Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Download Protect 2.2.4 Firefox (https://www.trojaner-board.de/156483-download-protect-2-2-4-firefox.html)

EBerner 15.07.2014 18:45
Download Protect 2.2.4 Firefox
 
Hallo,

ich bin ganz neu hier im und habe das gleiche Problem wie einige andere Mitstreiter. Habe schon alles Mögliche versucht, um das Problem loszuwerden: bekomme "Download Protect 2.2.4" aus den "Add-Ons" von Firefox nicht mehr entfernt.

Wir sind übrigens eine kleine Firma ohne IT-Abteilung, daher wäre ich für Hilfestellung "trotzdem" sehr dankbar.

VG
E.Berner
:dankeschoen:

M-K-D-B 15.07.2014 18:54
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Danke für deine Mitarbeit!




Zitat:
Running from C:\temp\Trojaner Board
Bitt alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

EBerner 16.07.2014 07:09
Guten Morgen,

danke für Deine Hilfe.

Es folgt das erste Logfile von "defogger":
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:09 on 15/07/2014 (Enno)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Hier die FRST-Daten, erstes Log-File:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014
Ran by Enno (administrator) on SOPC16 on 15-07-2014 19:10:07
Running from C:\temp\Trojaner Board
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFManager.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFService.exe
(Nemetschek Allplan Systems GmbH) C:\Program Files\Nemetschek\AllplanUpdateLauncher 2014\AllplanUpdateLauncher.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
() C:\Windows\System32\IMJP10Kd.exe
(DameWare Development LLC) C:\Windows\SysWOW64\DWRCS.EXE
(ESTOS GmbH) C:\Windows\System32\eacusrv.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sdcservice.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(DameWare Development) C:\Windows\SysWOW64\DWRCST.EXE
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\pnamain.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(ESTOS GmbH) C:\Program Files (x86)\ESTOS\ProCall 4\ECtiClient.exe
(Apple Inc.) D:\Program Files (x86)\iTunes\iTunesHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(ESTOS GmbH) C:\Program Files (x86)\ESTOS\ProCall 4\Communicator.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2907240 2010-10-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SMB60StarMoneyRunEntry] => "S:\StarMoney Business 6.0\app\oflagent.exe"
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1617704 2014-05-21] (Sophos Limited)
HKLM-x32\...\Run: [ECtiClient] => C:\Program Files (x86)\ESTOS\ProCall 4\eCtiClient.exe [21245240 2013-01-18] (ESTOS GmbH)
HKLM-x32\...\Run: [iTunesHelper] => D:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [DameWare MRC Agent] => C:\Windows\SysWOW64\DWRCST.exe [85528 2010-04-07] (DameWare Development)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Receiver.lnk
ShortcutTarget: Receiver.lnk -> C:\Windows\Installer\{7093E21A-5E1F-4EB0-B867-F11D1FC0E9AD}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe ()
Startup: C:\Users\EBerner.FRANKFURT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> \\FILESERVER\CTX_Userdirs$\eberner\Anwendungsdaten\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\HFrankenberger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Estos ProCall.lnk
ShortcutTarget: Estos ProCall.lnk -> C:\Program Files (x86)\Citrix\ICA Client\pnagent.exe (Citrix Systems, Inc.)
Startup: C:\Users\HFrankenberger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook.lnk
ShortcutTarget: Microsoft Outlook.lnk -> C:\Program Files (x86)\Citrix\ICA Client\pnagent.exe (Citrix Systems, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: Symbol-Overlay-Steuerprogramm für AutoCAD Digitale Signaturen -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: No Name -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} ->  No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: DownloadProtect Extension -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files\{2FE6C9B6-B8E4-4FD7-A1CA-734A89606A00}\{2A73FD93-1E24-41C1-B052-25510B4F9A4B}.bin (Download Protect)
BHO-x32: No Name -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} ->  No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: DownloadProtect Extension -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files (x86)\{07ED2973-4419-4DE8-B2B8-D6F68E0417CD}\{5A4BC89A-1425-4ABE-B417-6A0A390EE7D7}.bin (Download Protect)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {08D75BB0-D2B5-11D1-88FC-0080C859833B} https://antivirus.frankfurt.local:4343/officescan/console/ClientInstall/setupini.cab
DPF: HKLM-x32 {73481434-2EE1-4377-B3E8-5C13A1D2AF4A} hxxp://59.124.49.18/wap/Lilin.cab
DPF: HKLM-x32 {9BBB3919-F518-4D06-8209-299FC243FC44} https://antivirus.frankfurt.local:4343/SMB/console/html/root/AtxEnc.cab
DPF: HKLM-x32 {9BE31822-FDAD-461B-AD51-BE1D1C159921} hxxp://59.124.49.18/wap/axvlc.cab
DPF: HKLM-x32 {BA7A56EB-D1B9-443B-96E9-086532A378F1} hxxp://192.168.20.90/activex/decoder/aac_dec.cab
DPF: HKLM-x32 {C32FE9F1-A857-48B0-B7BF-065B5792F28D} hxxp://192.168.20.90/activex/decoder/intel_mpeg4_dec.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://192.168.20.90/activex/AMC.cab
DPF: HKLM-x32 {FF3BA0DA-79B5-4110-8FAC-C402D85AAEDA} hxxp://landshutpark.no-ip.biz:8081/view.cab
Handler: HPPUDCS - {522CC7E5-F378-4F97-8BD7-125D17F5B332} -  No File
Handler: hppufile - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} -  No File
Handler: hppusam - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} -  No File
Handler: hppuzip - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} -  No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
Handler-x32: HPPUDCS - {522CC7E5-F378-4F97-8BD7-125D17F5B332} - C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\APP\hplidcsapp.dll (Hewlett-Packard Company)
Handler-x32: hppufile - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
Handler-x32: hppusam - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
Handler-x32: hppuzip - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.20.1 192.168.20.2

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-10-12]
FF HKLM-x32\...\Firefox\Extensions: [{6FFC60CF-017D-4EC8-A166-F61106BDBBEF}] - C:\Windows\Installer\{9BECBB49-D9B7-4EF7-BB93-3D5646EEFD5F}\{6FFC60CF-017D-4EC8-A166-F61106BDBBEF}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{9BECBB49-D9B7-4EF7-BB93-3D5646EEFD5F}\{6FFC60CF-017D-4EC8-A166-F61106BDBBEF}.xpi [2014-07-15]
FF StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Services (Whitelisted) =================

S4 ABBYY.Licensing.FineReader.Corporate.10.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [814344 2009-12-19] (ABBYY)
R2 AllplanUpdateLauncher 2014; C:\Program Files\Nemetschek\AllplanUpdateLauncher 2014\AllplanUpdateLauncher.exe [16680 2014-03-15] (Nemetschek Allplan Systems GmbH)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [336248 2012-02-02] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143736 2011-10-31] (AVM Berlin)
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
R2 DevjcePairingWizard; C:\Windows\system32\IMJP10Kd.exe [118784 2013-12-31] () [File not signed]
R2 DWMRCS; C:\Windows\SysWOW64\DWRCS.EXE [246120 2010-07-02] (DameWare Development LLC) [File not signed]
R2 EACUSrv; C:\Windows\system32\EACUSrv.exe [6876008 2014-01-21] (ESTOS GmbH)
S3 edsservice; C:\Program Files (x86)\ESTOS\ProCall 4\EDeskShareService.exe [652632 2013-01-18] (ESTOS GmbH)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [189304 2011-10-31] (AVM Berlin)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-05-21] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [205096 2014-05-21] (Sophos Limited)
R2 Sophos Agent; C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe [289856 2012-09-17] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [341800 2014-05-21] (Sophos Limited)
R2 Sophos Client Firewall; C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFService.exe [64808 2014-05-21] (Sophos Limited)
R2 Sophos Client Firewall Manager; C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFManager.exe [158504 2014-05-21] (Sophos Limited)
R3 Sophos Device Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sdcservice.exe [655144 2014-05-21] (Sophos Limited)
R2 Sophos Message Router; C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe [818240 2012-09-17] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [355624 2014-05-21] (Sophos Limited)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3174696 2014-05-21] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2065704 2014-05-21] (Sophos Limited)

==================== Drivers (Whitelisted) ====================

R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
S3 Ctxusbr; C:\Windows\System32\DRIVERS\ctxusbr.sys [66096 2011-06-29] (Citrix Systems, Inc.)
R1 dwvkbd; C:\Windows\System32\DRIVERS\dwvkbd64.sys [30720 2007-02-15] (DameWare)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [1980648 2010-10-04] (Realtek Semiconductor Corp.)
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2011-07-05] (AVM Berlin)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2014-05-21] (Sophos Limited)
R1 scfdriver; C:\Windows\system32\Drivers\scfdriver.sys [102688 2012-03-06] (Sophos Limited)
R1 scfndis; C:\Windows\System32\DRIVERS\scfndis.sys [55072 2012-03-06] (Sophos Limited)
R3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2014-05-21] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2014-05-21] (Sophos Limited)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [200720 2009-07-15] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [339984 2009-07-15] (Trend Micro Inc.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-15 19:10 - 2014-07-15 19:10 - 00000000 ____D () C:\FRST
2014-07-15 19:09 - 2014-07-15 19:09 - 00000000 _____ () C:\Users\Enno lokal\defogger_reenable
2014-07-15 19:07 - 2014-07-15 19:09 - 00000000 ____D () C:\Users\Enno lokal
2014-07-15 19:07 - 2014-07-15 19:07 - 00154792 _____ () C:\Users\Enno lokal\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-15 19:07 - 2014-07-15 19:07 - 00001421 _____ () C:\Users\Enno lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-15 19:07 - 2014-07-15 19:07 - 00000020 ___SH () C:\Users\Enno lokal\ntuser.ini
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Vorlagen
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Startmenü
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Netzwerkumgebung
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Lokale Einstellungen
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Eigene Dateien
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Druckumgebung
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Documents\Eigene Musik
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Documents\Eigene Bilder
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\AppData\Local\Verlauf
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\AppData\Local\Anwendungsdaten
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Anwendungsdaten
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Roaming\ICAClient
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Roaming\ESTOS
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Roaming\ATI
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Roaming\Apple Computer
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Roaming\Adobe
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\Google
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\Citrix
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\ATI
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\Adobe
2014-07-15 19:07 - 2013-02-19 14:27 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\ESTOS
2014-07-15 19:07 - 2012-06-08 16:19 - 00000000 ____D () C:\Users\Enno lokal\AppData\Roaming\Macromedia
2014-07-15 19:07 - 2012-04-12 17:40 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\Microsoft Help
2014-07-15 19:07 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Enno lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-15 19:07 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Enno lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-15 18:59 - 2014-07-15 18:59 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2014-07-15 18:59 - 2014-07-15 18:59 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2014-07-15 18:54 - 2014-07-15 18:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-15 18:54 - 2014-07-15 18:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ESTOS
2014-07-15 09:48 - 2014-07-15 09:48 - 00000000 ____D () C:\Program Files\{2FE6C9B6-B8E4-4FD7-A1CA-734A89606A00}
2014-07-15 09:48 - 2014-07-15 09:48 - 00000000 ____D () C:\Program Files (x86)\{07ED2973-4419-4DE8-B2B8-D6F68E0417CD}
2014-07-14 09:37 - 2014-07-14 09:37 - 00000000 ____D () C:\Users\HFrankenberger\AppData\Local\Google
2014-07-13 10:13 - 2014-07-13 10:13 - 00001576 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-13 10:13 - 2014-07-13 10:13 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-13 10:13 - 2014-07-13 10:13 - 00000000 ____D () C:\Program Files\iTunes
2014-07-13 10:13 - 2014-07-13 10:13 - 00000000 ____D () C:\Program Files\iPod
2014-07-11 17:04 - 2014-07-11 17:04 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2014-07-11 17:04 - 2014-07-11 17:04 - 00000000 ____D () C:\Program Files\Unlocker
2014-07-11 16:56 - 2014-07-15 19:06 - 00000336 _____ () C:\Windows\setupact.log
2014-07-11 16:56 - 2014-07-11 16:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-11 16:53 - 2014-07-11 16:53 - 00045960 _____ () C:\cc_20140711_165336.reg
2014-07-11 16:48 - 2014-07-11 16:48 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-11 16:48 - 2014-07-11 16:48 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-11 16:48 - 2014-07-11 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-11 16:48 - 2014-07-11 16:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-10 15:13 - 2014-07-10 15:13 - 00002247 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-10 15:13 - 2014-07-10 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-10 11:53 - 2014-07-10 11:53 - 00000815 _____ () C:\Users\EBerner.FRANKFURT\Desktop\JRT.txt
2014-07-10 11:39 - 2014-07-10 11:39 - 00000000 ____D () C:\Windows\ERUNT
2014-07-09 12:50 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 12:50 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 12:50 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 12:50 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 12:50 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 12:50 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 12:50 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 12:50 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 12:50 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 12:50 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 12:50 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 12:50 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 12:50 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 12:50 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 12:50 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 12:50 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 12:50 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 12:50 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 12:50 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 12:50 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 12:50 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 12:50 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 12:50 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 12:50 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 12:50 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 12:50 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 12:50 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 12:50 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 12:50 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 12:50 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 12:50 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 12:50 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 12:50 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 12:50 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 12:50 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 12:50 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 12:50 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 12:50 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 12:50 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 12:50 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 12:50 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 12:50 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 12:50 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 12:50 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 12:50 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 12:50 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 12:50 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 12:50 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 12:50 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 12:50 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 12:50 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 12:50 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 12:50 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 12:50 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 12:50 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 12:50 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 12:50 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 12:50 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 12:50 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 12:50 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 12:50 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 12:50 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 12:50 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 12:50 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 12:50 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 12:50 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-09 12:50 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 12:50 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 12:50 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 12:50 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 12:50 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 12:50 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 12:50 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 12:50 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 12:50 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 12:50 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 12:50 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 12:50 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 12:50 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 12:50 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 12:50 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 07:41 - 2014-07-08 07:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-08 07:40 - 2014-07-08 07:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-08 07:40 - 2014-07-08 07:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-08 07:40 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-08 07:40 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-08 07:31 - 2014-07-08 07:31 - 00006820 _____ () C:\AdwCleaner[S1].txt
2014-07-08 07:08 - 2014-07-08 07:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-07-08 07:08 - 2014-07-08 07:08 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-07-07 10:51 - 2014-07-07 10:51 - 00002139 _____ () C:\Users\Public\Desktop\Google Earth Pro.lnk
2014-07-07 10:51 - 2014-07-07 10:51 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Roaming\Macromedia
2014-07-07 10:51 - 2014-07-07 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro
2014-06-23 17:15 - 2014-06-23 17:15 - 00000000 ___SD () C:\Citrix Anwendungen
2014-06-19 15:15 - 2014-06-19 15:15 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Local\Skype
2014-06-19 15:14 - 2014-06-19 15:14 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-19 15:14 - 2014-06-19 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-16 07:24 - 2014-07-15 07:26 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

2014-07-15 19:10 - 2014-07-15 19:10 - 00000000 ____D () C:\FRST
2014-07-15 19:09 - 2014-07-15 19:09 - 00000000 _____ () C:\Users\Enno lokal\defogger_reenable
2014-07-15 19:09 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal
2014-07-15 19:09 - 2012-02-03 17:20 - 01829821 _____ () C:\Windows\WindowsUpdate.log
2014-07-15 19:08 - 2012-02-03 19:25 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-15 19:07 - 2014-07-15 19:07 - 00154792 _____ () C:\Users\Enno lokal\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-15 19:07 - 2014-07-15 19:07 - 00001421 _____ () C:\Users\Enno lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-15 19:07 - 2014-07-15 19:07 - 00000020 ___SH () C:\Users\Enno lokal\ntuser.ini
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Vorlagen
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Startmenü
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Netzwerkumgebung
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Lokale Einstellungen
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Eigene Dateien
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Druckumgebung
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Documents\Eigene Musik
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Documents\Eigene Bilder
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\AppData\Local\Verlauf
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\AppData\Local\Anwendungsdaten
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Anwendungsdaten
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Roaming\ICAClient
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Roaming\ESTOS
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Roaming\ATI
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Roaming\Apple Computer
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Roaming\Adobe
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\Google
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\Citrix
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\ATI
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\Adobe
2014-07-15 19:07 - 2012-04-27 19:21 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-07-15 19:06 - 2014-07-11 16:56 - 00000336 _____ () C:\Windows\setupact.log
2014-07-15 19:06 - 2012-03-07 08:42 - 00000142 _____ () C:\Windows\ODBC.INI
2014-07-15 19:06 - 2012-02-03 18:03 - 00000136 _____ () C:\Windows\system32\config\netlogon.ftl
2014-07-15 19:06 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-15 19:00 - 2012-02-04 02:15 - 00724958 _____ () C:\Windows\system32\perfh007.dat
2014-07-15 19:00 - 2012-02-04 02:15 - 00157574 _____ () C:\Windows\system32\perfc007.dat
2014-07-15 19:00 - 2009-07-14 07:13 - 01688188 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-15 19:00 - 2009-07-14 06:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-15 19:00 - 2009-07-14 06:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-15 18:59 - 2014-07-15 18:59 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2014-07-15 18:59 - 2014-07-15 18:59 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2014-07-15 18:57 - 2014-05-22 16:48 - 00000596 _____ () C:\Windows\Tasks\WebContent AutoUpdate 2014.job
2014-07-15 18:54 - 2014-07-15 18:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-15 18:54 - 2014-07-15 18:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ESTOS
2014-07-15 18:54 - 2012-04-27 19:22 - 00154792 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-15 18:54 - 2012-04-27 19:21 - 00001421 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-15 18:54 - 2012-04-27 19:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-07-15 18:52 - 2012-03-12 11:28 - 00000250 ___SH () C:\Users\HFrankenberger\ntuser.ini
2014-07-15 18:51 - 2012-02-09 15:50 - 00000000 ____D () C:\temp
2014-07-15 18:48 - 2012-02-03 19:25 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-15 18:29 - 2012-07-26 10:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-15 09:48 - 2014-07-15 09:48 - 00000000 ____D () C:\Program Files\{2FE6C9B6-B8E4-4FD7-A1CA-734A89606A00}
2014-07-15 09:48 - 2014-07-15 09:48 - 00000000 ____D () C:\Program Files (x86)\{07ED2973-4419-4DE8-B2B8-D6F68E0417CD}
2014-07-15 09:40 - 2012-02-03 18:04 - 00020395 __RSH () C:\ProgramData\ntuser.pol
2014-07-15 09:30 - 2014-05-22 16:48 - 00000440 _____ () C:\Windows\Tasks\AutoUpdate Allplan 2014.job
2014-07-15 07:26 - 2014-06-16 07:24 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Local\Adobe
2014-07-14 09:37 - 2014-07-14 09:37 - 00000000 ____D () C:\Users\HFrankenberger\AppData\Local\Google
2014-07-14 09:37 - 2013-06-19 12:59 - 00002209 _____ () C:\Users\HFrankenberger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windach.lnk
2014-07-14 09:37 - 2012-03-12 11:28 - 00000000 ____D () C:\Users\HFrankenberger
2014-07-13 10:13 - 2014-07-13 10:13 - 00001576 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-13 10:13 - 2014-07-13 10:13 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-13 10:13 - 2014-07-13 10:13 - 00000000 ____D () C:\Program Files\iTunes
2014-07-13 10:13 - 2014-07-13 10:13 - 00000000 ____D () C:\Program Files\iPod
2014-07-13 10:13 - 2012-02-06 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-11 17:04 - 2014-07-11 17:04 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2014-07-11 17:04 - 2014-07-11 17:04 - 00000000 ____D () C:\Program Files\Unlocker
2014-07-11 16:56 - 2014-07-11 16:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-11 16:53 - 2014-07-11 16:53 - 00045960 _____ () C:\cc_20140711_165336.reg
2014-07-11 16:52 - 2012-02-08 15:21 - 00000000 ____D () C:\Windows\Minidump
2014-07-11 16:52 - 2012-02-04 02:17 - 00000000 ____D () C:\Windows\Panther
2014-07-11 16:48 - 2014-07-11 16:48 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-11 16:48 - 2014-07-11 16:48 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-11 16:48 - 2014-07-11 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-11 16:48 - 2014-07-11 16:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-10 17:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 15:13 - 2014-07-10 15:13 - 00002247 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-10 15:13 - 2014-07-10 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-10 15:13 - 2012-02-03 19:25 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Local\Google
2014-07-10 15:13 - 2012-02-03 19:25 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-10 11:53 - 2014-07-10 11:53 - 00000815 _____ () C:\Users\EBerner.FRANKFURT\Desktop\JRT.txt
2014-07-10 11:39 - 2014-07-10 11:39 - 00000000 ____D () C:\Windows\ERUNT
2014-07-09 16:53 - 2014-05-06 19:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 16:53 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 16:53 - 2009-07-14 06:45 - 05275504 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 16:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 16:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 16:43 - 2012-02-03 18:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 16:42 - 2013-08-15 11:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 16:41 - 2012-02-03 17:55 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 14:29 - 2012-07-26 10:35 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 14:29 - 2012-03-30 08:10 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 14:29 - 2012-02-03 20:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 18:20 - 2013-01-28 09:16 - 00001227 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2014-07-08 18:20 - 2012-12-06 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-07-08 07:54 - 2012-02-06 14:38 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-07-08 07:41 - 2014-07-08 07:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-08 07:40 - 2014-07-08 07:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-08 07:40 - 2014-07-08 07:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-08 07:40 - 2012-07-30 15:34 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-08 07:40 - 2012-07-30 15:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-08 07:40 - 2012-07-30 15:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-07-08 07:31 - 2014-07-08 07:31 - 00006820 _____ () C:\AdwCleaner[S1].txt
2014-07-08 07:08 - 2014-07-08 07:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-07-08 07:08 - 2014-07-08 07:08 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-07-07 10:51 - 2014-07-07 10:51 - 00002139 _____ () C:\Users\Public\Desktop\Google Earth Pro.lnk
2014-07-07 10:51 - 2014-07-07 10:51 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Roaming\Macromedia
2014-07-07 10:51 - 2014-07-07 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro
2014-07-07 10:09 - 2012-02-06 13:15 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-03 07:13 - 2013-05-17 16:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-30 11:08 - 2012-02-07 12:55 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Local\Mozilla
2014-06-30 04:09 - 2014-07-09 12:50 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-09 12:50 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-25 11:01 - 2012-02-09 13:52 - 00000000 ___RD () C:\Users\EBerner.FRANKFURT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-06-23 17:43 - 2012-02-03 19:25 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-23 17:43 - 2012-02-03 19:25 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-23 17:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-23 17:24 - 2012-11-26 14:16 - 00011726 _____ () C:\Windows\SysWOW64\switchboard.xml
2014-06-23 17:24 - 2012-11-26 14:16 - 00000000 ____D () C:\ESTOS
2014-06-23 17:15 - 2014-06-23 17:15 - 00000000 ___SD () C:\Citrix Anwendungen
2014-06-23 16:46 - 2013-08-14 16:28 - 00000000 ___RD () C:\Users\EBerner.FRANKFURT\Dropbox
2014-06-20 22:14 - 2014-07-09 12:50 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 21:39 - 2014-07-09 12:50 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-20 16:32 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-06-19 15:15 - 2014-06-19 15:15 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Local\Skype
2014-06-19 15:14 - 2014-06-19 15:14 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-19 15:14 - 2014-06-19 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-19 15:14 - 2013-07-24 13:21 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-19 15:14 - 2012-02-03 19:29 - 00000000 ____D () C:\ProgramData\Skype
2014-06-19 10:43 - 2012-06-08 16:16 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-06-19 03:39 - 2014-07-09 12:50 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 03:06 - 2014-07-09 12:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 03:06 - 2014-07-09 12:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-19 02:48 - 2014-07-09 12:50 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 02:42 - 2014-07-09 12:50 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-19 02:42 - 2014-07-09 12:50 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 02:41 - 2014-07-09 12:50 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-19 02:41 - 2014-07-09 12:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-19 02:32 - 2014-07-09 12:50 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 02:31 - 2014-07-09 12:50 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 02:26 - 2014-07-09 12:50 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-19 02:24 - 2014-07-09 12:50 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-19 02:24 - 2014-07-09 12:50 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-19 02:23 - 2014-07-09 12:50 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-19 02:16 - 2014-07-09 12:50 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-19 02:14 - 2014-07-09 12:50 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-19 02:09 - 2014-07-09 12:50 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 01:59 - 2014-07-09 12:50 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:56 - 2014-07-09 12:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-19 01:53 - 2014-07-09 12:50 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 01:51 - 2014-07-09 12:50 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 01:50 - 2014-07-09 12:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 01:48 - 2014-07-09 12:50 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 01:39 - 2014-07-09 12:50 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 01:38 - 2014-07-09 12:50 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-19 01:37 - 2014-07-09 12:50 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-19 01:36 - 2014-07-09 12:50 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-09 12:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-19 01:33 - 2014-07-09 12:50 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 01:32 - 2014-07-09 12:50 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-19 01:28 - 2014-07-09 12:50 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-19 01:28 - 2014-07-09 12:50 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-19 01:27 - 2014-07-09 12:50 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 01:27 - 2014-07-09 12:50 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-19 01:25 - 2014-07-09 12:50 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-19 01:23 - 2014-07-09 12:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-19 01:22 - 2014-07-09 12:50 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-19 01:12 - 2014-07-09 12:50 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-19 01:06 - 2014-07-09 12:50 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-09 12:50 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-19 00:59 - 2014-07-09 12:50 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-19 00:58 - 2014-07-09 12:50 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-19 00:58 - 2014-07-09 12:50 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-19 00:52 - 2014-07-09 12:50 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-19 00:51 - 2014-07-09 12:50 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-19 00:49 - 2014-07-09 12:50 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-19 00:46 - 2014-07-09 12:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-09 12:50 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-19 00:35 - 2014-07-09 12:50 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-19 00:34 - 2014-07-09 12:50 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-19 00:15 - 2014-07-09 12:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-19 00:13 - 2014-07-09 12:50 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-19 00:09 - 2014-07-09 12:50 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-19 00:07 - 2014-07-09 12:50 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-18 04:18 - 2014-07-09 12:50 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-18 03:51 - 2014-07-09 12:50 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-18 03:10 - 2014-07-09 12:50 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

