 2014-07-07 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-07 15:44 - 2014-07-07 15:44 - 00000000 ____D () c:\Program Files\Malwarebytes Anti-Malware
2014-07-07 15:44 - 2012-03-20 23:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-07 15:44 - 2012-03-20 23:29 - 00000000 ____D () c:\Program Files\Malwarebytes' Anti-Malware
2014-07-07 15:33 - 2012-02-10 22:59 - 00081812 _____ () C:\Windows\system32\TVersityMediaServer.log
2014-07-07 14:43 - 2012-12-26 15:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-07 13:41 - 2014-07-05 17:52 - 00000000 ____D () C:\Users\Marcel\AppData\Local\CrashDumps
2014-07-07 10:25 - 2013-10-15 19:29 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\vlc
2014-07-06 20:34 - 2011-05-18 21:08 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\mIRC
2014-07-06 19:58 - 2014-03-10 13:21 - 00000000 ____D () C:\Users\Marcel\Documents\Anwaltsstation
2014-07-06 13:55 - 2010-06-13 12:28 - 01658436 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-05 10:46 - 2014-07-05 10:45 - 00257464 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2014-07-04 11:47 - 2014-07-03 18:57 - 00002156 _____ () C:\Windows\SecuniaPackage.log
2014-07-04 11:47 - 2012-03-29 18:50 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-04 11:47 - 2011-05-31 09:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-04 11:43 - 2012-05-30 07:49 - 00000000 ____D () c:\Program Files\Mozilla Maintenance Service
2014-07-03 19:44 - 2013-09-29 12:58 - 00000000 ____D () c:\Program Files\SRWare Iron
2014-07-03 19:38 - 2014-07-03 19:38 - 00002717 _____ () C:\Users\Marcel\Desktop\JRT.txt
2014-07-03 19:33 - 2014-07-03 19:33 - 00000000 ____D () C:\Windows\ERUNT
2014-07-03 19:27 - 2010-12-18 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron
2014-07-03 19:24 - 2014-07-03 19:24 - 00000000 ____D () C:\Users\Marcel\AppData\Local\graphicport.net
2014-07-03 19:08 - 2012-02-11 00:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-07-03 19:07 - 2012-01-02 12:04 - 00001045 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-03 19:07 - 2011-01-31 19:58 - 00001033 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-03 19:06 - 2010-06-13 12:50 - 00000000 ____D () c:\Program Files\Mozilla Firefox
2014-07-03 19:03 - 2014-07-03 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2014-07-03 19:02 - 2014-07-03 19:02 - 00000000 ____D () c:\Program Files\Oracle
2014-07-03 18:59 - 2013-10-15 19:25 - 00000952 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-03 18:59 - 2013-10-15 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-03 18:57 - 2010-06-14 17:41 - 00000000 ____D () c:\Program Files\MSXML 4.0
2014-07-03 18:40 - 2013-12-07 13:23 - 00190622 _____ () C:\Windows\PFRO.log
2014-07-03 18:38 - 2013-10-05 19:36 - 00000000 ____D () C:\AdwCleaner
2014-07-03 18:28 - 2014-07-03 18:28 - 00001031 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-07-03 18:28 - 2014-07-03 18:28 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Secunia PSI
2014-07-03 18:27 - 2014-07-03 18:27 - 00000000 ____D () c:\Program Files\Secunia
2014-07-03 18:08 - 2013-08-26 21:46 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-07-02 13:40 - 2014-07-02 13:40 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-02 13:40 - 2014-07-02 13:40 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-02 13:34 - 2013-03-22 12:35 - 00000000 ____D () C:\Users\Marcel\AppData\Local\adawarebp
2014-07-02 12:18 - 2014-07-02 12:18 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Lavasoft
2014-07-01 16:51 - 2013-01-31 16:45 - 00000000 ____D () C:\Windows\PCHEALTH
2014-06-25 20:33 - 2014-06-25 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-06-25 20:32 - 2014-06-25 20:32 - 00000000 ____D () c:\Program Files\Lavasoft
2014-06-25 20:16 - 2014-06-25 20:16 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-06-25 20:15 - 2013-03-22 12:35 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-06-25 19:41 - 2014-06-25 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Configuration Analyzer Tool 1.2
2014-06-25 19:41 - 2014-06-25 19:41 - 00000000 ____D () c:\Program Files\Microsoft OffCAT
2014-06-25 19:27 - 2010-06-13 15:00 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-24 23:23 - 2014-06-24 23:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-24 23:23 - 2014-06-24 23:23 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-24 23:23 - 2014-06-24 23:22 - 00004551 _____ () C:\Windows\system32\jupdate-1.7.0_60-b19.log
2014-06-24 23:23 - 2014-01-24 11:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-24 23:23 - 2012-09-01 18:50 - 00000000 ____D () c:\Program Files\Java
2014-06-24 22:21 - 2010-06-13 12:50 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Mozilla
2014-06-24 14:05 - 2014-06-24 14:05 - 00000000 __SHD () C:\Users\Marcel\AppData\Local\EmieUserList
2014-06-24 14:05 - 2014-06-24 14:05 - 00000000 __SHD () C:\Users\Marcel\AppData\Local\EmieSiteList
2014-06-24 13:36 - 2014-02-19 22:38 - 00002202 _____ () C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-06-24 10:17 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-24 09:51 - 2013-01-31 16:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-24 09:44 - 2013-02-01 15:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-06-23 14:59 - 2011-08-02 11:16 - 00000000 ____D () C:\Windows\rescache
2014-06-22 18:57 - 2013-08-26 21:46 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-22 12:15 - 2014-06-22 12:15 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-21 14:04 - 2013-01-31 16:40 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Microsoft Help
2014-06-21 13:45 - 2014-06-21 13:38 - 00001100 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Inspector smart recovery.lnk
2014-06-21 13:45 - 2014-06-21 13:38 - 00001088 _____ () C:\Users\Public\Desktop\PC Inspector smart recovery.lnk
2014-06-21 13:38 - 2014-06-21 13:38 - 00000000 ____D () c:\Program Files\Convar
2014-06-21 13:38 - 2010-06-13 14:04 - 00000000 ___HD () c:\Program Files\InstallShield Installation Information
2014-06-21 13:31 - 2014-06-21 13:31 - 00002059 _____ () C:\Users\Marcel\Desktop\Klicken Sie hier, um PC-Fehler zu finden und zu reparieren.lnk
2014-06-21 13:31 - 2014-06-21 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Data Recovery
2014-06-21 13:31 - 2014-06-21 13:31 - 00000000 ____D () c:\Program Files\Smart PC Solutions
2014-06-21 13:17 - 2013-08-15 19:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-21 13:05 - 2010-06-16 10:08 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-20 18:39 - 2014-03-24 22:04 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-20 18:36 - 2013-02-01 15:29 - 00000000 ____D () c:\Program Files\Microsoft Office 15
2014-06-20 18:10 - 2013-08-05 11:01 - 00001021 _____ () C:\Users\Marcel\Desktop\Dropbox.lnk
2014-06-20 18:10 - 2013-08-05 10:56 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-15 16:33 - 2013-03-30 17:39 - 00000000 ___RD () C:\Users\Marcel\Podcasts
2014-06-15 16:28 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-06-08 16:22 - 2013-01-31 16:45 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-06-08 10:48 - 2014-06-21 13:24 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 10:43 - 2014-06-21 13:24 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\Marcel\AppData\Local\Temp\avgnt.exe
C:\Users\Marcel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdhftdm.dll
C:\Users\standartbenutzer\AppData\Local\Temp\AskSLib.dll
C:\Users\standartbenutzer\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-30 15:26