Some content of TEMP:
====================
C:\Users\EBerner.FRANKFURT\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfxjyrj.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 14:21

==================== End Of Log ============================
--- --- ---


Weiterhin "Addition.txt":
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2014
Ran by Enno at 2014-07-15 19:10:31
Running from C:\temp\Trojaner Board
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Sophos Client Firewall (Disabled) {539079D2-74D9-BC45-BA38-256B34D54D52}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
ABBYY FineReader 10 Corporate Edition (HKLM-x32\...\{F1000000-0001-0000-0000-074957833700}) (Version: 10.501.154.7211 - ABBYY)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.10 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 6 Design Standard (HKLM-x32\...\{0327A4BF-62BF-48BB-8928-B971B749E9E1}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Adobe® Content Viewer (x32 Version: 3.4.3 - Adobe Systems, Incorporated) Hidden
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
Any PDF to DWG Converter 2010 (HKLM-x32\...\Any PDF to DWG Converter_is1) (Version:  - AnyDWG Software, Inc.)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoCAD LT 2011 - Deutsch (HKLM\...\AutoCAD LT 2011 - Deutsch) (Version: 18.1.49.0 - Autodesk)
AutoCAD LT 2011 - Deutsch (Version: 18.1.208.0 - Autodesk) Hidden
AutoCAD LT 2011 - Deutsch Version 3 (HKLM\...\AutoCAD LT 2011 - Deutsch Version 3) (Version: 1 - Autodesk)
AutoCAD LT 2011 Language Pack - Deutsch (Version: 18.1.49.0 - Autodesk) Hidden
AutoCAD LT 2012 - Deutsch SP2 (HKLM\...\AutoCAD LT 2012 - Deutsch SP2) (Version: 1 - Autodesk)
AutoCAD LT 2012 Language Pack - Deutsch (Version: 18.2.51.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}) (Version: 2.0.90 - Autodesk)
Autodesk Design Review 2011 (HKLM-x32\...\Autodesk Design Review 2011) (Version: 11.0.0.86 - Autodesk, Inc.)
Autodesk Design Review 2011 (x32 Version: 11.0.0.86 - Autodesk, Inc.) Hidden
Autodesk Material Library 2011 (HKLM-x32\...\{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2012 (HKLM-x32\...\{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2012 (HKLM-x32\...\{65420DC9-306E-4371-905F-F4DC3B418E52}) (Version: 2.5.0.8 - Autodesk)
ava-sign 4.6.0.2056                                        - (HKLM\...\ava-sign 4.6.0.2056_is1) (Version: 4.6.0.2056 - RIB Software AG)
AXIS Media Control Embedded (HKLM-x32\...\AXIS Media Control Embedded) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.0.2838 - CDBurnerXP)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.02040 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.02040 - Cisco Systems, Inc.) Hidden
Citrix Receiver (DV) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver (Enterprise) (HKLM-x32\...\CitrixOnlinePluginFull) (Version: 13.4.0.25 - Citrix Systems, Inc.)
Citrix Receiver (HDX Flash-Umleitung) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver (USB) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver Inside (x32 Version: 3.4.0.29585 - Citrix Systems, Inc.) Hidden
Citrix Receiver(PNA) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver(SSON) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Common (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
Contents (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
Corel VideoStudio Pro X4 (HKLM-x32\...\_{AA902C31-B49D-4608-BCCF-2519EB77722D}) (Version: 14.3.0.5 - Corel Corporation)
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.0 - REINER SCT)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
DeviceIO (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
DTAUS 2011 Profi (HKLM-x32\...\DTAUS 2011 Profi) (Version:  - Yokey Software)
DTAUS 2011 Profi (x32 Version: 1.0.0 - Yokey Software) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESS Energie Indikator (HKLM-x32\...\{AA56C866-27E0-4178-876C-6A18FA7715D8}) (Version: 20.14.0 - Nemetschek Allplan GmbH)
ESTOS ProCall (HKLM-x32\...\{F2D50027-E910-4C2C-AC57-E7D806AAE64E}) (Version: 4.1.10.20036 - ESTOS)
File Repair (HKLM-x32\...\File Repair_is1) (Version:  - File Repair)
FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
Flight Planner 6 (HKLM-x32\...\Flight Planner_is1) (Version: 6.0.0.30 - ifos GmbH)
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: 4.3.1.118 - Foxit Corporation)
Free FLV Converter V 7.6.1 (HKLM-x32\...\Free FLV Converter_is1) (Version: 7.6.1.0 - Koyote Lab Inc.)
FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
FRITZ!Fernzugang (HKLM\...\{5001E5BC-C9BF-4598-AB89-E7318C76C5F4}) (Version: 1.2.6 - AVM Berlin)
GAEB-Konverter Version 8 (HKLM-x32\...\{4B4F626E-6EAF-4D9E-9C42-FB2529360F16}) (Version: 8.0.183 - T&&T Datentechnik GmbH)
General Runtime Files for Allplan 2014-1-1 (x32 Version: 1.8.1.0 - Nemetschek Allplan Systems GmbH) Hidden
General Runtime Files for Allplan 2014-1-1 x64 (Version: 1.5.0.0 - Nemetschek Allplan Systems GmbH) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
H.264 AVC Player 0.9.63 (HKLM-x32\...\H.264 AVC Player) (Version: 0.9.63 - VideoLAN Team)
HiPath 3000 Manager E  68.50.703.0 (HKLM-x32\...\{4736607E-57BF-11D4-9881-005004EDBBBD}) (Version:  - )
HP Printer Utility (HKLM-x32\...\{F46B6BF8-93C8-456A-B97D-C2B41D4E9381}) (Version: 1.4.0.14 - Ihr Firmenname)
HP Proactive Services (HKLM-x32\...\{7527CD9F-894E-47B3-9AFB-3E680E007051}) (Version: 1.6.0.37 - Ihr Firmenname)
ICA (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Img2CAD 7.1 (HKLM-x32\...\Img2CAD_is1) (Version:  - Img2CAD, Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
IPM_VS_Pro (x32 Version: 13.0 - Corel Corporation) Hidden
ISCOM (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{A047101C-A3AE-4FAD-802F-01C965079F66}) (Version: 11.1.3010.3 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{99AC7F47-A4E0-4706-9C65-8948775C2652}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 (HKLM\...\{BBBE35B2-9349-3C48-BD3D-F574B17C7924}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nemetschek Allplan 2014 (HKLM-x32\...\{669D6EB8-28DD-4F5C-A7C3-5DCB53F59691}) (Version: 2014.0 - Nemetschek Allplan Systems GmbH)
Nemetschek SoftLock 2006 (HKLM-x32\...\{7262D0C8-41CC-4F75-8383-A6C7C61D7FC6}) (Version: 1.26.55 - Nemetschek Allplan Systems GmbH)
Nitro Reader 3 (HKLM\...\{47220B83-D895-4262-9227-E5D8FA7F7384}) (Version: 3.5.2.10 - Nitro)
Offerte_L (HKLM-x32\...\{00514709-D0BF-4C47-9858-2AA4042F6E91}) (Version: 3.1.000 - RIB Software AG)
Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Passware Kit Enterprise 7.9 (HKLM-x32\...\Passware Kit Enterprise) (Version:  - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PhotoSync (HKLM\...\{3F96040E-35BB-4EE2-89F6-8948F3B4514A}) (Version: 2.2.1 - touchbyte GmbH)
PureHD (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5883 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
SEPA Account Converter (HKLM-x32\...\{1C3147A7-4810-45FC-AD89-064D8023A514}) (Version: 1.24.0 - Star Finanz GmbH)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Setup (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
Share (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
Share64 (Version: 14.0.0.342 - Corel Corporation) Hidden
SketchUp 8 (HKLM-x32\...\{B8F4A45C-581C-4707-8EF2-2B9E6722270C}) (Version: 3.0.16944 - Trimble Navigation Limited)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.6 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.6 - SmartSound Software Inc.) Hidden
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.7 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{D924231F-D02D-4E0B-B511-CC4A0E3ED547}) (Version: 3.1.1.18 - Sophos Limited)
Sophos Client Firewall (HKLM-x32\...\{A805FB2A-A844-4cba-8088-CA64087D59E1}) (Version: 2.9.4 - Sophos Limited)
Sophos Remote Management System (HKLM-x32\...\{FED1005D-CBC8-45D5-A288-FFC7BB304121}) (Version: 3.4.1 - Sophos Limited)
StarMoney (x32 Version: 3.0.0.124 - StarFinanz) Hidden
StarMoney (x32 Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney Business 6.0  (HKLM-x32\...\{EE6AD847-8CA7-4FE6-AD05-B275E3761152}) (Version: 6.0 - Star Finanz GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VIO (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
VSClassic (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
VSPro (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
Wise Registry Cleaner 8.21 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.21 - WiseCleaner.com, Inc.)

==================== Restore Points  =========================

20-06-2014 07:33:45 Windows Update
24-06-2014 07:25:26 Windows Update
01-07-2014 07:09:26 Windows Update
04-07-2014 08:16:39 Windows Update
08-07-2014 16:21:49 Created by Wise Registry Cleaner
09-07-2014 10:49:19 Windows Update
09-07-2014 14:40:43 Windows Update
13-07-2014 08:06:00 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2B824B35-8A2E-44C8-8D11-C27059FC4EA9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {73180A98-627A-4015-8FF8-382E15FC32A1} - System32\Tasks\WebContent AutoUpdate 2014 => D:\Program Files\Allplan\prg\NemDownloadHandler.exe [2014-03-15] (Nemetschek Allplan Systems GmbH)
Task: {88481D14-A5E1-4837-834E-BF5D06D7F079} - System32\Tasks\AutoUpdate Allplan 2014 => D:\Program Files\Allplan\prg\NemDownloadHandler.exe [2014-03-15] (Nemetschek Allplan Systems GmbH)
Task: {8FB75C6E-2DE0-4928-A72F-A8D2F44527F2} - System32\Tasks\{D3E4BAAE-B173-4F86-BA73-C0E2C6BE5B05} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.5.0.124.261&amp;LastError=12002
Task: {A023BF91-F5D8-4236-88BD-DF75D67DDCA2} - System32\Tasks\AdobeAAMUpdater-1.0-FRANKFURT-eberner => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {C7E4CA4D-6B72-4EA0-9BE0-CE1A32E0F159} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E18B5E2B-2101-4831-859C-C03C32C0CCE8} - \CreateChoiceProcessTask No Task File <==== ATTENTION
Task: {EDC6F085-64F3-424E-B1C3-4894C30BBADD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {F4E9A053-A7FB-4894-9C85-F18B8808ECF0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-03] (Google Inc.)
Task: {FCDA0835-EA78-4497-8AAE-09D7B465CAE0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-03] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoUpdate Allplan 2014.job => D:\Program Files\Allplan\prg\NemDownloadHandler.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WebContent AutoUpdate 2014.job => D:\Program Files\Allplan\prg\NemDownloadHandler.exe

==================== Loaded Modules (whitelisted) =============

2011-02-02 14:08 - 2011-02-02 14:08 - 00018656 _____ () C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
2013-12-31 12:24 - 2013-12-31 12:24 - 00118784 _____ () C:\Windows\system32\IMJP10Kd.exe
2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2013-01-24 09:34 - 2013-01-24 09:34 - 00063408 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-03 20:12 - 2007-05-31 07:38 - 00167936 ____N () C:\Windows\SysWOW64\SerialXP.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 01055808 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 01539136 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 00183360 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_DynamicAny.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 00760896 _____ () C:\Program Files (x86)\Sophos\Remote Management System\LIBEAY32.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 00146496 _____ () C:\Program Files (x86)\Sophos\Remote Management System\SSLEAY32.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 00076864 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE_SSL.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 00535616 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PortableServer.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 00244800 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_SSLIOP.DLL
2012-09-17 13:39 - 2012-09-17 13:39 - 00740416 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Security.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 00039488 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Valuetype.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 00244800 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_SSLIOP.dll
2014-05-08 13:22 - 2014-05-08 13:22 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Sophos Client Firewall => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Sophos Client Firewall Manager => ""="service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: ABBYY.Licensing.FineReader.Corporate.10.0 => 2
MSCONFIG\Services: TMBMServer => 3
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Bonus.SSR.FR10 => "D:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DameWare MRC Agent => C:\Windows\SysWOW64\DWRCST.exe
MSCONFIG\startupreg: Download Protect => C:\ProgramData\dlprotect.exe
MSCONFIG\startupreg: iTunesHelper => "D:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: PUStarter => C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\Appinterfaces\HPPUDS.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RunPUTasktray => "C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\HPPU.exe" --regkeypath=Software\Hewlett-Packard\HP Printer Utility\HPPURun --valuename=InstallTTM

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/15/2014 07:08:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2014 07:05:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2014 06:55:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2014 09:38:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/13/2014 10:03:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/11/2014 05:07:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/11/2014 04:58:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/11/2014 07:32:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/15/2014 07:03:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/15/2014 07:03:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/15/2014 07:03:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/15/2014 07:03:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/15/2014 07:03:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/15/2014 07:03:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/15/2014 07:03:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/15/2014 07:03:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/15/2014 07:03:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/15/2014 07:03:41 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}


Microsoft Office Sessions:
=========================
Error: (07/15/2014 07:08:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2014 07:05:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2014 06:55:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2014 09:38:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/13/2014 10:03:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/11/2014 05:07:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/11/2014 04:58:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/11/2014 07:32:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-03-05 09:26:58.442
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-05 09:26:58.427
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 25%
Total physical RAM: 8148.93 MB
Available physical RAM: 6069.8 MB
Total Pagefile: 16296.05 MB
Available Pagefile: 14154.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:15.65 GB) NTFS
Drive d: (D_SOPC16) (Fixed) (Total:438.58 GB) (Free:282.82 GB) NTFS
Drive e: (E_SOPC16_1TB) (Fixed) (Total:931.51 GB) (Free:354.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 776FB738)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 1DA41F31)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=439 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 7A61FFC2)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================
..und die Daten aus "GMER":
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-15 19:19:12
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_SSD_830_Series rev.CXM03B1Q 119,24GB
Running: Gmer-19357.exe; Driver: C:\Users\ENNOLO~1\AppData\Local\Temp\pwldypog.sys


---- Kernel code sections - GMER 2.1 ----

.text  C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                                    fffff96000104000 7 bytes [00, 93, F3, FF, 01, A0, F0]
.text  C:\Windows\System32\win32k.sys!W32pServiceTable + 8                                                                                                fffff96000104008 3 bytes [C0, 06, 02]

---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000076b51465 2 bytes [B5, 76]
.text  C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      0000000076b514bb 2 bytes [B5, 76]
.text  ...                                                                                                                                                * 2
.text  C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2388] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69  0000000076b51465 2 bytes [B5, 76]
.text  C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2388] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155  0000000076b514bb 2 bytes [B5, 76]
.text  ...                                                                                                                                                * 2
.text  C:\Windows\SysWOW64\DWRCS.EXE[2732] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                              00000000716e1a22 2 bytes [6E, 71]
.text  C:\Windows\SysWOW64\DWRCS.EXE[2732] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                              00000000716e1ad0 2 bytes [6E, 71]
.text  C:\Windows\SysWOW64\DWRCS.EXE[2732] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                              00000000716e1b08 2 bytes [6E, 71]
.text  C:\Windows\SysWOW64\DWRCS.EXE[2732] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                              00000000716e1bba 2 bytes [6E, 71]
.text  C:\Windows\SysWOW64\DWRCS.EXE[2732] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                              00000000716e1bda 2 bytes [6E, 71]
.text  C:\Windows\SysWOW64\DWRCST.exe[5780] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                              00000000716e1a22 2 bytes [6E, 71]
.text  C:\Windows\SysWOW64\DWRCST.exe[5780] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                              00000000716e1ad0 2 bytes [6E, 71]
.text  C:\Windows\SysWOW64\DWRCST.exe[5780] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                              00000000716e1b08 2 bytes [6E, 71]
.text  C:\Windows\SysWOW64\DWRCST.exe[5780] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                              00000000716e1bba 2 bytes [6E, 71]
.text  C:\Windows\SysWOW64\DWRCST.exe[5780] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                              00000000716e1bda 2 bytes [6E, 71]
.text  C:\Program Files (x86)\Citrix\ICA Client\PNAMAIN.EXE[3576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                0000000076b51465 2 bytes [B5, 76]
.text  C:\Program Files (x86)\Citrix\ICA Client\PNAMAIN.EXE[3576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                0000000076b514bb 2 bytes [B5, 76]
.text  ...                                                                                                                                                * 2
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                0000000076b51465 2 bytes [B5, 76]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                              0000000076b514bb 2 bytes [B5, 76]
.text  ...                                                                                                                                                * 2
.text  C:\Program Files (x86)\ESTOS\ProCall 4\ECtiClient.exe[932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                0000000076b51465 2 bytes [B5, 76]
.text  C:\Program Files (x86)\ESTOS\ProCall 4\ECtiClient.exe[932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                0000000076b514bb 2 bytes [B5, 76]
.text  ...                                                                                                                                                * 2
.text  C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000076b51465 2 bytes [B5, 76]
.text  C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      0000000076b514bb 2 bytes [B5, 76]
.text  ...                                                                                                                                                * 2
.text  C:\Program Files (x86)\Citrix\ICA Client\WFCRUN32.EXE[4920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                0000000076b51465 2 bytes [B5, 76]
.text  C:\Program Files (x86)\Citrix\ICA Client\WFCRUN32.EXE[4920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                              0000000076b514bb 2 bytes [B5, 76]
.text  ...                                                                                                                                                * 2

---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\svchost.exe [4120:4392]                                                                                                        000007fef3c39688

---- EOF - GMER 2.1 ----
Hoffe, das hilft weiter?
VG
E. Berner

M-K-D-B 16.07.2014 07:33
Servus,



ja, hilft mir weiter. :)




Hast du meinen Hinweis im letzten Post gelesen? Alle Tools bitte direkt vom Desktop ausführen, nicht von einem anderen Ort!!!
Zitat:
Running from C:\temp\Trojaner Board
Bitte alle Tools von "C:\temp\Trojaner Board" auf den Desktop verschieben und von dort starten und auch auf dem Desktop belassen, da unsere Anleitungen dafür ausgelegt sind. Zum anderen lassen sich ganz am Ende der Bereinigung alle Tools automatisch entfernen.




So geht es jetzt los:


Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
() C:\Windows\System32\IMJP10Kd.exe
R2 DevjcePairingWizard; C:\Windows\system32\IMJP10Kd.exe [118784 2013-12-31] () [File not signed]
C:\Windows\system32\IMJP10Kd.exe
BHO: DownloadProtect Extension -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files\{2FE6C9B6-B8E4-4FD7-A1CA-734A89606A00}\{2A73FD93-1E24-41C1-B052-25510B4F9A4B}.bin (Download Protect)
BHO-x32: DownloadProtect Extension -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files (x86)\{07ED2973-4419-4DE8-B2B8-D6F68E0417CD}\{5A4BC89A-1425-4ABE-B417-6A0A390EE7D7}.bin (Download Protect)
C:\Program Files\{2FE6C9B6-B8E4-4FD7-A1CA-734A89606A00}
C:\Program Files (x86)\{07ED2973-4419-4DE8-B2B8-D6F68E0417CD}
FF HKLM-x32\...\Firefox\Extensions: [{6FFC60CF-017D-4EC8-A166-F61106BDBBEF}] - C:\Windows\Installer\{9BECBB49-D9B7-4EF7-BB93-3D5646EEFD5F}\{6FFC60CF-017D-4EC8-A166-F61106BDBBEF}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{9BECBB49-D9B7-4EF7-BB93-3D5646EEFD5F}\{6FFC60CF-017D-4EC8-A166-F61106BDBBEF}.xpi [2014-07-15]
C:\Windows\Installer\{9BECBB49-D9B7-4EF7-BB93-3D5646EEFD5F}
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Reboot:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2
  • Deaktiviere dein Anti-Viren-Programm.
  • Gehe zum Ordner C:\FRST\Quarantine.
  • Rechtsklicke auf den Ordner Quarantine und wähle > Senden an > Zip-komprimierter Ordner.
  • Es wird eine zip-Datei mit dem Namen Quarantine.zip im Ordner FRST erstellt.
  • Lade die Quarantine.zip im Upload-Channel hoch.
  • Klicke dazu auf Durchsuchen, navigiere zu der zip-Datei ( C:\FRST\Quarantine.zip ) und klicke auf Öffnen.
  • Klicke abschließend auf Hochladen.
  • Vielen Dank für deine Hilfe.
  • Aktiviere dein Anti-Viren-Programm wieder.





Schritt 3
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 4
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 5
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • eine Rückmeldung bezüglich des Uploads,
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die beiden neuen Logdateien von FRST.

EBerner 16.07.2014 13:56
Hallo,
danke soweit.

Habe nun alle Schritte abgearbeitet und die Datei C:\FRST\Quarantine hochgeladen.

Wenn ich in die msconfig gehe, sehe ich aber immer noch unter "Systemstart" die Zeile: Download Protect -warum ?

FRST-Fix:
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-07-2014
Ran by EBerner at 2014-07-16 09:00:23 Run:1
Running from \\FILESERVER\CTX_Userdirs$\eberner\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
() C:\Windows\System32\IMJP10Kd.exe
R2 DevjcePairingWizard; C:\Windows\system32\IMJP10Kd.exe [118784 2013-12-31] () [File not signed]
C:\Windows\system32\IMJP10Kd.exe
BHO: DownloadProtect Extension -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files\{2FE6C9B6-B8E4-4FD7-A1CA-734A89606A00}\{2A73FD93-1E24-41C1-B052-25510B4F9A4B}.bin (Download Protect)
BHO-x32: DownloadProtect Extension -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files (x86)\{07ED2973-4419-4DE8-B2B8-D6F68E0417CD}\{5A4BC89A-1425-4ABE-B417-6A0A390EE7D7}.bin (Download Protect)
C:\Program Files (x86)\{07ED2973-4419-4DE8-B2B8-D6F68E0417CD}
FF HKLM-x32\...\Firefox\Extensions: [{6FFC60CF-017D-4EC8-A166-F61106BDBBEF}] - C:\Windows\Installer\{9BECBB49-D9B7-4EF7-BB93-3D5646EEFD5F}\{6FFC60CF-017D-4EC8-A166-F61106BDBBEF}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{9BECBB49-D9B7-4EF7-BB93-3D5646EEFD5F}\{6FFC60CF-017D-4EC8-A166-F61106BDBBEF}.xpi [2014-07-15]
C:\Windows\Installer\{9BECBB49-D9B7-4EF7-BB93-3D5646EEFD5F}
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Reboot:
end
*****************

[2604] C:\Windows\System32\IMJP10Kd.exe => Process closed successfully.
DevjcePairingWizard => Service deleted successfully.
C:\Windows\system32\IMJP10Kd.exe => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}' => Key deleted successfully.
'HKCR\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}' => Key deleted successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}' => Key deleted successfully.
C:\Program Files (x86)\{07ED2973-4419-4DE8-B2B8-D6F68E0417CD} => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{6FFC60CF-017D-4EC8-A166-F61106BDBBEF} => Value not found.
C:\Windows\Installer\{9BECBB49-D9B7-4EF7-BB93-3D5646EEFD5F}\{6FFC60CF-017D-4EC8-A166-F61106BDBBEF}.xpi not found.
"C:\Windows\Installer\{9BECBB49-D9B7-4EF7-BB93-3D5646EEFD5F}" => File/Directory not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====
Adware Cleaner:
Code:
# AdwCleaner v3.215 - Bericht erstellt am 16/07/2014 um 14:25:01
# Aktualisiert 09/07/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : EBerner - SOPC16
# Gestartet von : \\FILESERVER\CTX_Userdirs$\eberner\Downloads\adwcleaner_3.215.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v30.0 (de)

-\\ Google Chrome v35.0.1916.153

*************************

AdwCleaner[R0].txt - [8091 octets] - [08/07/2014 07:25:42]
AdwCleaner[R1].txt - [8210 octets] - [08/07/2014 07:29:04]
AdwCleaner[R2].txt - [971 octets] - [08/07/2014 19:10:29]
AdwCleaner[R3].txt - [1091 octets] - [08/07/2014 19:26:44]
AdwCleaner[R4].txt - [869 octets] - [16/07/2014 14:25:01]
AdwCleaner[S0].txt - [341 octets] - [08/07/2014 07:26:33]
AdwCleaner[S1].txt - [6820 octets] - [08/07/2014 07:29:28]
AdwCleaner[S2].txt - [1031 octets] - [08/07/2014 19:13:17]

########## EOF - U:\AdwCleaner\AdwCleaner[R4].txt - [1107 octets] ##########
MBAM:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 16.07.2014
Suchlauf-Zeit: 14:29:05
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.16.03
Rootkit Datenbank: v2014.07.14.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: EBerner

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 712830
Verstrichene Zeit: 9 Min, 21 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

FRST-Log:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014
Ran by EBerner (administrator) on SOPC16 on 16-07-2014 14:44:38
Running from \\FILESERVER\CTX_Userdirs$\eberner\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFManager.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFService.exe
(Nemetschek Allplan Systems GmbH) C:\Program Files\Nemetschek\AllplanUpdateLauncher 2014\AllplanUpdateLauncher.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(DameWare Development LLC) C:\Windows\SysWOW64\DWRCS.EXE
(ESTOS GmbH) C:\Windows\System32\eacusrv.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sdcservice.exe
(DameWare Development) C:\Windows\SysWOW64\DWRCST.EXE
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dropbox, Inc.) \\FILESERVER\CTX_USERDIRS$\EBERNER\ANWENDUNGSDATEN\DROPBOX\BIN\DROPBOX.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\pnamain.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Apple Inc.) D:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ESTOS GmbH) C:\Program Files (x86)\ESTOS\ProCall 4\ECtiClient.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfica32.exe
(ESTOS GmbH) C:\Program Files (x86)\ESTOS\ProCall 4\Communicator.exe
(Farbar) \\FILESERVER\CTX_USERDIRS$\EBERNER\DESKTOP\FRST64.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2907240 2010-10-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SMB60StarMoneyRunEntry] => S:\StarMoney Business 6.0\app\oflagent.exe [48272 2014-05-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1617704 2014-05-21] (Sophos Limited)
HKLM-x32\...\Run: [iTunesHelper] => D:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [ECtiClient] => C:\Program Files (x86)\ESTOS\ProCall 4\eCtiClient.exe [21245240 2013-01-18] (ESTOS GmbH)
HKLM-x32\...\Run: [DameWare MRC Agent] => C:\Windows\SysWOW64\DWRCST.exe [85528 2010-04-07] (DameWare Development)
HKU\S-1-5-21-3504372907-3965529896-187033130-1142\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3504372907-3965529896-187033130-1142\...\MountPoints2: F - F:\autorun.exe
HKU\S-1-5-21-3504372907-3965529896-187033130-1142\...\MountPoints2: {62745f1d-5094-11e1-83cc-180373c92681} - F:\autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Receiver.lnk
ShortcutTarget: Receiver.lnk -> C:\Windows\Installer\{7093E21A-5E1F-4EB0-B867-F11D1FC0E9AD}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe ()
Startup: C:\Users\EBerner.FRANKFURT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> \\FILESERVER\CTX_Userdirs$\eberner\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\EBerner.FRANKFURT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> \\FILESERVER\CTX_Userdirs$\eberner\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\HFrankenberger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Estos ProCall.lnk
ShortcutTarget: Estos ProCall.lnk -> C:\Program Files (x86)\Citrix\ICA Client\pnagent.exe (Citrix Systems, Inc.)
Startup: C:\Users\HFrankenberger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook.lnk
ShortcutTarget: Microsoft Outlook.lnk -> C:\Program Files (x86)\Citrix\ICA Client\pnagent.exe (Citrix Systems, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: Symbol-Overlay-Steuerprogramm für AutoCAD Digitale Signaturen -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: 192.168.20.254:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/?hl=de&gl=de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {55AED7AF-A01B-4C2A-8200-D16804DF9367} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: No Name -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} ->  No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} ->  No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {08D75BB0-D2B5-11D1-88FC-0080C859833B} https://antivirus.frankfurt.local:4343/officescan/console/ClientInstall/setupini.cab
DPF: HKLM-x32 {73481434-2EE1-4377-B3E8-5C13A1D2AF4A} hxxp://59.124.49.18/wap/Lilin.cab
DPF: HKLM-x32 {9BBB3919-F518-4D06-8209-299FC243FC44} https://antivirus.frankfurt.local:4343/SMB/console/html/root/AtxEnc.cab
DPF: HKLM-x32 {9BE31822-FDAD-461B-AD51-BE1D1C159921} hxxp://59.124.49.18/wap/axvlc.cab
DPF: HKLM-x32 {BA7A56EB-D1B9-443B-96E9-086532A378F1} hxxp://192.168.20.90/activex/decoder/aac_dec.cab
DPF: HKLM-x32 {C32FE9F1-A857-48B0-B7BF-065B5792F28D} hxxp://192.168.20.90/activex/decoder/intel_mpeg4_dec.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://192.168.20.90/activex/AMC.cab
DPF: HKLM-x32 {FF3BA0DA-79B5-4110-8FAC-C402D85AAEDA} hxxp://landshutpark.no-ip.biz:8081/view.cab
Handler: HPPUDCS - {522CC7E5-F378-4F97-8BD7-125D17F5B332} -  No File
Handler: hppufile - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} -  No File
Handler: hppusam - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} -  No File
Handler: hppuzip - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} -  No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
Handler-x32: HPPUDCS - {522CC7E5-F378-4F97-8BD7-125D17F5B332} - C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\APP\hplidcsapp.dll (Hewlett-Packard Company)
Handler-x32: hppufile - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
Handler-x32: hppusam - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
Handler-x32: hppuzip - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.20.1 192.168.20.2

FireFox:
========
FF ProfilePath: \\FILESERVER\CTX_Userdirs$\EBerner\Anwendungsdaten\Mozilla\Firefox\Profiles\f9iwdpln.default
FF SearchEngineOrder.1: Ask.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Extension: No Name - \\FILESERVER\CTX_Userdirs$\EBerner\Anwendungsdaten\Mozilla\Firefox\Profiles\f9iwdpln.default\Extensions\nostmp [2011-06-20]
FF Extension: O2CPlayer Plugin - \\FILESERVER\CTX_Userdirs$\EBerner\Anwendungsdaten\Mozilla\Firefox\Profiles\f9iwdpln.default\Extensions\o2cplayer@eleco.com [2014-07-11]
FF Extension: No Name - \\FILESERVER\CTX_Userdirs$\EBerner\Anwendungsdaten\Mozilla\Firefox\Profiles\f9iwdpln.default\Extensions\staged [2013-12-31]
FF Extension: DownloadHelper - \\FILESERVER\CTX_Userdirs$\EBerner\Anwendungsdaten\Mozilla\Firefox\Profiles\f9iwdpln.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-07-01]
FF Extension: FlashGot - \\FILESERVER\CTX_Userdirs$\EBerner\Anwendungsdaten\Mozilla\Firefox\Profiles\f9iwdpln.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-10-12]
FF HKLM-x32\...\Firefox\Extensions: [{FFB08C48-22DA-4362-8550-61BB5839581F}] - C:\Windows\Installer\{5C41BF85-3613-4A18-91F6-7670184E683E}\{FFB08C48-22DA-4362-8550-61BB5839581F}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{5C41BF85-3613-4A18-91F6-7670184E683E}\{FFB08C48-22DA-4362-8550-61BB5839581F}.xpi [2014-07-15]
FF StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\EBerner.FRANKFURT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-10]
CHR Extension: (Google Drive) - C:\Users\EBerner.FRANKFURT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-10]
CHR Extension: (YouTube) - C:\Users\EBerner.FRANKFURT\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-10]
CHR Extension: (Google-Suche) - C:\Users\EBerner.FRANKFURT\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-10]
CHR Extension: (Download Protect) - C:\Users\EBerner.FRANKFURT\AppData\Local\Google\Chrome\User Data\Default\Extensions\laadcpfkdfodbalmomeomlchbopoipbg [2014-07-10]
CHR Extension: (Google Wallet) - C:\Users\EBerner.FRANKFURT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-10]
CHR Extension: (Google Mail) - C:\Users\EBerner.FRANKFURT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-10]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S4 ABBYY.Licensing.FineReader.Corporate.10.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [814344 2009-12-19] (ABBYY)
R2 AllplanUpdateLauncher 2014; C:\Program Files\Nemetschek\AllplanUpdateLauncher 2014\AllplanUpdateLauncher.exe [16680 2014-03-15] (Nemetschek Allplan Systems GmbH)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [336248 2012-02-02] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143736 2011-10-31] (AVM Berlin)
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
R2 DWMRCS; C:\Windows\SysWOW64\DWRCS.EXE [246120 2010-07-02] (DameWare Development LLC) [File not signed]
R2 EACUSrv; C:\Windows\system32\EACUSrv.exe [6876008 2014-01-21] (ESTOS GmbH)
S3 edsservice; C:\Program Files (x86)\ESTOS\ProCall 4\EDeskShareService.exe [652632 2013-01-18] (ESTOS GmbH)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [189304 2011-10-31] (AVM Berlin)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-05-21] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [205096 2014-05-21] (Sophos Limited)
R2 Sophos Agent; C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe [289856 2012-09-17] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [341800 2014-05-21] (Sophos Limited)
R2 Sophos Client Firewall; C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFService.exe [64808 2014-05-21] (Sophos Limited)
R2 Sophos Client Firewall Manager; C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFManager.exe [158504 2014-05-21] (Sophos Limited)
R3 Sophos Device Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sdcservice.exe [655144 2014-05-21] (Sophos Limited)
R2 Sophos Message Router; C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe [818240 2012-09-17] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [355624 2014-05-21] (Sophos Limited)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3174696 2014-05-21] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2065704 2014-05-21] (Sophos Limited)

==================== Drivers (Whitelisted) ====================

R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
S3 Ctxusbr; C:\Windows\System32\DRIVERS\ctxusbr.sys [66096 2011-06-29] (Citrix Systems, Inc.)
R1 dwvkbd; C:\Windows\System32\DRIVERS\dwvkbd64.sys [30720 2007-02-15] (DameWare)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [1980648 2010-10-04] (Realtek Semiconductor Corp.)
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2011-07-05] (AVM Berlin)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2014-05-21] (Sophos Limited)
R1 scfdriver; C:\Windows\system32\Drivers\scfdriver.sys [102688 2012-03-06] (Sophos Limited)
R1 scfndis; C:\Windows\System32\DRIVERS\scfndis.sys [55072 2012-03-06] (Sophos Limited)
R3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2014-05-21] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2014-05-21] (Sophos Limited)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [200720 2009-07-15] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [339984 2009-07-15] (Trend Micro Inc.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-16 14:25 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-16 09:01 - 2014-07-16 14:43 - 00000830 _____ () C:\Windows\PFRO.log
2014-07-16 08:11 - 2014-07-16 08:11 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-16 08:11 - 2014-07-16 08:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-15 21:06 - 2014-07-15 21:06 - 00000000 ____D () C:\Program Files\{0FA0DD30-953C-487C-AA36-695CC397C564}
2014-07-15 21:06 - 2014-07-15 21:06 - 00000000 ____D () C:\Program Files (x86)\{D328D952-2134-40CF-8852-531211E58EC1}
2014-07-15 20:02 - 2014-07-15 20:02 - 785807861 _____ () C:\Windows\MEMORY.DMP
2014-07-15 20:02 - 2014-07-15 20:02 - 00521456 _____ () C:\Windows\Minidump\071514-32339-01.dmp
2014-07-15 19:10 - 2014-07-16 14:44 - 00000000 ____D () C:\FRST
2014-07-15 19:09 - 2014-07-15 19:09 - 00000000 _____ () C:\Users\Enno lokal\defogger_reenable
2014-07-15 19:07 - 2014-07-15 19:09 - 00000000 ____D () C:\Users\Enno lokal
2014-07-15 19:07 - 2014-07-15 19:07 - 00154792 _____ () C:\Users\Enno lokal\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-15 19:07 - 2014-07-15 19:07 - 00001421 _____ () C:\Users\Enno lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-15 19:07 - 2014-07-15 19:07 - 00000020 ___SH () C:\Users\Enno lokal\ntuser.ini
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Vorlagen
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Startmenü
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Netzwerkumgebung
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Lokale Einstellungen
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Eigene Dateien
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Druckumgebung
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\AppData\Local\Verlauf
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\AppData\Local\Anwendungsdaten
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Anwendungsdaten
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\Google
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\Citrix
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\ATI
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\Adobe
2014-07-15 19:07 - 2013-02-19 14:27 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\ESTOS
2014-07-15 19:07 - 2012-04-12 17:40 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\Microsoft Help
2014-07-15 19:07 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Enno lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-15 19:07 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Enno lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-15 18:59 - 2014-07-15 18:59 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2014-07-15 18:59 - 2014-07-15 18:59 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2014-07-15 18:54 - 2014-07-15 18:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-15 18:54 - 2014-07-15 18:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ESTOS
2014-07-15 09:48 - 2014-07-15 09:48 - 00000000 ____D () C:\Program Files\{2FE6C9B6-B8E4-4FD7-A1CA-734A89606A00}
2014-07-14 09:37 - 2014-07-14 09:37 - 00000000 ____D () C:\Users\HFrankenberger\AppData\Local\Google
2014-07-13 10:13 - 2014-07-13 10:13 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-13 10:13 - 2014-07-13 10:13 - 00000000 ____D () C:\Program Files\iTunes
2014-07-13 10:13 - 2014-07-13 10:13 - 00000000 ____D () C:\Program Files\iPod
2014-07-11 17:04 - 2014-07-11 17:04 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2014-07-11 17:04 - 2014-07-11 17:04 - 00000000 ____D () C:\Program Files\Unlocker
2014-07-11 16:56 - 2014-07-16 14:43 - 00000504 _____ () C:\Windows\setupact.log
2014-07-11 16:56 - 2014-07-11 16:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-11 16:53 - 2014-07-11 16:53 - 00045960 _____ () C:\cc_20140711_165336.reg
2014-07-11 16:48 - 2014-07-11 16:48 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-11 16:48 - 2014-07-11 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-11 16:48 - 2014-07-11 16:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-10 15:13 - 2014-07-10 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-10 11:39 - 2014-07-10 11:39 - 00000000 ____D () C:\Windows\ERUNT
2014-07-09 12:50 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 12:50 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 12:50 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 12:50 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 12:50 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 12:50 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 12:50 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 12:50 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 12:50 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 12:50 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 12:50 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 12:50 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 12:50 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 12:50 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 12:50 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 12:50 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 12:50 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 12:50 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 12:50 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 12:50 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 12:50 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 12:50 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 12:50 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 12:50 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 12:50 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 12:50 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 12:50 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 12:50 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 12:50 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 12:50 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 12:50 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 12:50 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 12:50 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 12:50 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 12:50 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 12:50 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 12:50 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 12:50 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 12:50 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 12:50 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 12:50 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 12:50 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 12:50 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 12:50 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 12:50 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 12:50 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 12:50 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 12:50 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 12:50 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 12:50 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 12:50 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 12:50 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 12:50 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 12:50 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 12:50 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 12:50 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 12:50 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 12:50 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 12:50 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 12:50 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 12:50 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 12:50 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 12:50 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 12:50 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 12:50 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 12:50 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-09 12:50 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 12:50 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 12:50 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 12:50 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 12:50 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 12:50 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 12:50 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 12:50 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 12:50 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 12:50 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 12:50 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 12:50 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 12:50 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 12:50 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 12:50 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 07:41 - 2014-07-16 14:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-08 07:40 - 2014-07-08 07:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-08 07:40 - 2014-07-08 07:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-08 07:40 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-08 07:40 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-08 07:31 - 2014-07-08 07:31 - 00006820 _____ () C:\AdwCleaner[S1].txt
2014-07-08 07:08 - 2014-07-08 07:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-07-08 07:08 - 2014-07-08 07:08 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-07-07 10:51 - 2014-07-07 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro
2014-06-23 17:15 - 2014-06-23 17:15 - 00000000 ___SD () C:\Citrix Anwendungen
2014-06-19 15:15 - 2014-06-19 15:15 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Local\Skype
2014-06-19 15:14 - 2014-06-19 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-16 07:24 - 2014-07-16 07:51 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