==================== End Of Log ============================
--- --- ---

Aldermann 27.07.2014 14:49
Ich weiß, man sollte nicht pushen, aber der TR/Patched.Ren.Gen Problem bekomm ich ohne hilfe nicht behoben :/

Outlook funktioniert nach den Windows Updates wieder

schrauber 28.07.2014 17:57
hi,

wer findet den Trojaner wo?

Aldermann 28.07.2014 19:24
Avira Free Antivirus Echtzeitscanner

Das waren die Meldungen von heute

Code:
In der Datei 'C:\Windows\Temp\673f6c85-8ca3-4e38-8555-c9bb935aa111\tmp0000240d\tmp0000adbf'
wurde ein Virus oder unerwünschtes Programm 'TR/Patched.Ren.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

In der Datei 'C:\Windows\Temp\673f6c85-8ca3-4e38-8555-c9bb935aa111\tmp0000240d\tmp0000abbd'
wurde ein Virus oder unerwünschtes Programm 'TR/Patched.Ren.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

In der Datei 'C:\Windows\Temp\673f6c85-8ca3-4e38-8555-c9bb935aa111\tmp0000240d\tmp0000ab19'
wurde ein Virus oder unerwünschtes Programm 'TR/Patched.Ren.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

schrauber 29.07.2014 10:19
alles Fehlalarme.

Aldermann 29.07.2014 10:55
Alles klar, bessere Neuigkeiten gibts nicht... merkwürdig find ichs schon :D

schrauber 29.07.2014 11:51
Is halt Avira, gewöhn dich dran.


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:59 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19