2014-07-16 14:44 - 2014-07-15 19:10 - 00000000 ____D () C:\FRST
2014-07-16 14:44 - 2012-02-03 19:25 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-16 14:43 - 2014-07-16 09:01 - 00000830 _____ () C:\Windows\PFRO.log
2014-07-16 14:43 - 2014-07-11 16:56 - 00000504 _____ () C:\Windows\setupact.log
2014-07-16 14:43 - 2012-03-07 08:42 - 00000142 _____ () C:\Windows\ODBC.INI
2014-07-16 14:43 - 2012-02-03 18:03 - 00000136 _____ () C:\Windows\system32\config\netlogon.ftl
2014-07-16 14:43 - 2012-02-03 17:20 - 01872934 _____ () C:\Windows\WindowsUpdate.log
2014-07-16 14:43 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-16 14:29 - 2012-07-26 10:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-16 14:26 - 2014-07-08 07:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-16 13:57 - 2014-05-22 16:48 - 00000596 _____ () C:\Windows\Tasks\WebContent AutoUpdate 2014.job
2014-07-16 13:48 - 2012-02-03 19:25 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-16 09:08 - 2012-02-04 02:15 - 00724958 _____ () C:\Windows\system32\perfh007.dat
2014-07-16 09:08 - 2012-02-04 02:15 - 00157574 _____ () C:\Windows\system32\perfc007.dat
2014-07-16 09:08 - 2009-07-14 07:13 - 01688188 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-16 09:08 - 2009-07-14 06:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-16 09:08 - 2009-07-14 06:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-16 09:01 - 2014-05-22 16:48 - 00000440 _____ () C:\Windows\Tasks\AutoUpdate Allplan 2014.job
2014-07-16 09:01 - 2012-02-03 18:04 - 00019675 __RSH () C:\ProgramData\ntuser.pol
2014-07-16 09:00 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-16 08:12 - 2014-03-26 18:59 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-16 08:11 - 2014-07-16 08:11 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-16 08:11 - 2014-07-16 08:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-16 08:11 - 2014-03-26 18:59 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-16 07:51 - 2014-06-16 07:24 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Local\Adobe
2014-07-15 21:06 - 2014-07-15 21:06 - 00000000 ____D () C:\Program Files\{0FA0DD30-953C-487C-AA36-695CC397C564}
2014-07-15 21:06 - 2014-07-15 21:06 - 00000000 ____D () C:\Program Files (x86)\{D328D952-2134-40CF-8852-531211E58EC1}
2014-07-15 20:02 - 2014-07-15 20:02 - 785807861 _____ () C:\Windows\MEMORY.DMP
2014-07-15 20:02 - 2014-07-15 20:02 - 00521456 _____ () C:\Windows\Minidump\071514-32339-01.dmp
2014-07-15 20:02 - 2012-02-08 15:21 - 00000000 ____D () C:\Windows\Minidump
2014-07-15 19:09 - 2014-07-15 19:09 - 00000000 _____ () C:\Users\Enno lokal\defogger_reenable
2014-07-15 19:09 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal
2014-07-15 19:07 - 2014-07-15 19:07 - 00154792 _____ () C:\Users\Enno lokal\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-15 19:07 - 2014-07-15 19:07 - 00001421 _____ () C:\Users\Enno lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-15 19:07 - 2014-07-15 19:07 - 00000020 ___SH () C:\Users\Enno lokal\ntuser.ini
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Vorlagen
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Startmenü
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Netzwerkumgebung
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Lokale Einstellungen
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Eigene Dateien
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Druckumgebung
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\AppData\Local\Verlauf
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\AppData\Local\Anwendungsdaten
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Anwendungsdaten
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\Google
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\Citrix
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\ATI
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\Adobe
2014-07-15 19:07 - 2012-04-27 19:21 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-07-15 18:59 - 2014-07-15 18:59 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2014-07-15 18:59 - 2014-07-15 18:59 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2014-07-15 18:54 - 2014-07-15 18:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-15 18:54 - 2014-07-15 18:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ESTOS
2014-07-15 18:54 - 2012-04-27 19:22 - 00154792 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-15 18:54 - 2012-04-27 19:21 - 00001421 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-15 18:54 - 2012-04-27 19:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-07-15 18:52 - 2012-03-12 11:28 - 00000250 ___SH () C:\Users\HFrankenberger\ntuser.ini
2014-07-15 18:51 - 2012-02-09 15:50 - 00000000 ____D () C:\temp
2014-07-15 09:48 - 2014-07-15 09:48 - 00000000 ____D () C:\Program Files\{2FE6C9B6-B8E4-4FD7-A1CA-734A89606A00}
2014-07-14 09:37 - 2014-07-14 09:37 - 00000000 ____D () C:\Users\HFrankenberger\AppData\Local\Google
2014-07-14 09:37 - 2013-06-19 12:59 - 00002209 _____ () C:\Users\HFrankenberger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windach.lnk
2014-07-14 09:37 - 2012-03-12 11:28 - 00000000 ____D () C:\Users\HFrankenberger
2014-07-13 10:13 - 2014-07-13 10:13 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-13 10:13 - 2014-07-13 10:13 - 00000000 ____D () C:\Program Files\iTunes
2014-07-13 10:13 - 2014-07-13 10:13 - 00000000 ____D () C:\Program Files\iPod
2014-07-13 10:13 - 2012-02-06 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-11 17:04 - 2014-07-11 17:04 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2014-07-11 17:04 - 2014-07-11 17:04 - 00000000 ____D () C:\Program Files\Unlocker
2014-07-11 16:56 - 2014-07-11 16:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-11 16:53 - 2014-07-11 16:53 - 00045960 _____ () C:\cc_20140711_165336.reg
2014-07-11 16:52 - 2012-02-04 02:17 - 00000000 ____D () C:\Windows\Panther
2014-07-11 16:48 - 2014-07-11 16:48 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-11 16:48 - 2014-07-11 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-11 16:48 - 2014-07-11 16:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-11 03:02 - 2014-03-26 18:59 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-03-26 18:59 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-03-26 18:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-03-26 18:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-10 17:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 15:13 - 2014-07-10 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-10 15:13 - 2012-02-03 19:25 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Local\Google
2014-07-10 15:13 - 2012-02-03 19:25 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-10 11:39 - 2014-07-10 11:39 - 00000000 ____D () C:\Windows\ERUNT
2014-07-09 16:53 - 2014-05-06 19:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 16:53 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 16:53 - 2009-07-14 06:45 - 05275504 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 16:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 16:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 16:43 - 2012-02-03 18:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 16:42 - 2013-08-15 11:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 16:41 - 2012-02-03 17:55 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 14:29 - 2012-07-26 10:35 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 14:29 - 2012-03-30 08:10 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 14:29 - 2012-02-03 20:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 18:20 - 2012-12-06 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-07-08 07:54 - 2012-02-06 14:38 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-07-08 07:40 - 2014-07-08 07:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-08 07:40 - 2014-07-08 07:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-08 07:40 - 2012-07-30 15:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-08 07:40 - 2012-07-30 15:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-07-08 07:31 - 2014-07-08 07:31 - 00006820 _____ () C:\AdwCleaner[S1].txt
2014-07-08 07:08 - 2014-07-08 07:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-07-08 07:08 - 2014-07-08 07:08 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-07-07 10:51 - 2014-07-07 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro
2014-07-07 10:09 - 2012-02-06 13:15 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-03 07:13 - 2013-05-17 16:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-30 11:08 - 2012-02-07 12:55 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Local\Mozilla
2014-06-30 04:09 - 2014-07-09 12:50 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-09 12:50 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-25 11:01 - 2012-02-09 13:52 - 00000000 ___RD () C:\Users\EBerner.FRANKFURT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-06-23 17:43 - 2012-02-03 19:25 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-23 17:43 - 2012-02-03 19:25 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-23 17:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-23 17:24 - 2012-11-26 14:16 - 00011726 _____ () C:\Windows\SysWOW64\switchboard.xml
2014-06-23 17:24 - 2012-11-26 14:16 - 00000000 ____D () C:\ESTOS
2014-06-23 17:15 - 2014-06-23 17:15 - 00000000 ___SD () C:\Citrix Anwendungen
2014-06-23 16:46 - 2013-08-14 16:28 - 00000000 ___RD () C:\Users\EBerner.FRANKFURT\Dropbox
2014-06-20 22:14 - 2014-07-09 12:50 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 21:39 - 2014-07-09 12:50 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-20 16:32 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-06-19 15:15 - 2014-06-19 15:15 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Local\Skype
2014-06-19 15:14 - 2014-06-19 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-19 15:14 - 2013-07-24 13:21 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-19 15:14 - 2012-02-03 19:29 - 00000000 ____D () C:\ProgramData\Skype
2014-06-19 10:43 - 2012-06-08 16:16 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-06-19 03:39 - 2014-07-09 12:50 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 03:06 - 2014-07-09 12:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 03:06 - 2014-07-09 12:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-19 02:48 - 2014-07-09 12:50 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 02:42 - 2014-07-09 12:50 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-19 02:42 - 2014-07-09 12:50 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 02:41 - 2014-07-09 12:50 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-19 02:41 - 2014-07-09 12:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-19 02:32 - 2014-07-09 12:50 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 02:31 - 2014-07-09 12:50 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 02:26 - 2014-07-09 12:50 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-19 02:24 - 2014-07-09 12:50 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-19 02:24 - 2014-07-09 12:50 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-19 02:23 - 2014-07-09 12:50 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-19 02:16 - 2014-07-09 12:50 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-19 02:14 - 2014-07-09 12:50 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-19 02:09 - 2014-07-09 12:50 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 01:59 - 2014-07-09 12:50 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:56 - 2014-07-09 12:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-19 01:53 - 2014-07-09 12:50 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 01:51 - 2014-07-09 12:50 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 01:50 - 2014-07-09 12:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 01:48 - 2014-07-09 12:50 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 01:39 - 2014-07-09 12:50 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 01:38 - 2014-07-09 12:50 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-19 01:37 - 2014-07-09 12:50 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-19 01:36 - 2014-07-09 12:50 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-09 12:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-19 01:33 - 2014-07-09 12:50 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 01:32 - 2014-07-09 12:50 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-19 01:28 - 2014-07-09 12:50 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-19 01:28 - 2014-07-09 12:50 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-19 01:27 - 2014-07-09 12:50 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 01:27 - 2014-07-09 12:50 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-19 01:25 - 2014-07-09 12:50 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-19 01:23 - 2014-07-09 12:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-19 01:22 - 2014-07-09 12:50 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-19 01:12 - 2014-07-09 12:50 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-19 01:06 - 2014-07-09 12:50 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-09 12:50 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-19 00:59 - 2014-07-09 12:50 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-19 00:58 - 2014-07-09 12:50 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-19 00:58 - 2014-07-09 12:50 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-19 00:52 - 2014-07-09 12:50 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-19 00:51 - 2014-07-09 12:50 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-19 00:49 - 2014-07-09 12:50 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-19 00:46 - 2014-07-09 12:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-09 12:50 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-19 00:35 - 2014-07-09 12:50 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-19 00:34 - 2014-07-09 12:50 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-19 00:15 - 2014-07-09 12:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-19 00:13 - 2014-07-09 12:50 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-19 00:09 - 2014-07-09 12:50 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-19 00:07 - 2014-07-09 12:50 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-18 04:18 - 2014-07-09 12:50 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-18 03:51 - 2014-07-09 12:50 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-18 03:10 - 2014-07-09 12:50 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

Some content of TEMP:
====================
C:\Users\EBerner.FRANKFURT\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpezfkza.dll
C:\Users\EBerner.FRANKFURT\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\EBerner.FRANKFURT\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 14:21

==================== End Of Log ============================
--- --- ---


FRST-Addition:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2014
Ran by EBerner at 2014-07-16 14:45:00
Running from \\FILESERVER\CTX_Userdirs$\eberner\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Sophos Anti-Virus (Disabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Disabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Sophos Client Firewall (Disabled) {539079D2-74D9-BC45-BA38-256B34D54D52}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
ABBYY FineReader 10 Corporate Edition (HKLM-x32\...\{F1000000-0001-0000-0000-074957833700}) (Version: 10.501.154.7211 - ABBYY)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.10 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 6 Design Standard (HKLM-x32\...\{0327A4BF-62BF-48BB-8928-B971B749E9E1}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Adobe® Content Viewer (x32 Version: 3.4.3 - Adobe Systems, Incorporated) Hidden
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
Any PDF to DWG Converter 2010 (HKLM-x32\...\Any PDF to DWG Converter_is1) (Version:  - AnyDWG Software, Inc.)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoCAD LT 2011 - Deutsch (HKLM\...\AutoCAD LT 2011 - Deutsch) (Version: 18.1.49.0 - Autodesk)
AutoCAD LT 2011 - Deutsch (Version: 18.1.208.0 - Autodesk) Hidden
AutoCAD LT 2011 - Deutsch Version 3 (HKLM\...\AutoCAD LT 2011 - Deutsch Version 3) (Version: 1 - Autodesk)
AutoCAD LT 2011 Language Pack - Deutsch (Version: 18.1.49.0 - Autodesk) Hidden
AutoCAD LT 2012 - Deutsch SP2 (HKLM\...\AutoCAD LT 2012 - Deutsch SP2) (Version: 1 - Autodesk)
AutoCAD LT 2012 Language Pack - Deutsch (Version: 18.2.51.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}) (Version: 2.0.90 - Autodesk)
Autodesk Design Review 2011 (HKLM-x32\...\Autodesk Design Review 2011) (Version: 11.0.0.86 - Autodesk, Inc.)
Autodesk Design Review 2011 (x32 Version: 11.0.0.86 - Autodesk, Inc.) Hidden
Autodesk Material Library 2011 (HKLM-x32\...\{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2012 (HKLM-x32\...\{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2012 (HKLM-x32\...\{65420DC9-306E-4371-905F-F4DC3B418E52}) (Version: 2.5.0.8 - Autodesk)
ava-sign 4.6.0.2056                                        - (HKLM\...\ava-sign 4.6.0.2056_is1) (Version: 4.6.0.2056 - RIB Software AG)
AXIS Media Control Embedded (HKLM-x32\...\AXIS Media Control Embedded) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.0.2838 - CDBurnerXP)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.02040 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.02040 - Cisco Systems, Inc.) Hidden
Citrix Receiver (DV) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver (Enterprise) (HKLM-x32\...\CitrixOnlinePluginFull) (Version: 13.4.0.25 - Citrix Systems, Inc.)
Citrix Receiver (HDX Flash-Umleitung) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver (USB) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver Inside (x32 Version: 3.4.0.29585 - Citrix Systems, Inc.) Hidden
Citrix Receiver(PNA) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver(SSON) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Common (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
Contents (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
Corel VideoStudio Pro X4 (HKLM-x32\...\_{AA902C31-B49D-4608-BCCF-2519EB77722D}) (Version: 14.3.0.5 - Corel Corporation)
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.0 - REINER SCT)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
DeviceIO (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
DTAUS 2011 Profi (HKLM-x32\...\DTAUS 2011 Profi) (Version:  - Yokey Software)
DTAUS 2011 Profi (x32 Version: 1.0.0 - Yokey Software) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESS Energie Indikator (HKLM-x32\...\{AA56C866-27E0-4178-876C-6A18FA7715D8}) (Version: 20.14.0 - Nemetschek Allplan GmbH)
ESTOS ProCall (HKLM-x32\...\{F2D50027-E910-4C2C-AC57-E7D806AAE64E}) (Version: 4.1.10.20036 - ESTOS)
File Repair (HKLM-x32\...\File Repair_is1) (Version:  - File Repair)
FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
Flight Planner 6 (HKLM-x32\...\Flight Planner_is1) (Version: 6.0.0.30 - ifos GmbH)
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: 4.3.1.118 - Foxit Corporation)
Free FLV Converter V 7.6.1 (HKLM-x32\...\Free FLV Converter_is1) (Version: 7.6.1.0 - Koyote Lab Inc.)
FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
FRITZ!Fernzugang (HKLM\...\{5001E5BC-C9BF-4598-AB89-E7318C76C5F4}) (Version: 1.2.6 - AVM Berlin)
GAEB-Konverter Version 8 (HKLM-x32\...\{4B4F626E-6EAF-4D9E-9C42-FB2529360F16}) (Version: 8.0.183 - T&&T Datentechnik GmbH)
General Runtime Files for Allplan 2014-1-1 (x32 Version: 1.8.1.0 - Nemetschek Allplan Systems GmbH) Hidden
General Runtime Files for Allplan 2014-1-1 x64 (Version: 1.5.0.0 - Nemetschek Allplan Systems GmbH) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
H.264 AVC Player 0.9.63 (HKLM-x32\...\H.264 AVC Player) (Version: 0.9.63 - VideoLAN Team)
HiPath 3000 Manager E  68.50.703.0 (HKLM-x32\...\{4736607E-57BF-11D4-9881-005004EDBBBD}) (Version:  - )
HP Printer Utility (HKLM-x32\...\{F46B6BF8-93C8-456A-B97D-C2B41D4E9381}) (Version: 1.4.0.14 - Ihr Firmenname)
HP Proactive Services (HKLM-x32\...\{7527CD9F-894E-47B3-9AFB-3E680E007051}) (Version: 1.6.0.37 - Ihr Firmenname)
ICA (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Img2CAD 7.1 (HKLM-x32\...\Img2CAD_is1) (Version:  - Img2CAD, Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
IPM_VS_Pro (x32 Version: 13.0 - Corel Corporation) Hidden
ISCOM (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{A047101C-A3AE-4FAD-802F-01C965079F66}) (Version: 11.1.3010.3 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{99AC7F47-A4E0-4706-9C65-8948775C2652}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 (HKLM\...\{BBBE35B2-9349-3C48-BD3D-F574B17C7924}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nemetschek Allplan 2014 (HKLM-x32\...\{669D6EB8-28DD-4F5C-A7C3-5DCB53F59691}) (Version: 2014.0 - Nemetschek Allplan Systems GmbH)
Nemetschek SoftLock 2006 (HKLM-x32\...\{7262D0C8-41CC-4F75-8383-A6C7C61D7FC6}) (Version: 1.26.55 - Nemetschek Allplan Systems GmbH)
Nitro Reader 3 (HKLM\...\{47220B83-D895-4262-9227-E5D8FA7F7384}) (Version: 3.5.2.10 - Nitro)
Offerte_L (HKLM-x32\...\{00514709-D0BF-4C47-9858-2AA4042F6E91}) (Version: 3.1.000 - RIB Software AG)
Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Passware Kit Enterprise 7.9 (HKLM-x32\...\Passware Kit Enterprise) (Version:  - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PhotoSync (HKLM\...\{3F96040E-35BB-4EE2-89F6-8948F3B4514A}) (Version: 2.2.1 - touchbyte GmbH)
PureHD (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5883 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
SEPA Account Converter (HKLM-x32\...\{1C3147A7-4810-45FC-AD89-064D8023A514}) (Version: 1.24.0 - Star Finanz GmbH)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Setup (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
Share (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
Share64 (Version: 14.0.0.342 - Corel Corporation) Hidden
SketchUp 8 (HKLM-x32\...\{B8F4A45C-581C-4707-8EF2-2B9E6722270C}) (Version: 3.0.16944 - Trimble Navigation Limited)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.6 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.6 - SmartSound Software Inc.) Hidden
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.7 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{D924231F-D02D-4E0B-B511-CC4A0E3ED547}) (Version: 3.1.1.18 - Sophos Limited)
Sophos Client Firewall (HKLM-x32\...\{A805FB2A-A844-4cba-8088-CA64087D59E1}) (Version: 2.9.4 - Sophos Limited)
Sophos Remote Management System (HKLM-x32\...\{FED1005D-CBC8-45D5-A288-FFC7BB304121}) (Version: 3.4.1 - Sophos Limited)
StarMoney (x32 Version: 3.0.0.124 - StarFinanz) Hidden
StarMoney (x32 Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney Business 6.0  (HKLM-x32\...\{EE6AD847-8CA7-4FE6-AD05-B275E3761152}) (Version: 6.0 - Star Finanz GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VIO (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
VSClassic (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
VSPro (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
Wise Registry Cleaner 8.21 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.21 - WiseCleaner.com, Inc.)

==================== Restore Points  =========================

15-07-2014 19:03:45 Geplanter Prüfpunkt
16-07-2014 06:11:29 Installed Java 7 Update 65

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2B824B35-8A2E-44C8-8D11-C27059FC4EA9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {73180A98-627A-4015-8FF8-382E15FC32A1} - System32\Tasks\WebContent AutoUpdate 2014 => D:\Program Files\Allplan\prg\NemDownloadHandler.exe [2014-03-15] (Nemetschek Allplan Systems GmbH)
Task: {88481D14-A5E1-4837-834E-BF5D06D7F079} - System32\Tasks\AutoUpdate Allplan 2014 => D:\Program Files\Allplan\prg\NemDownloadHandler.exe [2014-03-15] (Nemetschek Allplan Systems GmbH)
Task: {8FB75C6E-2DE0-4928-A72F-A8D2F44527F2} - System32\Tasks\{D3E4BAAE-B173-4F86-BA73-C0E2C6BE5B05} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.5.0.124.261&amp;LastError=12002
Task: {A023BF91-F5D8-4236-88BD-DF75D67DDCA2} - System32\Tasks\AdobeAAMUpdater-1.0-FRANKFURT-eberner => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {C7E4CA4D-6B72-4EA0-9BE0-CE1A32E0F159} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E18B5E2B-2101-4831-859C-C03C32C0CCE8} - \CreateChoiceProcessTask No Task File <==== ATTENTION
Task: {EDC6F085-64F3-424E-B1C3-4894C30BBADD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {F4E9A053-A7FB-4894-9C85-F18B8808ECF0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-03] (Google Inc.)
Task: {FCDA0835-EA78-4497-8AAE-09D7B465CAE0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-03] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoUpdate Allplan 2014.job => D:\Program Files\Allplan\prg\NemDownloadHandler.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WebContent AutoUpdate 2014.job => D:\Program Files\Allplan\prg\NemDownloadHandler.exe

==================== Loaded Modules (whitelisted) =============

2011-02-02 14:08 - 2011-02-02 14:08 - 00018656 _____ () C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-01-24 09:34 - 2013-01-24 09:34 - 00063408 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-03 20:12 - 2007-05-31 07:38 - 00167936 ____N () C:\Windows\SysWOW64\SerialXP.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 01055808 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 01539136 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 00183360 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_DynamicAny.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 00760896 _____ () C:\Program Files (x86)\Sophos\Remote Management System\LIBEAY32.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 00146496 _____ () C:\Program Files (x86)\Sophos\Remote Management System\SSLEAY32.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 00076864 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE_SSL.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 00535616 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PortableServer.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 00244800 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_SSLIOP.DLL
2012-09-17 13:39 - 2012-09-17 13:39 - 00740416 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Security.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 00039488 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Valuetype.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 00244800 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_SSLIOP.dll
2014-07-16 14:44 - 2014-07-16 14:44 - 00043008 _____ () c:\users\eberne~1.fra\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpezfkza.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () \\FILESERVER\CTX_Userdirs$\eberner\Anwendungsdaten\Dropbox\bin\libcef.dll
2014-05-08 13:22 - 2014-05-08 13:22 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2012-11-05 13:41 - 2012-11-05 13:41 - 01099790 _____ () C:\Program Files (x86)\Citrix\ICA Client\avcodec-52.dll
2012-11-05 13:41 - 2012-11-05 13:41 - 00079886 _____ () C:\Program Files (x86)\Citrix\ICA Client\avutil-50.dll
2012-11-05 13:41 - 2012-11-05 13:41 - 00117774 _____ () C:\Program Files (x86)\Citrix\ICA Client\avformat-52.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Sophos Client Firewall => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Sophos Client Firewall Manager => ""="service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: ABBYY.Licensing.FineReader.Corporate.10.0 => 2
MSCONFIG\Services: TMBMServer => 3
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Bonus.SSR.FR10 => "D:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DameWare MRC Agent => C:\Windows\SysWOW64\DWRCST.exe
MSCONFIG\startupreg: Download Protect => C:\ProgramData\dlprotect.exe
MSCONFIG\startupreg: iTunesHelper => "D:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: PUStarter => C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\Appinterfaces\HPPUDS.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RunPUTasktray => "C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\HPPU.exe" --regkeypath=Software\Hewlett-Packard\HP Printer Utility\HPPURun --valuename=InstallTTM

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/16/2014 09:03:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/16/2014 08:58:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm OUTLOOK.EXE, Version 14.0.7113.5000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1bc4

Startzeit: 01cfa0bceb343c0b

Endzeit: 16

Anwendungspfad: D:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

Berichts-ID: 824fb3e3-0cb6-11e4-80ef-180373c92681

Error: (07/15/2014 08:04:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2014 07:29:34 PM) (Source: Microsoft Office 14) (EventID: 2001) (User: )
Description: Microsoft Outlook: Rejected Safe Mode action : Outlook konnte zuletzt nicht korrekt gestartet werden. Das Starten von Outlook im abgesicherten Modus hilft Ihnen, ein Startproblem zu korrigieren oder zu isolieren, sodass Sie das Programm erfolgreich starten können. Einige Funktionen können in diesem Modus deaktiviert sein.

Möchten Sie Outlook im abgesicherten Modus starten?.
Rejected Safe Mode action : Microsoft Outlook.

Error: (07/15/2014 07:27:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm rundll32.exe, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 564

Startzeit: 01cfa051d632302a

Endzeit: 27715

Anwendungspfad: C:\Windows\SysWOW64\rundll32.exe

Berichts-ID: 35126faf-0c45-11e4-a6b0-180373c92681

Error: (07/15/2014 07:25:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm rundll32.exe, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 79c

Startzeit: 01cfa05187b22e17

Endzeit: 0

Anwendungspfad: C:\Windows\SysWOW64\rundll32.exe

Berichts-ID: 0d720291-0c45-11e4-a6b0-180373c92681

Error: (07/15/2014 07:13:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004a713
ID des fehlerhaften Prozesses: 0xe94
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3

Error: (07/15/2014 07:08:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2014 07:05:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2014 06:55:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/16/2014 02:10:15 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (07/16/2014 01:50:27 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (07/16/2014 01:50:13 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (07/16/2014 01:45:55 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (07/16/2014 01:45:45 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (07/16/2014 01:43:17 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (07/16/2014 01:43:13 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (07/16/2014 01:42:35 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (07/16/2014 01:35:33 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (07/16/2014 01:35:18 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.


Microsoft Office Sessions:
=========================
Error: (07/16/2014 09:03:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/16/2014 08:58:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OUTLOOK.EXE14.0.7113.50001bc401cfa0bceb343c0b16D:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE824fb3e3-0cb6-11e4-80ef-180373c92681

Error: (07/15/2014 08:04:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2014 07:29:34 PM) (Source: Microsoft Office 14) (EventID: 2001) (User: )
Description: Microsoft OutlookOutlook konnte zuletzt nicht korrekt gestartet werden. Das Starten von Outlook im abgesicherten Modus hilft Ihnen, ein Startproblem zu korrigieren oder zu isolieren, sodass Sie das Programm erfolgreich starten können. Einige Funktionen können in diesem Modus deaktiviert sein.

Möchten Sie Outlook im abgesicherten Modus starten?

Error: (07/15/2014 07:27:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: rundll32.exe6.1.7600.1638556401cfa051d632302a27715C:\Windows\SysWOW64\rundll32.exe35126faf-0c45-11e4-a6b0-180373c92681

Error: (07/15/2014 07:25:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: rundll32.exe6.1.7600.1638579c01cfa05187b22e170C:\Windows\SysWOW64\rundll32.exe0d720291-0c45-11e4-a6b0-180373c92681

Error: (07/15/2014 07:13:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c00000050004a713e9401cfa04fca05987cC:\temp\Trojaner Board\Gmer-19357.exeC:\temp\Trojaner Board\Gmer-19357.exe6802dc46-0c43-11e4-a6b0-180373c92681

Error: (07/15/2014 07:08:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2014 07:05:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2014 06:55:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-03-05 09:26:58.442
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-05 09:26:58.427
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 8148.93 MB
Available physical RAM: 6021.05 MB
Total Pagefile: 16296.05 MB
Available Pagefile: 14037.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:19.58 GB) NTFS
Drive d: (D_SOPC16) (Fixed) (Total:438.58 GB) (Free:279.34 GB) NTFS
Drive e: (E_SOPC16_1TB) (Fixed) (Total:931.51 GB) (Free:354.31 GB) NTFS
Drive k: (DATA) (Network) (Total:1228.8 GB) (Free:68.34 GB) NTFS
Drive n: (DATA) (Network) (Total:1228.8 GB) (Free:68.34 GB) NTFS
Drive o: (DATA) (Network) (Total:1228.8 GB) (Free:68.34 GB) NTFS
Drive p: (DATA) (Network) (Total:1228.8 GB) (Free:68.34 GB) NTFS
Drive q: (DATA) (Network) (Total:1228.8 GB) (Free:68.34 GB) NTFS
Drive s: (DATA) (Network) (Total:1228.8 GB) (Free:68.34 GB) NTFS
Drive u: (DATA) (Network) (Total:1228.8 GB) (Free:68.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 776FB738)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 7A61FFC2)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 1DA41F31)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=439 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Viel Erfolg!
VG
Enno

M-K-D-B 16.07.2014 17:19
Leider führst du FRST nicht wie beschrieben vom Desktop des Benutzerkontos aus, daher dauert alles nur länger.


Daher sage ich es jetzt nochmal ganz ausführlich:


Du kopierst bitte FRST direkt auf den Desktop des Benutzerkontos, d. h. du führst das Tool nicht von hier
Zitat:
Running from \\FILESERVER\CTX_Userdirs$\eberner\Desktop
oder
Zitat:
Running from C:\temp\Trojaner Board
aus, sondern von

C:\users\<dein benutzername>\Desktop



Bei mir lautet der Pfad z. B. so:
C:\Users\M-K-D-B\Desktop\FRST.exe




  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.



Dann sehen wir weiter....

EBerner 17.07.2014 08:34
Guten Morgen Matthias,

sorry für den Fehler, aber tatsächlich habe die FRST.exe von dem Desktop meiner Domänen-Anmeldung ausgeführt.

Jetzt habe ich mir einen lokalen Admin angelegt "Enno" und habe die FRST.exe unter lokaler Anmeldung am Client ausgeführt:

FRST.txt:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014
Ran by Enno (administrator) on SOPC16 on 17-07-2014 09:26:44
Running from C:\Users\Enno lokal\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFManager.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFService.exe
(Nemetschek Allplan Systems GmbH) C:\Program Files\Nemetschek\AllplanUpdateLauncher 2014\AllplanUpdateLauncher.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(DameWare Development LLC) C:\Windows\SysWOW64\DWRCS.EXE
(ESTOS GmbH) C:\Windows\System32\eacusrv.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sdcservice.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(DameWare Development) C:\Windows\SysWOW64\DWRCST.EXE
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(Apple Inc.) D:\Program Files (x86)\iTunes\iTunesHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\pnamain.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ESTOS GmbH) C:\Program Files (x86)\ESTOS\ProCall 4\ECtiClient.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(ESTOS GmbH) C:\Program Files (x86)\ESTOS\ProCall 4\Communicator.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2907240 2010-10-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SMB60StarMoneyRunEntry] => "S:\StarMoney Business 6.0\app\oflagent.exe"
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1617704 2014-05-21] (Sophos Limited)
HKLM-x32\...\Run: [iTunesHelper] => D:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [ECtiClient] => C:\Program Files (x86)\ESTOS\ProCall 4\eCtiClient.exe [21245240 2013-01-18] (ESTOS GmbH)
HKLM-x32\...\Run: [DameWare MRC Agent] => C:\Windows\SysWOW64\DWRCST.exe [85528 2010-04-07] (DameWare Development)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Receiver.lnk
ShortcutTarget: Receiver.lnk -> C:\Windows\Installer\{7093E21A-5E1F-4EB0-B867-F11D1FC0E9AD}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe ()
Startup: C:\Users\EBerner.FRANKFURT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> \\FILESERVER\CTX_Userdirs$\eberner\Anwendungsdaten\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\HFrankenberger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Estos ProCall.lnk
ShortcutTarget: Estos ProCall.lnk -> C:\Program Files (x86)\Citrix\ICA Client\pnagent.exe (Citrix Systems, Inc.)
Startup: C:\Users\HFrankenberger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook.lnk
ShortcutTarget: Microsoft Outlook.lnk -> C:\Program Files (x86)\Citrix\ICA Client\pnagent.exe (Citrix Systems, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: Symbol-Overlay-Steuerprogramm für AutoCAD Digitale Signaturen -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: No Name -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} ->  No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} ->  No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {08D75BB0-D2B5-11D1-88FC-0080C859833B} https://antivirus.frankfurt.local:4343/officescan/console/ClientInstall/setupini.cab
DPF: HKLM-x32 {73481434-2EE1-4377-B3E8-5C13A1D2AF4A} hxxp://59.124.49.18/wap/Lilin.cab
DPF: HKLM-x32 {9BBB3919-F518-4D06-8209-299FC243FC44} https://antivirus.frankfurt.local:4343/SMB/console/html/root/AtxEnc.cab
DPF: HKLM-x32 {9BE31822-FDAD-461B-AD51-BE1D1C159921} hxxp://59.124.49.18/wap/axvlc.cab
DPF: HKLM-x32 {BA7A56EB-D1B9-443B-96E9-086532A378F1} hxxp://192.168.20.90/activex/decoder/aac_dec.cab
DPF: HKLM-x32 {C32FE9F1-A857-48B0-B7BF-065B5792F28D} hxxp://192.168.20.90/activex/decoder/intel_mpeg4_dec.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://192.168.20.90/activex/AMC.cab
DPF: HKLM-x32 {FF3BA0DA-79B5-4110-8FAC-C402D85AAEDA} hxxp://landshutpark.no-ip.biz:8081/view.cab
Handler: HPPUDCS - {522CC7E5-F378-4F97-8BD7-125D17F5B332} -  No File
Handler: hppufile - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} -  No File
Handler: hppusam - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} -  No File
Handler: hppuzip - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} -  No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
Handler-x32: HPPUDCS - {522CC7E5-F378-4F97-8BD7-125D17F5B332} - C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\APP\hplidcsapp.dll (Hewlett-Packard Company)
Handler-x32: hppufile - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
Handler-x32: hppusam - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
Handler-x32: hppuzip - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.20.1 192.168.20.2

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-10-12]
FF HKLM-x32\...\Firefox\Extensions: [{FFB08C48-22DA-4362-8550-61BB5839581F}] - C:\Windows\Installer\{5C41BF85-3613-4A18-91F6-7670184E683E}\{FFB08C48-22DA-4362-8550-61BB5839581F}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{5C41BF85-3613-4A18-91F6-7670184E683E}\{FFB08C48-22DA-4362-8550-61BB5839581F}.xpi [2014-07-15]
FF StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Services (Whitelisted) =================

S4 ABBYY.Licensing.FineReader.Corporate.10.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [814344 2009-12-19] (ABBYY)
R2 AllplanUpdateLauncher 2014; C:\Program Files\Nemetschek\AllplanUpdateLauncher 2014\AllplanUpdateLauncher.exe [16680 2014-03-15] (Nemetschek Allplan Systems GmbH)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [336248 2012-02-02] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143736 2011-10-31] (AVM Berlin)
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
R2 DWMRCS; C:\Windows\SysWOW64\DWRCS.EXE [246120 2010-07-02] (DameWare Development LLC) [File not signed]
R2 EACUSrv; C:\Windows\system32\EACUSrv.exe [6876008 2014-01-21] (ESTOS GmbH)
S3 edsservice; C:\Program Files (x86)\ESTOS\ProCall 4\EDeskShareService.exe [652632 2013-01-18] (ESTOS GmbH)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [189304 2011-10-31] (AVM Berlin)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-05-21] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [205096 2014-05-21] (Sophos Limited)
R2 Sophos Agent; C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe [289856 2012-09-17] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [341800 2014-05-21] (Sophos Limited)
R2 Sophos Client Firewall; C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFService.exe [64808 2014-05-21] (Sophos Limited)
R2 Sophos Client Firewall Manager; C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFManager.exe [158504 2014-05-21] (Sophos Limited)
R3 Sophos Device Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sdcservice.exe [655144 2014-05-21] (Sophos Limited)
R2 Sophos Message Router; C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe [818240 2012-09-17] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [355624 2014-05-21] (Sophos Limited)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3174696 2014-05-21] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2065704 2014-05-21] (Sophos Limited)

==================== Drivers (Whitelisted) ====================

R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
S3 Ctxusbr; C:\Windows\System32\DRIVERS\ctxusbr.sys [66096 2011-06-29] (Citrix Systems, Inc.)
R1 dwvkbd; C:\Windows\System32\DRIVERS\dwvkbd64.sys [30720 2007-02-15] (DameWare)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [1980648 2010-10-04] (Realtek Semiconductor Corp.)
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2011-07-05] (AVM Berlin)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2014-05-21] (Sophos Limited)
R1 scfdriver; C:\Windows\system32\Drivers\scfdriver.sys [102688 2012-03-06] (Sophos Limited)
R1 scfndis; C:\Windows\System32\DRIVERS\scfndis.sys [55072 2012-03-06] (Sophos Limited)
R3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2014-05-21] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2014-05-21] (Sophos Limited)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [200720 2009-07-15] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [339984 2009-07-15] (Trend Micro Inc.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-17 09:26 - 2014-07-17 09:27 - 00027725 _____ () C:\Users\Enno lokal\Desktop\FRST.txt
2014-07-16 14:25 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-16 09:01 - 2014-07-16 14:43 - 00000830 _____ () C:\Windows\PFRO.log
2014-07-16 08:11 - 2014-07-16 08:11 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-16 08:11 - 2014-07-16 08:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-15 21:06 - 2014-07-15 21:06 - 00000000 ____D () C:\Program Files\{0FA0DD30-953C-487C-AA36-695CC397C564}
2014-07-15 21:06 - 2014-07-15 21:06 - 00000000 ____D () C:\Program Files (x86)\{D328D952-2134-40CF-8852-531211E58EC1}
2014-07-15 20:02 - 2014-07-15 20:02 - 785807861 _____ () C:\Windows\MEMORY.DMP
2014-07-15 20:02 - 2014-07-15 20:02 - 00521456 _____ () C:\Windows\Minidump\071514-32339-01.dmp
2014-07-15 19:10 - 2014-07-17 09:26 - 00000000 ____D () C:\FRST
2014-07-15 19:07 - 2014-07-16 15:05 - 00000000 ____D () C:\Users\Enno lokal
2014-07-15 19:07 - 2014-07-15 19:07 - 00154792 _____ () C:\Users\Enno lokal\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-15 19:07 - 2014-07-15 19:07 - 00001421 _____ () C:\Users\Enno lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-15 19:07 - 2014-07-15 19:07 - 00000020 ___SH () C:\Users\Enno lokal\ntuser.ini
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Vorlagen
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Startmenü
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Netzwerkumgebung
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Lokale Einstellungen
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Eigene Dateien
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Druckumgebung
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Documents\Eigene Musik
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Documents\Eigene Bilder
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\AppData\Local\Verlauf
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\AppData\Local\Anwendungsdaten
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Anwendungsdaten
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Roaming\ICAClient
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Roaming\ESTOS
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Roaming\ATI
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Roaming\Apple Computer
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Roaming\Adobe
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\Google
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\Citrix
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\ATI
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\Adobe
2014-07-15 19:07 - 2013-02-19 14:27 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\ESTOS
2014-07-15 19:07 - 2012-06-08 16:19 - 00000000 ____D () C:\Users\Enno lokal\AppData\Roaming\Macromedia
2014-07-15 19:07 - 2012-04-12 17:40 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\Microsoft Help
2014-07-15 19:07 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Enno lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-15 19:07 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Enno lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-15 18:59 - 2014-07-15 18:59 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2014-07-15 18:59 - 2014-07-15 18:59 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2014-07-15 18:54 - 2014-07-15 18:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-15 18:54 - 2014-07-15 18:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ESTOS
2014-07-15 18:51 - 2014-07-15 18:44 - 00380416 _____ () C:\Users\Enno lokal\Desktop\Gmer-19357.exe
2014-07-15 18:51 - 2014-07-15 18:43 - 02086912 _____ (Farbar) C:\Users\Enno lokal\Desktop\FRST64.exe
2014-07-15 18:51 - 2014-07-15 18:43 - 00050477 _____ () C:\Users\Enno lokal\Desktop\Defogger.exe
2014-07-15 09:48 - 2014-07-15 09:48 - 00000000 ____D () C:\Program Files\{2FE6C9B6-B8E4-4FD7-A1CA-734A89606A00}
2014-07-14 09:37 - 2014-07-14 09:37 - 00000000 ____D () C:\Users\HFrankenberger\AppData\Local\Google
2014-07-13 10:13 - 2014-07-13 10:13 - 00001576 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-13 10:13 - 2014-07-13 10:13 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-13 10:13 - 2014-07-13 10:13 - 00000000 ____D () C:\Program Files\iTunes
2014-07-13 10:13 - 2014-07-13 10:13 - 00000000 ____D () C:\Program Files\iPod
2014-07-11 17:04 - 2014-07-11 17:04 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2014-07-11 17:04 - 2014-07-11 17:04 - 00000000 ____D () C:\Program Files\Unlocker
2014-07-11 16:56 - 2014-07-17 09:10 - 00000560 _____ () C:\Windows\setupact.log
2014-07-11 16:56 - 2014-07-11 16:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-11 16:53 - 2014-07-11 16:53 - 00045960 _____ () C:\cc_20140711_165336.reg
2014-07-11 16:48 - 2014-07-11 16:48 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-11 16:48 - 2014-07-11 16:48 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-11 16:48 - 2014-07-11 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-11 16:48 - 2014-07-11 16:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-10 15:13 - 2014-07-10 15:13 - 00002247 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-10 15:13 - 2014-07-10 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-10 11:53 - 2014-07-10 11:53 - 00000815 _____ () C:\Users\EBerner.FRANKFURT\Desktop\JRT.txt
2014-07-10 11:39 - 2014-07-10 11:39 - 00000000 ____D () C:\Windows\ERUNT
2014-07-09 12:50 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 12:50 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 12:50 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 12:50 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 12:50 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 12:50 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 12:50 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 12:50 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 12:50 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 12:50 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 12:50 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 12:50 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 12:50 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 12:50 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 12:50 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 12:50 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 12:50 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 12:50 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 12:50 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 12:50 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 12:50 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 12:50 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 12:50 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 12:50 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 12:50 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 12:50 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 12:50 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 12:50 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 12:50 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 12:50 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 12:50 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 12:50 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 12:50 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 12:50 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 12:50 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 12:50 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 12:50 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 12:50 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 12:50 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 12:50 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 12:50 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 12:50 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 12:50 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 12:50 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 12:50 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 12:50 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 12:50 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 12:50 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 12:50 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 12:50 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 12:50 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 12:50 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 12:50 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 12:50 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 12:50 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 12:50 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 12:50 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 12:50 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 12:50 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 12:50 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 12:50 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 12:50 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 12:50 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 12:50 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 12:50 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 12:50 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-09 12:50 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 12:50 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 12:50 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 12:50 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 12:50 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 12:50 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 12:50 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 12:50 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 12:50 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 12:50 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 12:50 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 12:50 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 12:50 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 12:50 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 12:50 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 07:41 - 2014-07-16 14:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-08 07:40 - 2014-07-08 07:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-08 07:40 - 2014-07-08 07:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-08 07:40 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-08 07:40 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-08 07:31 - 2014-07-08 07:31 - 00006820 _____ () C:\AdwCleaner[S1].txt
2014-07-08 07:08 - 2014-07-08 07:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-07-08 07:08 - 2014-07-08 07:08 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-07-07 10:51 - 2014-07-07 10:51 - 00002139 _____ () C:\Users\Public\Desktop\Google Earth Pro.lnk
2014-07-07 10:51 - 2014-07-07 10:51 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Roaming\Macromedia
2014-07-07 10:51 - 2014-07-07 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro
2014-06-23 17:15 - 2014-06-23 17:15 - 00000000 ___SD () C:\Citrix Anwendungen
2014-06-19 15:15 - 2014-06-19 15:15 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Local\Skype
2014-06-19 15:14 - 2014-06-19 15:14 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-19 15:14 - 2014-06-19 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

==================== One Month Modified Files and Folders =======

2014-07-17 09:27 - 2014-07-17 09:26 - 00027725 _____ () C:\Users\Enno lokal\Desktop\FRST.txt
2014-07-17 09:26 - 2014-07-15 19:10 - 00000000 ____D () C:\FRST
2014-07-17 09:25 - 2012-02-03 19:25 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-17 09:20 - 2014-06-16 07:24 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Local\Adobe
2014-07-17 09:17 - 2012-02-04 02:15 - 00724958 _____ () C:\Windows\system32\perfh007.dat
2014-07-17 09:17 - 2012-02-04 02:15 - 00157574 _____ () C:\Windows\system32\perfc007.dat
2014-07-17 09:17 - 2009-07-14 07:13 - 01688188 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-17 09:17 - 2009-07-14 06:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-17 09:17 - 2009-07-14 06:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-17 09:13 - 2012-02-03 17:20 - 01894367 _____ () C:\Windows\WindowsUpdate.log
2014-07-17 09:10 - 2014-07-11 16:56 - 00000560 _____ () C:\Windows\setupact.log
2014-07-17 09:10 - 2012-03-07 08:42 - 00000142 _____ () C:\Windows\ODBC.INI
2014-07-17 09:10 - 2012-02-03 18:03 - 00000136 _____ () C:\Windows\system32\config\netlogon.ftl
2014-07-17 09:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-16 16:29 - 2012-07-26 10:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-16 15:57 - 2014-05-22 16:48 - 00000596 _____ () C:\Windows\Tasks\WebContent AutoUpdate 2014.job
2014-07-16 15:48 - 2012-02-03 19:25 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-16 15:05 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal
2014-07-16 14:43 - 2014-07-16 09:01 - 00000830 _____ () C:\Windows\PFRO.log
2014-07-16 14:26 - 2014-07-08 07:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-16 09:01 - 2014-05-22 16:48 - 00000440 _____ () C:\Windows\Tasks\AutoUpdate Allplan 2014.job
2014-07-16 09:01 - 2012-02-03 18:04 - 00019675 __RSH () C:\ProgramData\ntuser.pol
2014-07-16 09:00 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-16 08:12 - 2014-03-26 18:59 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-16 08:11 - 2014-07-16 08:11 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-16 08:11 - 2014-07-16 08:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-16 08:11 - 2014-03-26 18:59 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-15 21:06 - 2014-07-15 21:06 - 00000000 ____D () C:\Program Files\{0FA0DD30-953C-487C-AA36-695CC397C564}
2014-07-15 21:06 - 2014-07-15 21:06 - 00000000 ____D () C:\Program Files (x86)\{D328D952-2134-40CF-8852-531211E58EC1}
2014-07-15 20:02 - 2014-07-15 20:02 - 785807861 _____ () C:\Windows\MEMORY.DMP
2014-07-15 20:02 - 2014-07-15 20:02 - 00521456 _____ () C:\Windows\Minidump\071514-32339-01.dmp
2014-07-15 20:02 - 2012-02-08 15:21 - 00000000 ____D () C:\Windows\Minidump
2014-07-15 19:07 - 2014-07-15 19:07 - 00154792 _____ () C:\Users\Enno lokal\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-15 19:07 - 2014-07-15 19:07 - 00001421 _____ () C:\Users\Enno lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-15 19:07 - 2014-07-15 19:07 - 00000020 ___SH () C:\Users\Enno lokal\ntuser.ini
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Vorlagen
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Startmenü
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Netzwerkumgebung
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Lokale Einstellungen
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Eigene Dateien
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Druckumgebung
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Documents\Eigene Musik
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Documents\Eigene Bilder
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\AppData\Local\Verlauf
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\AppData\Local\Anwendungsdaten
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Anwendungsdaten
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Roaming\ICAClient
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Roaming\ESTOS
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Roaming\ATI
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Roaming\Apple Computer
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Roaming\Adobe
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\Google
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\Citrix
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\ATI
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\Adobe
2014-07-15 19:07 - 2012-04-27 19:21 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-07-15 18:59 - 2014-07-15 18:59 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2014-07-15 18:59 - 2014-07-15 18:59 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2014-07-15 18:54 - 2014-07-15 18:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-15 18:54 - 2014-07-15 18:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ESTOS
2014-07-15 18:54 - 2012-04-27 19:22 - 00154792 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-15 18:54 - 2012-04-27 19:21 - 00001421 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-15 18:54 - 2012-04-27 19:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-07-15 18:52 - 2012-03-12 11:28 - 00000250 ___SH () C:\Users\HFrankenberger\ntuser.ini
2014-07-15 18:51 - 2012-02-09 15:50 - 00000000 ____D () C:\temp
2014-07-15 18:44 - 2014-07-15 18:51 - 00380416 _____ () C:\Users\Enno lokal\Desktop\Gmer-19357.exe
2014-07-15 18:43 - 2014-07-15 18:51 - 02086912 _____ (Farbar) C:\Users\Enno lokal\Desktop\FRST64.exe
2014-07-15 18:43 - 2014-07-15 18:51 - 00050477 _____ () C:\Users\Enno lokal\Desktop\Defogger.exe
2014-07-15 09:48 - 2014-07-15 09:48 - 00000000 ____D () C:\Program Files\{2FE6C9B6-B8E4-4FD7-A1CA-734A89606A00}
2014-07-14 09:37 - 2014-07-14 09:37 - 00000000 ____D () C:\Users\HFrankenberger\AppData\Local\Google
2014-07-14 09:37 - 2013-06-19 12:59 - 00002209 _____ () C:\Users\HFrankenberger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windach.lnk
2014-07-14 09:37 - 2012-03-12 11:28 - 00000000 ____D () C:\Users\HFrankenberger
2014-07-13 10:13 - 2014-07-13 10:13 - 00001576 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-13 10:13 - 2014-07-13 10:13 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-13 10:13 - 2014-07-13 10:13 - 00000000 ____D () C:\Program Files\iTunes
2014-07-13 10:13 - 2014-07-13 10:13 - 00000000 ____D () C:\Program Files\iPod
2014-07-13 10:13 - 2012-02-06 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-11 17:04 - 2014-07-11 17:04 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2014-07-11 17:04 - 2014-07-11 17:04 - 00000000 ____D () C:\Program Files\Unlocker
2014-07-11 16:56 - 2014-07-11 16:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-11 16:53 - 2014-07-11 16:53 - 00045960 _____ () C:\cc_20140711_165336.reg
2014-07-11 16:52 - 2012-02-04 02:17 - 00000000 ____D () C:\Windows\Panther
2014-07-11 16:48 - 2014-07-11 16:48 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-11 16:48 - 2014-07-11 16:48 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-11 16:48 - 2014-07-11 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-11 16:48 - 2014-07-11 16:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-11 03:02 - 2014-03-26 18:59 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-03-26 18:59 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-03-26 18:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-03-26 18:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-10 17:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 15:13 - 2014-07-10 15:13 - 00002247 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-10 15:13 - 2014-07-10 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-10 15:13 - 2012-02-03 19:25 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Local\Google
2014-07-10 15:13 - 2012-02-03 19:25 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-10 11:53 - 2014-07-10 11:53 - 00000815 _____ () C:\Users\EBerner.FRANKFURT\Desktop\JRT.txt
2014-07-10 11:39 - 2014-07-10 11:39 - 00000000 ____D () C:\Windows\ERUNT
2014-07-09 16:53 - 2014-05-06 19:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 16:53 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 16:53 - 2009-07-14 06:45 - 05275504 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 16:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 16:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 16:43 - 2012-02-03 18:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 16:42 - 2013-08-15 11:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 16:41 - 2012-02-03 17:55 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 14:29 - 2012-07-26 10:35 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 14:29 - 2012-03-30 08:10 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 14:29 - 2012-02-03 20:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 18:20 - 2013-01-28 09:16 - 00001227 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2014-07-08 18:20 - 2012-12-06 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-07-08 07:54 - 2012-02-06 14:38 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-07-08 07:40 - 2014-07-08 07:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-08 07:40 - 2014-07-08 07:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-08 07:40 - 2012-07-30 15:34 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-08 07:40 - 2012-07-30 15:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-08 07:40 - 2012-07-30 15:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-07-08 07:31 - 2014-07-08 07:31 - 00006820 _____ () C:\AdwCleaner[S1].txt
2014-07-08 07:08 - 2014-07-08 07:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-07-08 07:08 - 2014-07-08 07:08 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-07-07 10:51 - 2014-07-07 10:51 - 00002139 _____ () C:\Users\Public\Desktop\Google Earth Pro.lnk
2014-07-07 10:51 - 2014-07-07 10:51 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Roaming\Macromedia
2014-07-07 10:51 - 2014-07-07 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro
2014-07-07 10:09 - 2012-02-06 13:15 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-03 07:13 - 2013-05-17 16:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-30 11:08 - 2012-02-07 12:55 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Local\Mozilla
2014-06-30 04:09 - 2014-07-09 12:50 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-09 12:50 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-25 11:01 - 2012-02-09 13:52 - 00000000 ___RD () C:\Users\EBerner.FRANKFURT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-06-23 17:43 - 2012-02-03 19:25 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-23 17:43 - 2012-02-03 19:25 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-23 17:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-23 17:24 - 2012-11-26 14:16 - 00011726 _____ () C:\Windows\SysWOW64\switchboard.xml
2014-06-23 17:24 - 2012-11-26 14:16 - 00000000 ____D () C:\ESTOS
2014-06-23 17:15 - 2014-06-23 17:15 - 00000000 ___SD () C:\Citrix Anwendungen
2014-06-23 16:46 - 2013-08-14 16:28 - 00000000 ___RD () C:\Users\EBerner.FRANKFURT\Dropbox
2014-06-20 22:14 - 2014-07-09 12:50 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 21:39 - 2014-07-09 12:50 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-20 16:32 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-06-19 15:15 - 2014-06-19 15:15 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Local\Skype
2014-06-19 15:14 - 2014-06-19 15:14 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-19 15:14 - 2014-06-19 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-19 15:14 - 2013-07-24 13:21 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-19 15:14 - 2012-02-03 19:29 - 00000000 ____D () C:\ProgramData\Skype
2014-06-19 10:43 - 2012-06-08 16:16 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-06-19 03:39 - 2014-07-09 12:50 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 03:06 - 2014-07-09 12:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 03:06 - 2014-07-09 12:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-19 02:48 - 2014-07-09 12:50 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 02:42 - 2014-07-09 12:50 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-19 02:42 - 2014-07-09 12:50 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 02:41 - 2014-07-09 12:50 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-19 02:41 - 2014-07-09 12:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-19 02:32 - 2014-07-09 12:50 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 02:31 - 2014-07-09 12:50 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 02:26 - 2014-07-09 12:50 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-19 02:24 - 2014-07-09 12:50 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-19 02:24 - 2014-07-09 12:50 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-19 02:23 - 2014-07-09 12:50 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-19 02:16 - 2014-07-09 12:50 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-19 02:14 - 2014-07-09 12:50 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-19 02:09 - 2014-07-09 12:50 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 01:59 - 2014-07-09 12:50 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:56 - 2014-07-09 12:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-19 01:53 - 2014-07-09 12:50 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 01:51 - 2014-07-09 12:50 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 01:50 - 2014-07-09 12:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 01:48 - 2014-07-09 12:50 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 01:39 - 2014-07-09 12:50 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 01:38 - 2014-07-09 12:50 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-19 01:37 - 2014-07-09 12:50 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-19 01:36 - 2014-07-09 12:50 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-09 12:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-19 01:33 - 2014-07-09 12:50 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 01:32 - 2014-07-09 12:50 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-19 01:28 - 2014-07-09 12:50 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-19 01:28 - 2014-07-09 12:50 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-19 01:27 - 2014-07-09 12:50 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 01:27 - 2014-07-09 12:50 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-19 01:25 - 2014-07-09 12:50 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-19 01:23 - 2014-07-09 12:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-19 01:22 - 2014-07-09 12:50 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-19 01:12 - 2014-07-09 12:50 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-19 01:06 - 2014-07-09 12:50 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-09 12:50 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-19 00:59 - 2014-07-09 12:50 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-19 00:58 - 2014-07-09 12:50 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-19 00:58 - 2014-07-09 12:50 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-19 00:52 - 2014-07-09 12:50 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-19 00:51 - 2014-07-09 12:50 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-19 00:49 - 2014-07-09 12:50 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-19 00:46 - 2014-07-09 12:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-09 12:50 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-19 00:35 - 2014-07-09 12:50 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-19 00:34 - 2014-07-09 12:50 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-19 00:15 - 2014-07-09 12:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-19 00:13 - 2014-07-09 12:50 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-19 00:09 - 2014-07-09 12:50 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-19 00:07 - 2014-07-09 12:50 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-18 04:18 - 2014-07-09 12:50 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-18 03:51 - 2014-07-09 12:50 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-18 03:10 - 2014-07-09 12:50 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

Some content of TEMP:
====================
C:\Users\EBerner.FRANKFURT\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfdm2jh.dll
C:\Users\EBerner.FRANKFURT\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\EBerner.FRANKFURT\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 14:21

==================== End Of Log ============================
--- --- ---


Addition.txt:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2014
Ran by Enno at 2014-07-17 09:27:07
Running from C:\Users\Enno lokal\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Sophos Client Firewall (Disabled) {539079D2-74D9-BC45-BA38-256B34D54D52}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
ABBYY FineReader 10 Corporate Edition (HKLM-x32\...\{F1000000-0001-0000-0000-074957833700}) (Version: 10.501.154.7211 - ABBYY)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.10 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 6 Design Standard (HKLM-x32\...\{0327A4BF-62BF-48BB-8928-B971B749E9E1}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Adobe® Content Viewer (x32 Version: 3.4.3 - Adobe Systems, Incorporated) Hidden
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
Any PDF to DWG Converter 2010 (HKLM-x32\...\Any PDF to DWG Converter_is1) (Version:  - AnyDWG Software, Inc.)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoCAD LT 2011 - Deutsch (HKLM\...\AutoCAD LT 2011 - Deutsch) (Version: 18.1.49.0 - Autodesk)
AutoCAD LT 2011 - Deutsch (Version: 18.1.208.0 - Autodesk) Hidden
AutoCAD LT 2011 - Deutsch Version 3 (HKLM\...\AutoCAD LT 2011 - Deutsch Version 3) (Version: 1 - Autodesk)
AutoCAD LT 2011 Language Pack - Deutsch (Version: 18.1.49.0 - Autodesk) Hidden
AutoCAD LT 2012 - Deutsch SP2 (HKLM\...\AutoCAD LT 2012 - Deutsch SP2) (Version: 1 - Autodesk)
AutoCAD LT 2012 Language Pack - Deutsch (Version: 18.2.51.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}) (Version: 2.0.90 - Autodesk)
Autodesk Design Review 2011 (HKLM-x32\...\Autodesk Design Review 2011) (Version: 11.0.0.86 - Autodesk, Inc.)
Autodesk Design Review 2011 (x32 Version: 11.0.0.86 - Autodesk, Inc.) Hidden
Autodesk Material Library 2011 (HKLM-x32\...\{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2012 (HKLM-x32\...\{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2012 (HKLM-x32\...\{65420DC9-306E-4371-905F-F4DC3B418E52}) (Version: 2.5.0.8 - Autodesk)
ava-sign 4.6.0.2056                                        - (HKLM\...\ava-sign 4.6.0.2056_is1) (Version: 4.6.0.2056 - RIB Software AG)
AXIS Media Control Embedded (HKLM-x32\...\AXIS Media Control Embedded) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.0.2838 - CDBurnerXP)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.02040 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.02040 - Cisco Systems, Inc.) Hidden
Citrix Receiver (DV) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver (Enterprise) (HKLM-x32\...\CitrixOnlinePluginFull) (Version: 13.4.0.25 - Citrix Systems, Inc.)
Citrix Receiver (HDX Flash-Umleitung) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver (USB) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver Inside (x32 Version: 3.4.0.29585 - Citrix Systems, Inc.) Hidden
Citrix Receiver(PNA) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver(SSON) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Common (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
Contents (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
Corel VideoStudio Pro X4 (HKLM-x32\...\_{AA902C31-B49D-4608-BCCF-2519EB77722D}) (Version: 14.3.0.5 - Corel Corporation)
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.0 - REINER SCT)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
DeviceIO (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
DTAUS 2011 Profi (HKLM-x32\...\DTAUS 2011 Profi) (Version:  - Yokey Software)
DTAUS 2011 Profi (x32 Version: 1.0.0 - Yokey Software) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESS Energie Indikator (HKLM-x32\...\{AA56C866-27E0-4178-876C-6A18FA7715D8}) (Version: 20.14.0 - Nemetschek Allplan GmbH)
ESTOS ProCall (HKLM-x32\...\{F2D50027-E910-4C2C-AC57-E7D806AAE64E}) (Version: 4.1.10.20036 - ESTOS)
File Repair (HKLM-x32\...\File Repair_is1) (Version:  - File Repair)
FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
Flight Planner 6 (HKLM-x32\...\Flight Planner_is1) (Version: 6.0.0.30 - ifos GmbH)
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: 4.3.1.118 - Foxit Corporation)
Free FLV Converter V 7.6.1 (HKLM-x32\...\Free FLV Converter_is1) (Version: 7.6.1.0 - Koyote Lab Inc.)
FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
FRITZ!Fernzugang (HKLM\...\{5001E5BC-C9BF-4598-AB89-E7318C76C5F4}) (Version: 1.2.6 - AVM Berlin)
GAEB-Konverter Version 8 (HKLM-x32\...\{4B4F626E-6EAF-4D9E-9C42-FB2529360F16}) (Version: 8.0.183 - T&&T Datentechnik GmbH)
General Runtime Files for Allplan 2014-1-1 (x32 Version: 1.8.1.0 - Nemetschek Allplan Systems GmbH) Hidden
General Runtime Files for Allplan 2014-1-1 x64 (Version: 1.5.0.0 - Nemetschek Allplan Systems GmbH) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
H.264 AVC Player 0.9.63 (HKLM-x32\...\H.264 AVC Player) (Version: 0.9.63 - VideoLAN Team)
HiPath 3000 Manager E  68.50.703.0 (HKLM-x32\...\{4736607E-57BF-11D4-9881-005004EDBBBD}) (Version:  - )
HP Printer Utility (HKLM-x32\...\{F46B6BF8-93C8-456A-B97D-C2B41D4E9381}) (Version: 1.4.0.14 - Ihr Firmenname)
HP Proactive Services (HKLM-x32\...\{7527CD9F-894E-47B3-9AFB-3E680E007051}) (Version: 1.6.0.37 - Ihr Firmenname)
ICA (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Img2CAD 7.1 (HKLM-x32\...\Img2CAD_is1) (Version:  - Img2CAD, Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
IPM_VS_Pro (x32 Version: 13.0 - Corel Corporation) Hidden
ISCOM (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{A047101C-A3AE-4FAD-802F-01C965079F66}) (Version: 11.1.3010.3 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{99AC7F47-A4E0-4706-9C65-8948775C2652}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 (HKLM\...\{BBBE35B2-9349-3C48-BD3D-F574B17C7924}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nemetschek Allplan 2014 (HKLM-x32\...\{669D6EB8-28DD-4F5C-A7C3-5DCB53F59691}) (Version: 2014.0 - Nemetschek Allplan Systems GmbH)
Nemetschek SoftLock 2006 (HKLM-x32\...\{7262D0C8-41CC-4F75-8383-A6C7C61D7FC6}) (Version: 1.26.55 - Nemetschek Allplan Systems GmbH)
Nitro Reader 3 (HKLM\...\{47220B83-D895-4262-9227-E5D8FA7F7384}) (Version: 3.5.2.10 - Nitro)
Offerte_L (HKLM-x32\...\{00514709-D0BF-4C47-9858-2AA4042F6E91}) (Version: 3.1.000 - RIB Software AG)
Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Passware Kit Enterprise 7.9 (HKLM-x32\...\Passware Kit Enterprise) (Version:  - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PhotoSync (HKLM\...\{3F96040E-35BB-4EE2-89F6-8948F3B4514A}) (Version: 2.2.1 - touchbyte GmbH)
PureHD (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5883 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
SEPA Account Converter (HKLM-x32\...\{1C3147A7-4810-45FC-AD89-064D8023A514}) (Version: 1.24.0 - Star Finanz GmbH)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Setup (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
Share (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
Share64 (Version: 14.0.0.342 - Corel Corporation) Hidden
SketchUp 8 (HKLM-x32\...\{B8F4A45C-581C-4707-8EF2-2B9E6722270C}) (Version: 3.0.16944 - Trimble Navigation Limited)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.6 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.6 - SmartSound Software Inc.) Hidden
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.7 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{D924231F-D02D-4E0B-B511-CC4A0E3ED547}) (Version: 3.1.1.18 - Sophos Limited)
Sophos Client Firewall (HKLM-x32\...\{A805FB2A-A844-4cba-8088-CA64087D59E1}) (Version: 2.9.4 - Sophos Limited)
Sophos Remote Management System (HKLM-x32\...\{FED1005D-CBC8-45D5-A288-FFC7BB304121}) (Version: 3.4.1 - Sophos Limited)
StarMoney (x32 Version: 3.0.0.124 - StarFinanz) Hidden
StarMoney (x32 Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney Business 6.0  (HKLM-x32\...\{EE6AD847-8CA7-4FE6-AD05-B275E3761152}) (Version: 6.0 - Star Finanz GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VIO (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
VSClassic (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
VSPro (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
Wise Registry Cleaner 8.21 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.21 - WiseCleaner.com, Inc.)

==================== Restore Points  =========================

15-07-2014 19:03:45 Geplanter Prüfpunkt
16-07-2014 06:11:29 Installed Java 7 Update 65

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2B824B35-8A2E-44C8-8D11-C27059FC4EA9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {73180A98-627A-4015-8FF8-382E15FC32A1} - System32\Tasks\WebContent AutoUpdate 2014 => D:\Program Files\Allplan\prg\NemDownloadHandler.exe [2014-03-15] (Nemetschek Allplan Systems GmbH)
Task: {88481D14-A5E1-4837-834E-BF5D06D7F079} - System32\Tasks\AutoUpdate Allplan 2014 => D:\Program Files\Allplan\prg\NemDownloadHandler.exe [2014-03-15] (Nemetschek Allplan Systems GmbH)
Task: {8FB75C6E-2DE0-4928-A72F-A8D2F44527F2} - System32\Tasks\{D3E4BAAE-B173-4F86-BA73-C0E2C6BE5B05} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.5.0.124.261&amp;LastError=12002
Task: {A023BF91-F5D8-4236-88BD-DF75D67DDCA2} - System32\Tasks\AdobeAAMUpdater-1.0-FRANKFURT-eberner => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {C7E4CA4D-6B72-4EA0-9BE0-CE1A32E0F159} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E18B5E2B-2101-4831-859C-C03C32C0CCE8} - \CreateChoiceProcessTask No Task File <==== ATTENTION
Task: {EDC6F085-64F3-424E-B1C3-4894C30BBADD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {F4E9A053-A7FB-4894-9C85-F18B8808ECF0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-03] (Google Inc.)
Task: {FCDA0835-EA78-4497-8AAE-09D7B465CAE0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-03] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoUpdate Allplan 2014.job => D:\Program Files\Allplan\prg\NemDownloadHandler.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WebContent AutoUpdate 2014.job => D:\Program Files\Allplan\prg\NemDownloadHandler.exe

==================== Loaded Modules (whitelisted) =============

2011-02-02 14:08 - 2011-02-02 14:08 - 00018656 _____ () C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2013-01-24 09:34 - 2013-01-24 09:34 - 00063408 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-03 20:12 - 2007-05-31 07:38 - 00167936 ____N () C:\Windows\SysWOW64\SerialXP.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 01055808 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 01539136 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 00183360 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_DynamicAny.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 00760896 _____ () C:\Program Files (x86)\Sophos\Remote Management System\LIBEAY32.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 00146496 _____ () C:\Program Files (x86)\Sophos\Remote Management System\SSLEAY32.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 00076864 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE_SSL.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 00535616 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PortableServer.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 00244800 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_SSLIOP.DLL
2012-09-17 13:39 - 2012-09-17 13:39 - 00740416 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Security.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 00039488 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Valuetype.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 00244800 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_SSLIOP.dll
2014-05-08 13:22 - 2014-05-08 13:22 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Sophos Client Firewall => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Sophos Client Firewall Manager => ""="service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: ABBYY.Licensing.FineReader.Corporate.10.0 => 2
MSCONFIG\Services: TMBMServer => 3
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Bonus.SSR.FR10 => "D:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DameWare MRC Agent => C:\Windows\SysWOW64\DWRCST.exe
MSCONFIG\startupreg: Download Protect => C:\ProgramData\dlprotect.exe
MSCONFIG\startupreg: iTunesHelper => "D:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: PUStarter => C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\Appinterfaces\HPPUDS.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RunPUTasktray => "C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\HPPU.exe" --regkeypath=Software\Hewlett-Packard\HP Printer Utility\HPPURun --valuename=InstallTTM

==================== Faulty Device Manager Devices =============

Name: PS/2-kompatible Maus
Description: PS/2-kompatible Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/17/2014 09:11:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/16/2014 02:45:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/16/2014 09:03:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/16/2014 08:58:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm OUTLOOK.EXE, Version 14.0.7113.5000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1bc4

Startzeit: 01cfa0bceb343c0b

Endzeit: 16

Anwendungspfad: D:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

Berichts-ID: 824fb3e3-0cb6-11e4-80ef-180373c92681

Error: (07/15/2014 08:04:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2014 07:29:34 PM) (Source: Microsoft Office 14) (EventID: 2001) (User: )
Description: Microsoft Outlook: Rejected Safe Mode action : Outlook konnte zuletzt nicht korrekt gestartet werden. Das Starten von Outlook im abgesicherten Modus hilft Ihnen, ein Startproblem zu korrigieren oder zu isolieren, sodass Sie das Programm erfolgreich starten können. Einige Funktionen können in diesem Modus deaktiviert sein.

Möchten Sie Outlook im abgesicherten Modus starten?.
Rejected Safe Mode action : Microsoft Outlook.

Error: (07/15/2014 07:27:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm rundll32.exe, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 564

Startzeit: 01cfa051d632302a

Endzeit: 27715

Anwendungspfad: C:\Windows\SysWOW64\rundll32.exe

Berichts-ID: 35126faf-0c45-11e4-a6b0-180373c92681

Error: (07/15/2014 07:25:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm rundll32.exe, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 79c

Startzeit: 01cfa05187b22e17

Endzeit: 0

Anwendungspfad: C:\Windows\SysWOW64\rundll32.exe

Berichts-ID: 0d720291-0c45-11e4-a6b0-180373c92681

Error: (07/15/2014 07:13:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004a713
ID des fehlerhaften Prozesses: 0xe94
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3

Error: (07/15/2014 07:08:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/16/2014 02:10:15 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (07/16/2014 01:50:27 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (07/16/2014 01:50:13 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (07/16/2014 01:45:55 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (07/16/2014 01:45:45 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (07/16/2014 01:43:17 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (07/16/2014 01:43:13 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (07/16/2014 01:42:35 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (07/16/2014 01:35:33 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (07/16/2014 01:35:18 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.


Microsoft Office Sessions:
=========================
Error: (07/17/2014 09:11:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/16/2014 02:45:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/16/2014 09:03:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/16/2014 08:58:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OUTLOOK.EXE14.0.7113.50001bc401cfa0bceb343c0b16D:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE824fb3e3-0cb6-11e4-80ef-180373c92681

Error: (07/15/2014 08:04:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2014 07:29:34 PM) (Source: Microsoft Office 14) (EventID: 2001) (User: )
Description: Microsoft OutlookOutlook konnte zuletzt nicht korrekt gestartet werden. Das Starten von Outlook im abgesicherten Modus hilft Ihnen, ein Startproblem zu korrigieren oder zu isolieren, sodass Sie das Programm erfolgreich starten können. Einige Funktionen können in diesem Modus deaktiviert sein.

Möchten Sie Outlook im abgesicherten Modus starten?

Error: (07/15/2014 07:27:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: rundll32.exe6.1.7600.1638556401cfa051d632302a27715C:\Windows\SysWOW64\rundll32.exe35126faf-0c45-11e4-a6b0-180373c92681

Error: (07/15/2014 07:25:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: rundll32.exe6.1.7600.1638579c01cfa05187b22e170C:\Windows\SysWOW64\rundll32.exe0d720291-0c45-11e4-a6b0-180373c92681

Error: (07/15/2014 07:13:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c00000050004a713e9401cfa04fca05987cC:\temp\Trojaner Board\Gmer-19357.exeC:\temp\Trojaner Board\Gmer-19357.exe6802dc46-0c43-11e4-a6b0-180373c92681

Error: (07/15/2014 07:08:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-03-05 09:26:58.442
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-05 09:26:58.427
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 25%
Total physical RAM: 8148.93 MB
Available physical RAM: 6038.9 MB
Total Pagefile: 16296.05 MB
Available Pagefile: 14104.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:19.56 GB) NTFS
Drive d: (D_SOPC16) (Fixed) (Total:438.58 GB) (Free:279.34 GB) NTFS
Drive e: (E_SOPC16_1TB) (Fixed) (Total:931.51 GB) (Free:354.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 776FB738)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 1DA41F31)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=439 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 7A61FFC2)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Grüsse aus Frankfurt/M.
Enno

M-K-D-B 17.07.2014 13:36
Gut gemacht.



Und jetzt vom Desktop folgendes ausführen:



Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
FF HKLM-x32\...\Firefox\Extensions: [{FFB08C48-22DA-4362-8550-61BB5839581F}] - C:\Windows\Installer\{5C41BF85-3613-4A18-91F6-7670184E683E}\{FFB08C48-22DA-4362-8550-61BB5839581F}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{5C41BF85-3613-4A18-91F6-7670184E683E}\{FFB08C48-22DA-4362-8550-61BB5839581F}.xpi [2014-07-15]
C:\Windows\Installer\{5C41BF85-3613-4A18-91F6-7670184E683E}
BHO: No Name -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} ->  No File
BHO-x32: No Name -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} ->  No File
DPF: HKLM-x32 {73481434-2EE1-4377-B3E8-5C13A1D2AF4A} hxxp://59.124.49.18/wap/Lilin.cab
DPF: HKLM-x32 {9BE31822-FDAD-461B-AD51-BE1D1C159921} hxxp://59.124.49.18/wap/axvlc.cab
C:\Program Files\{2FE6C9B6-B8E4-4FD7-A1CA-734A89606A00}
Reboot:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    :regfind
    DownloadProtect
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.






Schritt 3
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Gibt es noch Probleme mit Download Protect? Wenn ja, in welchem Browser?





Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix
  • die Logdatei von SystemLook,
  • die beiden neuen Logdateien von FRST,
  • die Beantwortung der gestellten Fragen.

EBerner 17.07.2014 14:19
Hi,

habe alles wie beschrieben ausgeführt. Hier die logs:

Fixlog:
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-07-2014
Ran by Enno at 2014-07-17 15:02:30 Run:2
Running from C:\Users\Enno lokal\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
FF HKLM-x32\...\Firefox\Extensions: [{FFB08C48-22DA-4362-8550-61BB5839581F}] - C:\Windows\Installer\{5C41BF85-3613-4A18-91F6-7670184E683E}\{FFB08C48-22DA-4362-8550-61BB5839581F}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{5C41BF85-3613-4A18-91F6-7670184E683E}\{FFB08C48-22DA-4362-8550-61BB5839581F}.xpi [2014-07-15]
C:\Windows\Installer\{5C41BF85-3613-4A18-91F6-7670184E683E}
BHO: No Name -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} ->  No File
BHO-x32: No Name -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} ->  No File
DPF: HKLM-x32 {73481434-2EE1-4377-B3E8-5C13A1D2AF4A} hxxp://59.124.49.18/wap/Lilin.cab
DPF: HKLM-x32 {9BE31822-FDAD-461B-AD51-BE1D1C159921} hxxp://59.124.49.18/wap/axvlc.cab
C:\Program Files\{2FE6C9B6-B8E4-4FD7-A1CA-734A89606A00}
Reboot:
end
*****************

HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{FFB08C48-22DA-4362-8550-61BB5839581F} => value deleted successfully.
C:\Windows\Installer\{5C41BF85-3613-4A18-91F6-7670184E683E}\{FFB08C48-22DA-4362-8550-61BB5839581F}.xpi => Moved successfully.
C:\Windows\Installer\{5C41BF85-3613-4A18-91F6-7670184E683E} => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}' => Key deleted successfully.
'HKCR\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{73481434-2EE1-4377-B3E8-5C13A1D2AF4A}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{73481434-2EE1-4377-B3E8-5C13A1D2AF4A}' => Key deleted successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{9BE31822-FDAD-461B-AD51-BE1D1C159921}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{9BE31822-FDAD-461B-AD51-BE1D1C159921}' => Key deleted successfully.
C:\Program Files\{2FE6C9B6-B8E4-4FD7-A1CA-734A89606A00} => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====
Systemlook:
Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 15:06 on 17/07/2014 by Enno
Administrator - Elevation successful

========== regfind ==========

Searching for "DownloadProtect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DPBHO.DownloadProtect]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DPBHO.DownloadProtect]
@="DownloadProtect Extension"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DPBHO.DownloadProtect\CurVer]
@="DPBHO.DownloadProtect.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DPBHO.DownloadProtect.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DPBHO.DownloadProtect.1]
@="DownloadProtect Extension"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F2DB3739-77FB-41EB-9ED3-ABF34DF2DBF7}]
@="IDownloadProtect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F2DB3739-77FB-41EB-9ED3-ABF34DF2DBF7}]
@="IDownloadProtect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{F2DB3739-77FB-41EB-9ED3-ABF34DF2DBF7}]
@="IDownloadProtect"

-= EOF =-
FRST:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014
Ran by Enno (administrator) on SOPC16 on 17-07-2014 15:07:59
Running from C:\Users\Enno lokal\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFManager.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFService.exe
(Nemetschek Allplan Systems GmbH) C:\Program Files\Nemetschek\AllplanUpdateLauncher 2014\AllplanUpdateLauncher.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(DameWare Development LLC) C:\Windows\SysWOW64\DWRCS.EXE
(ESTOS GmbH) C:\Windows\System32\eacusrv.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sdcservice.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(DameWare Development) C:\Windows\SysWOW64\DWRCST.EXE
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\pnamain.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Apple Inc.) D:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(ESTOS GmbH) C:\Program Files (x86)\ESTOS\ProCall 4\ECtiClient.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ESTOS GmbH) C:\Program Files (x86)\ESTOS\ProCall 4\Communicator.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) D:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2907240 2010-10-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SMB60StarMoneyRunEntry] => "S:\StarMoney Business 6.0\app\oflagent.exe"
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1617704 2014-05-21] (Sophos Limited)
HKLM-x32\...\Run: [iTunesHelper] => D:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [ECtiClient] => C:\Program Files (x86)\ESTOS\ProCall 4\eCtiClient.exe [21245240 2013-01-18] (ESTOS GmbH)
HKLM-x32\...\Run: [DameWare MRC Agent] => C:\Windows\SysWOW64\DWRCST.exe [85528 2010-04-07] (DameWare Development)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Receiver.lnk
ShortcutTarget: Receiver.lnk -> C:\Windows\Installer\{7093E21A-5E1F-4EB0-B867-F11D1FC0E9AD}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe ()
Startup: C:\Users\EBerner.FRANKFURT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> \\FILESERVER\CTX_Userdirs$\eberner\Anwendungsdaten\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\HFrankenberger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Estos ProCall.lnk
ShortcutTarget: Estos ProCall.lnk -> C:\Program Files (x86)\Citrix\ICA Client\pnagent.exe (Citrix Systems, Inc.)
Startup: C:\Users\HFrankenberger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook.lnk
ShortcutTarget: Microsoft Outlook.lnk -> C:\Program Files (x86)\Citrix\ICA Client\pnagent.exe (Citrix Systems, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: Symbol-Overlay-Steuerprogramm für AutoCAD Digitale Signaturen -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {08D75BB0-D2B5-11D1-88FC-0080C859833B} https://antivirus.frankfurt.local:4343/officescan/console/ClientInstall/setupini.cab
DPF: HKLM-x32 {9BBB3919-F518-4D06-8209-299FC243FC44} https://antivirus.frankfurt.local:4343/SMB/console/html/root/AtxEnc.cab
DPF: HKLM-x32 {BA7A56EB-D1B9-443B-96E9-086532A378F1} hxxp://192.168.20.90/activex/decoder/aac_dec.cab
DPF: HKLM-x32 {C32FE9F1-A857-48B0-B7BF-065B5792F28D} hxxp://192.168.20.90/activex/decoder/intel_mpeg4_dec.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://192.168.20.90/activex/AMC.cab
DPF: HKLM-x32 {FF3BA0DA-79B5-4110-8FAC-C402D85AAEDA} hxxp://landshutpark.no-ip.biz:8081/view.cab
Handler: HPPUDCS - {522CC7E5-F378-4F97-8BD7-125D17F5B332} -  No File
Handler: hppufile - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} -  No File
Handler: hppusam - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} -  No File
Handler: hppuzip - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} -  No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
Handler-x32: HPPUDCS - {522CC7E5-F378-4F97-8BD7-125D17F5B332} - C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\APP\hplidcsapp.dll (Hewlett-Packard Company)
Handler-x32: hppufile - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
Handler-x32: hppusam - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
Handler-x32: hppuzip - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.20.1 192.168.20.2

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-10-12]
FF StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Services (Whitelisted) =================

S4 ABBYY.Licensing.FineReader.Corporate.10.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [814344 2009-12-19] (ABBYY)
R2 AllplanUpdateLauncher 2014; C:\Program Files\Nemetschek\AllplanUpdateLauncher 2014\AllplanUpdateLauncher.exe [16680 2014-03-15] (Nemetschek Allplan Systems GmbH)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [336248 2012-02-02] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143736 2011-10-31] (AVM Berlin)
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
R2 DWMRCS; C:\Windows\SysWOW64\DWRCS.EXE [246120 2010-07-02] (DameWare Development LLC) [File not signed]
R2 EACUSrv; C:\Windows\system32\EACUSrv.exe [6876008 2014-01-21] (ESTOS GmbH)
S3 edsservice; C:\Program Files (x86)\ESTOS\ProCall 4\EDeskShareService.exe [652632 2013-01-18] (ESTOS GmbH)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [189304 2011-10-31] (AVM Berlin)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-05-21] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [205096 2014-05-21] (Sophos Limited)
R2 Sophos Agent; C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe [289856 2012-09-17] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [341800 2014-05-21] (Sophos Limited)
R2 Sophos Client Firewall; C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFService.exe [64808 2014-05-21] (Sophos Limited)
R2 Sophos Client Firewall Manager; C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFManager.exe [158504 2014-05-21] (Sophos Limited)
R3 Sophos Device Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sdcservice.exe [655144 2014-05-21] (Sophos Limited)
R2 Sophos Message Router; C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe [818240 2012-09-17] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [355624 2014-05-21] (Sophos Limited)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3174696 2014-05-21] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2065704 2014-05-21] (Sophos Limited)

==================== Drivers (Whitelisted) ====================

R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
S3 Ctxusbr; C:\Windows\System32\DRIVERS\ctxusbr.sys [66096 2011-06-29] (Citrix Systems, Inc.)
R1 dwvkbd; C:\Windows\System32\DRIVERS\dwvkbd64.sys [30720 2007-02-15] (DameWare)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [1980648 2010-10-04] (Realtek Semiconductor Corp.)
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2011-07-05] (AVM Berlin)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2014-05-21] (Sophos Limited)
R1 scfdriver; C:\Windows\system32\Drivers\scfdriver.sys [102688 2012-03-06] (Sophos Limited)
R1 scfndis; C:\Windows\System32\DRIVERS\scfndis.sys [55072 2012-03-06] (Sophos Limited)
R3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2014-05-21] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2014-05-21] (Sophos Limited)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [200720 2009-07-15] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [339984 2009-07-15] (Trend Micro Inc.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-17 15:07 - 2014-07-17 15:08 - 00027243 _____ () C:\Users\Enno lokal\Desktop\FRST.txt
2014-07-17 15:06 - 2014-07-17 15:06 - 00001918 _____ () C:\Users\Enno lokal\Desktop\SystemLook.txt
2014-07-17 15:00 - 2014-07-17 14:58 - 00165376 _____ () C:\Users\Enno lokal\Desktop\SystemLook_x64.exe
2014-07-17 09:27 - 2014-07-17 09:27 - 00047891 _____ () C:\Users\Enno lokal\Desktop\Addition1.txt
2014-07-17 09:26 - 2014-07-17 09:27 - 00067405 _____ () C:\Users\Enno lokal\Desktop\FRST1.txt
2014-07-16 14:25 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-16 09:01 - 2014-07-16 14:43 - 00000830 _____ () C:\Windows\PFRO.log
2014-07-16 08:11 - 2014-07-16 08:11 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-16 08:11 - 2014-07-16 08:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-15 21:06 - 2014-07-15 21:06 - 00000000 ____D () C:\Program Files\{0FA0DD30-953C-487C-AA36-695CC397C564}
2014-07-15 21:06 - 2014-07-15 21:06 - 00000000 ____D () C:\Program Files (x86)\{D328D952-2134-40CF-8852-531211E58EC1}
2014-07-15 20:02 - 2014-07-15 20:02 - 785807861 _____ () C:\Windows\MEMORY.DMP
2014-07-15 20:02 - 2014-07-15 20:02 - 00521456 _____ () C:\Windows\Minidump\071514-32339-01.dmp
2014-07-15 19:10 - 2014-07-17 15:08 - 00000000 ____D () C:\FRST
2014-07-15 19:07 - 2014-07-16 15:05 - 00000000 ____D () C:\Users\Enno lokal
2014-07-15 19:07 - 2014-07-15 19:07 - 00154792 _____ () C:\Users\Enno lokal\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-15 19:07 - 2014-07-15 19:07 - 00001421 _____ () C:\Users\Enno lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-15 19:07 - 2014-07-15 19:07 - 00000020 ___SH () C:\Users\Enno lokal\ntuser.ini
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Vorlagen
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Startmenü
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Netzwerkumgebung
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Lokale Einstellungen
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Eigene Dateien
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Druckumgebung
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Documents\Eigene Musik
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Documents\Eigene Bilder
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\AppData\Local\Verlauf
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\AppData\Local\Anwendungsdaten
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Anwendungsdaten
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Roaming\ICAClient
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Roaming\ESTOS
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Roaming\ATI
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Roaming\Apple Computer
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Roaming\Adobe
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\Google
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\Citrix
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\ATI
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\Adobe
2014-07-15 19:07 - 2013-02-19 14:27 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\ESTOS
2014-07-15 19:07 - 2012-06-08 16:19 - 00000000 ____D () C:\Users\Enno lokal\AppData\Roaming\Macromedia
2014-07-15 19:07 - 2012-04-12 17:40 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\Microsoft Help
2014-07-15 19:07 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Enno lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-15 19:07 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Enno lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-15 18:59 - 2014-07-15 18:59 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2014-07-15 18:59 - 2014-07-15 18:59 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2014-07-15 18:54 - 2014-07-15 18:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-15 18:54 - 2014-07-15 18:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ESTOS
2014-07-15 18:51 - 2014-07-15 18:44 - 00380416 _____ () C:\Users\Enno lokal\Desktop\Gmer-19357.exe
2014-07-15 18:51 - 2014-07-15 18:43 - 02086912 _____ (Farbar) C:\Users\Enno lokal\Desktop\FRST64.exe
2014-07-15 18:51 - 2014-07-15 18:43 - 00050477 _____ () C:\Users\Enno lokal\Desktop\Defogger.exe
2014-07-14 09:37 - 2014-07-14 09:37 - 00000000 ____D () C:\Users\HFrankenberger\AppData\Local\Google
2014-07-13 10:13 - 2014-07-13 10:13 - 00001576 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-13 10:13 - 2014-07-13 10:13 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-13 10:13 - 2014-07-13 10:13 - 00000000 ____D () C:\Program Files\iTunes
2014-07-13 10:13 - 2014-07-13 10:13 - 00000000 ____D () C:\Program Files\iPod
2014-07-11 17:04 - 2014-07-11 17:04 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2014-07-11 17:04 - 2014-07-11 17:04 - 00000000 ____D () C:\Program Files\Unlocker
2014-07-11 16:56 - 2014-07-17 15:03 - 00000616 _____ () C:\Windows\setupact.log
2014-07-11 16:56 - 2014-07-11 16:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-11 16:53 - 2014-07-11 16:53 - 00045960 _____ () C:\cc_20140711_165336.reg
2014-07-11 16:48 - 2014-07-11 16:48 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-11 16:48 - 2014-07-11 16:48 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-11 16:48 - 2014-07-11 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-11 16:48 - 2014-07-11 16:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-10 15:13 - 2014-07-10 15:13 - 00002247 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-10 15:13 - 2014-07-10 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-10 11:53 - 2014-07-10 11:53 - 00000815 _____ () C:\Users\EBerner.FRANKFURT\Desktop\JRT.txt
2014-07-10 11:39 - 2014-07-10 11:39 - 00000000 ____D () C:\Windows\ERUNT
2014-07-09 12:50 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 12:50 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 12:50 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 12:50 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 12:50 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 12:50 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 12:50 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 12:50 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 12:50 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 12:50 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 12:50 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 12:50 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 12:50 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 12:50 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 12:50 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 12:50 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 12:50 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 12:50 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 12:50 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 12:50 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 12:50 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 12:50 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 12:50 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 12:50 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 12:50 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 12:50 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 12:50 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 12:50 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 12:50 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 12:50 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 12:50 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 12:50 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 12:50 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 12:50 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 12:50 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 12:50 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 12:50 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 12:50 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 12:50 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 12:50 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 12:50 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 12:50 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 12:50 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 12:50 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 12:50 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 12:50 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 12:50 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 12:50 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 12:50 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 12:50 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 12:50 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 12:50 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 12:50 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 12:50 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 12:50 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 12:50 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 12:50 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 12:50 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 12:50 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 12:50 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 12:50 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 12:50 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 12:50 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 12:50 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 12:50 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 12:50 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-09 12:50 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 12:50 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 12:50 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 12:50 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 12:50 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 12:50 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 12:50 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 12:50 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 12:50 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 12:50 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 12:50 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 12:50 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 12:50 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 12:50 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 12:50 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 07:41 - 2014-07-16 14:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-08 07:40 - 2014-07-08 07:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-08 07:40 - 2014-07-08 07:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-08 07:40 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-08 07:40 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-08 07:31 - 2014-07-08 07:31 - 00006820 _____ () C:\AdwCleaner[S1].txt
2014-07-08 07:08 - 2014-07-08 07:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-07-08 07:08 - 2014-07-08 07:08 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-07-07 10:51 - 2014-07-07 10:51 - 00002139 _____ () C:\Users\Public\Desktop\Google Earth Pro.lnk
2014-07-07 10:51 - 2014-07-07 10:51 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Roaming\Macromedia
2014-07-07 10:51 - 2014-07-07 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro
2014-06-23 17:15 - 2014-06-23 17:15 - 00000000 ___SD () C:\Citrix Anwendungen
2014-06-19 15:15 - 2014-06-19 15:15 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Local\Skype
2014-06-19 15:14 - 2014-06-19 15:14 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-19 15:14 - 2014-06-19 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

==================== One Month Modified Files and Folders =======

2014-07-17 15:08 - 2014-07-17 15:07 - 00027243 _____ () C:\Users\Enno lokal\Desktop\FRST.txt
2014-07-17 15:08 - 2014-07-15 19:10 - 00000000 ____D () C:\FRST
2014-07-17 15:06 - 2014-07-17 15:06 - 00001918 _____ () C:\Users\Enno lokal\Desktop\SystemLook.txt
2014-07-17 15:06 - 2012-02-03 17:20 - 01912306 _____ () C:\Windows\WindowsUpdate.log
2014-07-17 15:05 - 2012-02-03 19:25 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-17 15:03 - 2014-07-11 16:56 - 00000616 _____ () C:\Windows\setupact.log
2014-07-17 15:03 - 2012-03-07 08:42 - 00000142 _____ () C:\Windows\ODBC.INI
2014-07-17 15:03 - 2012-02-03 18:03 - 00000136 _____ () C:\Windows\system32\config\netlogon.ftl
2014-07-17 15:03 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-17 14:58 - 2014-07-17 15:00 - 00165376 _____ () C:\Users\Enno lokal\Desktop\SystemLook_x64.exe
2014-07-17 14:58 - 2012-02-09 15:50 - 00000000 ____D () C:\temp
2014-07-17 14:57 - 2014-05-22 16:48 - 00000596 _____ () C:\Windows\Tasks\WebContent AutoUpdate 2014.job
2014-07-17 14:48 - 2012-02-03 19:25 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-17 14:29 - 2012-07-26 10:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-17 09:27 - 2014-07-17 09:27 - 00047891 _____ () C:\Users\Enno lokal\Desktop\Addition1.txt
2014-07-17 09:27 - 2014-07-17 09:26 - 00067405 _____ () C:\Users\Enno lokal\Desktop\FRST1.txt
2014-07-17 09:20 - 2014-06-16 07:24 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Local\Adobe
2014-07-17 09:17 - 2012-02-04 02:15 - 00724958 _____ () C:\Windows\system32\perfh007.dat
2014-07-17 09:17 - 2012-02-04 02:15 - 00157574 _____ () C:\Windows\system32\perfc007.dat
2014-07-17 09:17 - 2009-07-14 07:13 - 01688188 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-17 09:17 - 2009-07-14 06:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-17 09:17 - 2009-07-14 06:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-16 15:05 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal
2014-07-16 14:43 - 2014-07-16 09:01 - 00000830 _____ () C:\Windows\PFRO.log
2014-07-16 14:26 - 2014-07-08 07:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-16 09:01 - 2014-05-22 16:48 - 00000440 _____ () C:\Windows\Tasks\AutoUpdate Allplan 2014.job
2014-07-16 09:01 - 2012-02-03 18:04 - 00019675 __RSH () C:\ProgramData\ntuser.pol
2014-07-16 09:00 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-16 08:12 - 2014-03-26 18:59 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-16 08:11 - 2014-07-16 08:11 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-16 08:11 - 2014-07-16 08:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-16 08:11 - 2014-03-26 18:59 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-15 21:06 - 2014-07-15 21:06 - 00000000 ____D () C:\Program Files\{0FA0DD30-953C-487C-AA36-695CC397C564}
2014-07-15 21:06 - 2014-07-15 21:06 - 00000000 ____D () C:\Program Files (x86)\{D328D952-2134-40CF-8852-531211E58EC1}
2014-07-15 20:02 - 2014-07-15 20:02 - 785807861 _____ () C:\Windows\MEMORY.DMP
2014-07-15 20:02 - 2014-07-15 20:02 - 00521456 _____ () C:\Windows\Minidump\071514-32339-01.dmp
2014-07-15 20:02 - 2012-02-08 15:21 - 00000000 ____D () C:\Windows\Minidump
2014-07-15 19:07 - 2014-07-15 19:07 - 00154792 _____ () C:\Users\Enno lokal\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-15 19:07 - 2014-07-15 19:07 - 00001421 _____ () C:\Users\Enno lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-15 19:07 - 2014-07-15 19:07 - 00000020 ___SH () C:\Users\Enno lokal\ntuser.ini
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Vorlagen
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Startmenü
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Netzwerkumgebung
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Lokale Einstellungen
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Eigene Dateien
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Druckumgebung
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Documents\Eigene Musik
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Documents\Eigene Bilder
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\AppData\Local\Verlauf
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\AppData\Local\Anwendungsdaten
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 _SHDL () C:\Users\Enno lokal\Anwendungsdaten
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Roaming\ICAClient
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Roaming\ESTOS
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Roaming\ATI
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Roaming\Apple Computer
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Roaming\Adobe
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\Google
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\Citrix
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\ATI
2014-07-15 19:07 - 2014-07-15 19:07 - 00000000 ____D () C:\Users\Enno lokal\AppData\Local\Adobe
2014-07-15 19:07 - 2012-04-27 19:21 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-07-15 18:59 - 2014-07-15 18:59 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2014-07-15 18:59 - 2014-07-15 18:59 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2014-07-15 18:54 - 2014-07-15 18:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-15 18:54 - 2014-07-15 18:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ESTOS
2014-07-15 18:54 - 2012-04-27 19:22 - 00154792 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-15 18:54 - 2012-04-27 19:21 - 00001421 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-15 18:54 - 2012-04-27 19:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-07-15 18:52 - 2012-03-12 11:28 - 00000250 ___SH () C:\Users\HFrankenberger\ntuser.ini
2014-07-15 18:44 - 2014-07-15 18:51 - 00380416 _____ () C:\Users\Enno lokal\Desktop\Gmer-19357.exe
2014-07-15 18:43 - 2014-07-15 18:51 - 02086912 _____ (Farbar) C:\Users\Enno lokal\Desktop\FRST64.exe
2014-07-15 18:43 - 2014-07-15 18:51 - 00050477 _____ () C:\Users\Enno lokal\Desktop\Defogger.exe
2014-07-14 09:37 - 2014-07-14 09:37 - 00000000 ____D () C:\Users\HFrankenberger\AppData\Local\Google
2014-07-14 09:37 - 2013-06-19 12:59 - 00002209 _____ () C:\Users\HFrankenberger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windach.lnk
2014-07-14 09:37 - 2012-03-12 11:28 - 00000000 ____D () C:\Users\HFrankenberger
2014-07-13 10:13 - 2014-07-13 10:13 - 00001576 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-13 10:13 - 2014-07-13 10:13 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-13 10:13 - 2014-07-13 10:13 - 00000000 ____D () C:\Program Files\iTunes
2014-07-13 10:13 - 2014-07-13 10:13 - 00000000 ____D () C:\Program Files\iPod
2014-07-13 10:13 - 2012-02-06 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-11 17:04 - 2014-07-11 17:04 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2014-07-11 17:04 - 2014-07-11 17:04 - 00000000 ____D () C:\Program Files\Unlocker
2014-07-11 16:56 - 2014-07-11 16:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-11 16:53 - 2014-07-11 16:53 - 00045960 _____ () C:\cc_20140711_165336.reg
2014-07-11 16:52 - 2012-02-04 02:17 - 00000000 ____D () C:\Windows\Panther
2014-07-11 16:48 - 2014-07-11 16:48 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-11 16:48 - 2014-07-11 16:48 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-11 16:48 - 2014-07-11 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-11 16:48 - 2014-07-11 16:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-11 03:02 - 2014-03-26 18:59 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-03-26 18:59 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-03-26 18:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-03-26 18:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-10 17:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 15:13 - 2014-07-10 15:13 - 00002247 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-10 15:13 - 2014-07-10 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-10 15:13 - 2012-02-03 19:25 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Local\Google
2014-07-10 15:13 - 2012-02-03 19:25 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-10 11:53 - 2014-07-10 11:53 - 00000815 _____ () C:\Users\EBerner.FRANKFURT\Desktop\JRT.txt
2014-07-10 11:39 - 2014-07-10 11:39 - 00000000 ____D () C:\Windows\ERUNT
2014-07-09 16:53 - 2014-05-06 19:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 16:53 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 16:53 - 2009-07-14 06:45 - 05275504 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 16:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 16:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 16:43 - 2012-02-03 18:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 16:42 - 2013-08-15 11:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 16:41 - 2012-02-03 17:55 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 14:29 - 2012-07-26 10:35 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 14:29 - 2012-03-30 08:10 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 14:29 - 2012-02-03 20:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 18:20 - 2013-01-28 09:16 - 00001227 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2014-07-08 18:20 - 2012-12-06 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-07-08 07:54 - 2012-02-06 14:38 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-07-08 07:40 - 2014-07-08 07:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-08 07:40 - 2014-07-08 07:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-08 07:40 - 2012-07-30 15:34 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-08 07:40 - 2012-07-30 15:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-08 07:40 - 2012-07-30 15:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-07-08 07:31 - 2014-07-08 07:31 - 00006820 _____ () C:\AdwCleaner[S1].txt
2014-07-08 07:08 - 2014-07-08 07:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-07-08 07:08 - 2014-07-08 07:08 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-07-07 10:51 - 2014-07-07 10:51 - 00002139 _____ () C:\Users\Public\Desktop\Google Earth Pro.lnk
2014-07-07 10:51 - 2014-07-07 10:51 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Roaming\Macromedia
2014-07-07 10:51 - 2014-07-07 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro
2014-07-07 10:09 - 2012-02-06 13:15 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-03 07:13 - 2013-05-17 16:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-30 11:08 - 2012-02-07 12:55 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Local\Mozilla
2014-06-30 04:09 - 2014-07-09 12:50 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-09 12:50 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-25 11:01 - 2012-02-09 13:52 - 00000000 ___RD () C:\Users\EBerner.FRANKFURT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-06-23 17:43 - 2012-02-03 19:25 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-23 17:43 - 2012-02-03 19:25 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-23 17:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-23 17:24 - 2012-11-26 14:16 - 00011726 _____ () C:\Windows\SysWOW64\switchboard.xml
2014-06-23 17:24 - 2012-11-26 14:16 - 00000000 ____D () C:\ESTOS
2014-06-23 17:15 - 2014-06-23 17:15 - 00000000 ___SD () C:\Citrix Anwendungen
2014-06-23 16:46 - 2013-08-14 16:28 - 00000000 ___RD () C:\Users\EBerner.FRANKFURT\Dropbox
2014-06-20 22:14 - 2014-07-09 12:50 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 21:39 - 2014-07-09 12:50 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-20 16:32 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-06-19 15:15 - 2014-06-19 15:15 - 00000000 ____D () C:\Users\EBerner.FRANKFURT\AppData\Local\Skype
2014-06-19 15:14 - 2014-06-19 15:14 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-19 15:14 - 2014-06-19 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-19 15:14 - 2013-07-24 13:21 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-19 15:14 - 2012-02-03 19:29 - 00000000 ____D () C:\ProgramData\Skype
2014-06-19 10:43 - 2012-06-08 16:16 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-06-19 03:39 - 2014-07-09 12:50 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 03:06 - 2014-07-09 12:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 03:06 - 2014-07-09 12:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-19 02:48 - 2014-07-09 12:50 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 02:42 - 2014-07-09 12:50 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-19 02:42 - 2014-07-09 12:50 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 02:41 - 2014-07-09 12:50 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-19 02:41 - 2014-07-09 12:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-19 02:32 - 2014-07-09 12:50 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 02:31 - 2014-07-09 12:50 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 02:26 - 2014-07-09 12:50 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-19 02:24 - 2014-07-09 12:50 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-19 02:24 - 2014-07-09 12:50 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-19 02:23 - 2014-07-09 12:50 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-19 02:16 - 2014-07-09 12:50 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-19 02:14 - 2014-07-09 12:50 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-19 02:09 - 2014-07-09 12:50 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 01:59 - 2014-07-09 12:50 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:56 - 2014-07-09 12:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-19 01:53 - 2014-07-09 12:50 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 01:51 - 2014-07-09 12:50 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 01:50 - 2014-07-09 12:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 01:48 - 2014-07-09 12:50 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 01:39 - 2014-07-09 12:50 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 01:38 - 2014-07-09 12:50 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-19 01:37 - 2014-07-09 12:50 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-19 01:36 - 2014-07-09 12:50 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-09 12:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-19 01:33 - 2014-07-09 12:50 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 01:32 - 2014-07-09 12:50 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-19 01:28 - 2014-07-09 12:50 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-19 01:28 - 2014-07-09 12:50 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-19 01:27 - 2014-07-09 12:50 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 01:27 - 2014-07-09 12:50 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-19 01:25 - 2014-07-09 12:50 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-19 01:23 - 2014-07-09 12:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-19 01:22 - 2014-07-09 12:50 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-19 01:12 - 2014-07-09 12:50 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-19 01:06 - 2014-07-09 12:50 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-09 12:50 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-19 00:59 - 2014-07-09 12:50 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-19 00:58 - 2014-07-09 12:50 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-19 00:58 - 2014-07-09 12:50 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-19 00:52 - 2014-07-09 12:50 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-19 00:51 - 2014-07-09 12:50 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-19 00:49 - 2014-07-09 12:50 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-19 00:46 - 2014-07-09 12:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-09 12:50 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-19 00:35 - 2014-07-09 12:50 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-19 00:34 - 2014-07-09 12:50 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-19 00:15 - 2014-07-09 12:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-19 00:13 - 2014-07-09 12:50 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-19 00:09 - 2014-07-09 12:50 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-19 00:07 - 2014-07-09 12:50 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-18 04:18 - 2014-07-09 12:50 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-18 03:51 - 2014-07-09 12:50 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-18 03:10 - 2014-07-09 12:50 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

Some content of TEMP:
====================
C:\Users\EBerner.FRANKFURT\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpap6_cu.dll
C:\Users\EBerner.FRANKFURT\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\EBerner.FRANKFURT\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 14:21

==================== End Of Log ============================
--- --- ---


Addition:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2014
Ran by Enno at 2014-07-17 15:08:23
Running from C:\Users\Enno lokal\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Sophos Client Firewall (Disabled) {539079D2-74D9-BC45-BA38-256B34D54D52}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
ABBYY FineReader 10 Corporate Edition (HKLM-x32\...\{F1000000-0001-0000-0000-074957833700}) (Version: 10.501.154.7211 - ABBYY)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.10 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 6 Design Standard (HKLM-x32\...\{0327A4BF-62BF-48BB-8928-B971B749E9E1}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Adobe® Content Viewer (x32 Version: 3.4.3 - Adobe Systems, Incorporated) Hidden
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
Any PDF to DWG Converter 2010 (HKLM-x32\...\Any PDF to DWG Converter_is1) (Version:  - AnyDWG Software, Inc.)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoCAD LT 2011 - Deutsch (HKLM\...\AutoCAD LT 2011 - Deutsch) (Version: 18.1.49.0 - Autodesk)
AutoCAD LT 2011 - Deutsch (Version: 18.1.208.0 - Autodesk) Hidden
AutoCAD LT 2011 - Deutsch Version 3 (HKLM\...\AutoCAD LT 2011 - Deutsch Version 3) (Version: 1 - Autodesk)
AutoCAD LT 2011 Language Pack - Deutsch (Version: 18.1.49.0 - Autodesk) Hidden
AutoCAD LT 2012 - Deutsch SP2 (HKLM\...\AutoCAD LT 2012 - Deutsch SP2) (Version: 1 - Autodesk)
AutoCAD LT 2012 Language Pack - Deutsch (Version: 18.2.51.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}) (Version: 2.0.90 - Autodesk)
Autodesk Design Review 2011 (HKLM-x32\...\Autodesk Design Review 2011) (Version: 11.0.0.86 - Autodesk, Inc.)
Autodesk Design Review 2011 (x32 Version: 11.0.0.86 - Autodesk, Inc.) Hidden
Autodesk Material Library 2011 (HKLM-x32\...\{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2012 (HKLM-x32\...\{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2012 (HKLM-x32\...\{65420DC9-306E-4371-905F-F4DC3B418E52}) (Version: 2.5.0.8 - Autodesk)
ava-sign 4.6.0.2056                                        - (HKLM\...\ava-sign 4.6.0.2056_is1) (Version: 4.6.0.2056 - RIB Software AG)
AXIS Media Control Embedded (HKLM-x32\...\AXIS Media Control Embedded) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.0.2838 - CDBurnerXP)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.02040 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.02040 - Cisco Systems, Inc.) Hidden
Citrix Receiver (DV) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver (Enterprise) (HKLM-x32\...\CitrixOnlinePluginFull) (Version: 13.4.0.25 - Citrix Systems, Inc.)
Citrix Receiver (HDX Flash-Umleitung) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver (USB) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver Inside (x32 Version: 3.4.0.29585 - Citrix Systems, Inc.) Hidden
Citrix Receiver(PNA) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver(SSON) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Common (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
Contents (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
Corel VideoStudio Pro X4 (HKLM-x32\...\_{AA902C31-B49D-4608-BCCF-2519EB77722D}) (Version: 14.3.0.5 - Corel Corporation)
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.0 - REINER SCT)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
DeviceIO (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
DTAUS 2011 Profi (HKLM-x32\...\DTAUS 2011 Profi) (Version:  - Yokey Software)
DTAUS 2011 Profi (x32 Version: 1.0.0 - Yokey Software) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESS Energie Indikator (HKLM-x32\...\{AA56C866-27E0-4178-876C-6A18FA7715D8}) (Version: 20.14.0 - Nemetschek Allplan GmbH)
ESTOS ProCall (HKLM-x32\...\{F2D50027-E910-4C2C-AC57-E7D806AAE64E}) (Version: 4.1.10.20036 - ESTOS)
File Repair (HKLM-x32\...\File Repair_is1) (Version:  - File Repair)
FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
Flight Planner 6 (HKLM-x32\...\Flight Planner_is1) (Version: 6.0.0.30 - ifos GmbH)
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: 4.3.1.118 - Foxit Corporation)
Free FLV Converter V 7.6.1 (HKLM-x32\...\Free FLV Converter_is1) (Version: 7.6.1.0 - Koyote Lab Inc.)
FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
FRITZ!Fernzugang (HKLM\...\{5001E5BC-C9BF-4598-AB89-E7318C76C5F4}) (Version: 1.2.6 - AVM Berlin)
GAEB-Konverter Version 8 (HKLM-x32\...\{4B4F626E-6EAF-4D9E-9C42-FB2529360F16}) (Version: 8.0.183 - T&&T Datentechnik GmbH)
General Runtime Files for Allplan 2014-1-1 (x32 Version: 1.8.1.0 - Nemetschek Allplan Systems GmbH) Hidden
General Runtime Files for Allplan 2014-1-1 x64 (Version: 1.5.0.0 - Nemetschek Allplan Systems GmbH) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
H.264 AVC Player 0.9.63 (HKLM-x32\...\H.264 AVC Player) (Version: 0.9.63 - VideoLAN Team)
HiPath 3000 Manager E  68.50.703.0 (HKLM-x32\...\{4736607E-57BF-11D4-9881-005004EDBBBD}) (Version:  - )
HP Printer Utility (HKLM-x32\...\{F46B6BF8-93C8-456A-B97D-C2B41D4E9381}) (Version: 1.4.0.14 - Ihr Firmenname)
HP Proactive Services (HKLM-x32\...\{7527CD9F-894E-47B3-9AFB-3E680E007051}) (Version: 1.6.0.37 - Ihr Firmenname)
ICA (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Img2CAD 7.1 (HKLM-x32\...\Img2CAD_is1) (Version:  - Img2CAD, Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
IPM_VS_Pro (x32 Version: 13.0 - Corel Corporation) Hidden
ISCOM (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{A047101C-A3AE-4FAD-802F-01C965079F66}) (Version: 11.1.3010.3 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{99AC7F47-A4E0-4706-9C65-8948775C2652}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 (HKLM\...\{BBBE35B2-9349-3C48-BD3D-F574B17C7924}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nemetschek Allplan 2014 (HKLM-x32\...\{669D6EB8-28DD-4F5C-A7C3-5DCB53F59691}) (Version: 2014.0 - Nemetschek Allplan Systems GmbH)
Nemetschek SoftLock 2006 (HKLM-x32\...\{7262D0C8-41CC-4F75-8383-A6C7C61D7FC6}) (Version: 1.26.55 - Nemetschek Allplan Systems GmbH)
Nitro Reader 3 (HKLM\...\{47220B83-D895-4262-9227-E5D8FA7F7384}) (Version: 3.5.2.10 - Nitro)
Offerte_L (HKLM-x32\...\{00514709-D0BF-4C47-9858-2AA4042F6E91}) (Version: 3.1.000 - RIB Software AG)
Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Passware Kit Enterprise 7.9 (HKLM-x32\...\Passware Kit Enterprise) (Version:  - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PhotoSync (HKLM\...\{3F96040E-35BB-4EE2-89F6-8948F3B4514A}) (Version: 2.2.1 - touchbyte GmbH)
PureHD (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5883 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
SEPA Account Converter (HKLM-x32\...\{1C3147A7-4810-45FC-AD89-064D8023A514}) (Version: 1.24.0 - Star Finanz GmbH)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Setup (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
Share (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
Share64 (Version: 14.0.0.342 - Corel Corporation) Hidden
SketchUp 8 (HKLM-x32\...\{B8F4A45C-581C-4707-8EF2-2B9E6722270C}) (Version: 3.0.16944 - Trimble Navigation Limited)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.6 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.6 - SmartSound Software Inc.) Hidden
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.7 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{D924231F-D02D-4E0B-B511-CC4A0E3ED547}) (Version: 3.1.1.18 - Sophos Limited)
Sophos Client Firewall (HKLM-x32\...\{A805FB2A-A844-4cba-8088-CA64087D59E1}) (Version: 2.9.4 - Sophos Limited)
Sophos Remote Management System (HKLM-x32\...\{FED1005D-CBC8-45D5-A288-FFC7BB304121}) (Version: 3.4.1 - Sophos Limited)
StarMoney (x32 Version: 3.0.0.124 - StarFinanz) Hidden
StarMoney (x32 Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney Business 6.0  (HKLM-x32\...\{EE6AD847-8CA7-4FE6-AD05-B275E3761152}) (Version: 6.0 - Star Finanz GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VIO (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
VSClassic (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
VSPro (x32 Version: 14.0.0.342 - Corel Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
Wise Registry Cleaner 8.21 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.21 - WiseCleaner.com, Inc.)

==================== Restore Points  =========================

15-07-2014 19:03:45 Geplanter Prüfpunkt
16-07-2014 06:11:29 Installed Java 7 Update 65

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2B824B35-8A2E-44C8-8D11-C27059FC4EA9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {73180A98-627A-4015-8FF8-382E15FC32A1} - System32\Tasks\WebContent AutoUpdate 2014 => D:\Program Files\Allplan\prg\NemDownloadHandler.exe [2014-03-15] (Nemetschek Allplan Systems GmbH)
Task: {88481D14-A5E1-4837-834E-BF5D06D7F079} - System32\Tasks\AutoUpdate Allplan 2014 => D:\Program Files\Allplan\prg\NemDownloadHandler.exe [2014-03-15] (Nemetschek Allplan Systems GmbH)
Task: {8FB75C6E-2DE0-4928-A72F-A8D2F44527F2} - System32\Tasks\{D3E4BAAE-B173-4F86-BA73-C0E2C6BE5B05} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.5.0.124.261&amp;LastError=12002
Task: {A023BF91-F5D8-4236-88BD-DF75D67DDCA2} - System32\Tasks\AdobeAAMUpdater-1.0-FRANKFURT-eberner => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {C7E4CA4D-6B72-4EA0-9BE0-CE1A32E0F159} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E18B5E2B-2101-4831-859C-C03C32C0CCE8} - \CreateChoiceProcessTask No Task File <==== ATTENTION
Task: {EDC6F085-64F3-424E-B1C3-4894C30BBADD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {F4E9A053-A7FB-4894-9C85-F18B8808ECF0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-03] (Google Inc.)
Task: {FCDA0835-EA78-4497-8AAE-09D7B465CAE0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-03] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoUpdate Allplan 2014.job => D:\Program Files\Allplan\prg\NemDownloadHandler.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WebContent AutoUpdate 2014.job => D:\Program Files\Allplan\prg\NemDownloadHandler.exe

==================== Loaded Modules (whitelisted) =============

2011-02-02 14:08 - 2011-02-02 14:08 - 00018656 _____ () C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-01-24 09:34 - 2013-01-24 09:34 - 00063408 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-03 20:12 - 2007-05-31 07:38 - 00167936 ____N () C:\Windows\SysWOW64\SerialXP.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 01055808 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 01539136 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 00183360 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_DynamicAny.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 00760896 _____ () C:\Program Files (x86)\Sophos\Remote Management System\LIBEAY32.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 00146496 _____ () C:\Program Files (x86)\Sophos\Remote Management System\SSLEAY32.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 00076864 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE_SSL.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 00535616 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PortableServer.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 00244800 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_SSLIOP.DLL
2012-09-17 13:39 - 2012-09-17 13:39 - 00740416 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Security.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 00039488 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Valuetype.dll
2012-09-17 13:39 - 2012-09-17 13:39 - 00244800 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_SSLIOP.dll
2014-05-08 13:22 - 2014-05-08 13:22 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Sophos Client Firewall => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Sophos Client Firewall Manager => ""="service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: ABBYY.Licensing.FineReader.Corporate.10.0 => 2
MSCONFIG\Services: TMBMServer => 3
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Bonus.SSR.FR10 => "D:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DameWare MRC Agent => C:\Windows\SysWOW64\DWRCST.exe
MSCONFIG\startupreg: Download Protect => C:\ProgramData\dlprotect.exe
MSCONFIG\startupreg: iTunesHelper => "D:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: PUStarter => C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\Appinterfaces\HPPUDS.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RunPUTasktray => "C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\HPPU.exe" --regkeypath=Software\Hewlett-Packard\HP Printer Utility\HPPURun --valuename=InstallTTM

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/17/2014 03:05:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2014 09:11:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/16/2014 02:45:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/16/2014 09:03:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/16/2014 08:58:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm OUTLOOK.EXE, Version 14.0.7113.5000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1bc4

Startzeit: 01cfa0bceb343c0b

Endzeit: 16

Anwendungspfad: D:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

Berichts-ID: 824fb3e3-0cb6-11e4-80ef-180373c92681

Error: (07/15/2014 08:04:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2014 07:29:34 PM) (Source: Microsoft Office 14) (EventID: 2001) (User: )
Description: Microsoft Outlook: Rejected Safe Mode action : Outlook konnte zuletzt nicht korrekt gestartet werden. Das Starten von Outlook im abgesicherten Modus hilft Ihnen, ein Startproblem zu korrigieren oder zu isolieren, sodass Sie das Programm erfolgreich starten können. Einige Funktionen können in diesem Modus deaktiviert sein.

Möchten Sie Outlook im abgesicherten Modus starten?.
Rejected Safe Mode action : Microsoft Outlook.

Error: (07/15/2014 07:27:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm rundll32.exe, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 564

Startzeit: 01cfa051d632302a

Endzeit: 27715

Anwendungspfad: C:\Windows\SysWOW64\rundll32.exe

Berichts-ID: 35126faf-0c45-11e4-a6b0-180373c92681

Error: (07/15/2014 07:25:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm rundll32.exe, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 79c

Startzeit: 01cfa05187b22e17

Endzeit: 0

Anwendungspfad: C:\Windows\SysWOW64\rundll32.exe

Berichts-ID: 0d720291-0c45-11e4-a6b0-180373c92681

Error: (07/15/2014 07:13:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004a713
ID des fehlerhaften Prozesses: 0xe94
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3


System errors:
=============
Error: (07/16/2014 02:10:15 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (07/16/2014 01:50:27 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (07/16/2014 01:50:13 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (07/16/2014 01:45:55 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (07/16/2014 01:45:45 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (07/16/2014 01:43:17 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (07/16/2014 01:43:13 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (07/16/2014 01:42:35 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (07/16/2014 01:35:33 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (07/16/2014 01:35:18 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.


Microsoft Office Sessions:
=========================
Error: (07/17/2014 03:05:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2014 09:11:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/16/2014 02:45:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/16/2014 09:03:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/16/2014 08:58:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OUTLOOK.EXE14.0.7113.50001bc401cfa0bceb343c0b16D:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE824fb3e3-0cb6-11e4-80ef-180373c92681

Error: (07/15/2014 08:04:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2014 07:29:34 PM) (Source: Microsoft Office 14) (EventID: 2001) (User: )
Description: Microsoft OutlookOutlook konnte zuletzt nicht korrekt gestartet werden. Das Starten von Outlook im abgesicherten Modus hilft Ihnen, ein Startproblem zu korrigieren oder zu isolieren, sodass Sie das Programm erfolgreich starten können. Einige Funktionen können in diesem Modus deaktiviert sein.

Möchten Sie Outlook im abgesicherten Modus starten?

Error: (07/15/2014 07:27:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: rundll32.exe6.1.7600.1638556401cfa051d632302a27715C:\Windows\SysWOW64\rundll32.exe35126faf-0c45-11e4-a6b0-180373c92681

Error: (07/15/2014 07:25:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: rundll32.exe6.1.7600.1638579c01cfa05187b22e170C:\Windows\SysWOW64\rundll32.exe0d720291-0c45-11e4-a6b0-180373c92681

Error: (07/15/2014 07:13:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c00000050004a713e9401cfa04fca05987cC:\temp\Trojaner Board\Gmer-19357.exeC:\temp\Trojaner Board\Gmer-19357.exe6802dc46-0c43-11e4-a6b0-180373c92681


CodeIntegrity Errors:
===================================
  Date: 2013-03-05 09:26:58.442
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-05 09:26:58.427
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 24%
Total physical RAM: 8148.93 MB
Available physical RAM: 6172.22 MB
Total Pagefile: 16296.05 MB
Available Pagefile: 14200.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:19.51 GB) NTFS
Drive d: (D_SOPC16) (Fixed) (Total:438.58 GB) (Free:279.34 GB) NTFS
Drive e: (E_SOPC16_1TB) (Fixed) (Total:931.51 GB) (Free:354.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 776FB738)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 1DA41F31)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=439 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 7A61FFC2)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Im Browser habe ich bisher kein Problem gesehen, aber das hatte ich auch früher schon einmal so für einen halben Tag...
IN der msconfig habe ich allerdings immer noch den Eintrag im Reiter "Systemstart" für DownloadProtect.

Das Ding ist echt hartnäckig..
VG
enno

M-K-D-B 17.07.2014 14:29
Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
HKLM-x32\...\Run: [] => [X]
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DPBHO.DownloadProtect
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DPBHO.DownloadProtect.1
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F2DB3739-77FB-41EB-9ED3-ABF34DF2DBF7}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F2DB3739-77FB-41EB-9ED3-ABF34DF2DBF7}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{F2DB3739-77FB-41EB-9ED3-ABF34DF2DBF7}
MSCONFIG\startupreg: Download Protect => C:\ProgramData\dlprotect.exe
Reboot:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    :reg
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg /S
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.







Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.





Schritt 5
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von SystemLook,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck,
  • die beiden neuen Logdateien von FRST.

EBerner 18.07.2014 07:01
Guten Morgen,

hier die Ergebnisse von gestern Abend als Logfile.zip, da die Datenmenge wohl zu gross ist.
Sonnige Grüsse
enno

M-K-D-B 18.07.2014 10:30
Reste entfernen
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Download Protect
Reboot:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.






Schritt 1
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.







Schritt 2
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.


Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti-Viren-Programm und zusätzlicher Schutz
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist! Ein kostenloses Anti-Viren Programm, das wir empfehlen, wäre z. B. Avast! Free Antivirus oder Microsoft Security Essentials.
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt. Du kannst es zusätzlich zu deinem Anti-Viren Programm verwenden.
    Update das Tool und lasse es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • AdwCleaner
    Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwümschten Programmen (PUPs).
    Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt von der Herstellerseite auf den Desktop herunterladen. Auch dieses Programm kann parallel zu deinem Anti-Viren Programm verwendet werden.
  • SpywareBlaster
    Eine kurze Einführung findest du Hier


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzuzufügen reicht und dieser wird nicht mehr geladen.
    Es spart außerdem Downloadkapazität.


Performance
  • Halte dich fern von Registry Cleanern.
    Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
    Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..).
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
  • Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

EBerner 21.07.2014 06:53
Guten Morgen Matthias,

jetzt sieht alles gut aus.
Vielen, vielen Dank für Deine Hilfe!

Eine erfolgreiche Woche.

Herzliche Grüsse
enno

M-K-D-B 21.07.2014 11:07
Ich bin froh, dass wir helfen konnten :abklatsch:

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! :)

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:10 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131