| antiviruspro | 29.09.2013 15:10 |
hier die erste
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by TimoWerner (administrator) on WERNER-HP on 29-09-2013 15:55:11
Running from C:\Users\TimoWerner\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkDMS.exe
(Apache Software Foundation) c:\xampp\apache\bin\httpd.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Fork Ltd.) C:\Prey\platform\windows\cronsvc.exe
() C:\Program Files\COMPUTERBILD-Cloud\Data\Tools\mounter.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() c:\xampp\mysql\bin\mysqld.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Safe Web Lite\Norton Safe Web Lite\Engine\2014.5.0.67\NST.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\2.9.0.21\NF.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(FS) C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Internet Anonym 2012\VPNService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Safe Web Lite\Norton Safe Web Lite\Engine\2014.5.0.67\NST.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\2.9.0.21\NF.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
() C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\2.9.0.21\SymErr.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Samsung Electronics) C:\Program Files\Samsung\Samsung Link\utils\Samsung Link Launcher.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(1&1 Mail & Media GmbH) C:\Program Files (x86)\GMX\GMX Upload-Manager\DAVSRV.EXE
(Akamai Technologies, Inc.) C:\Users\TimoWerner\AppData\Local\Akamai\netsession_win.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Akamai Technologies, Inc.) C:\Users\TimoWerner\AppData\Local\Akamai\netsession_win.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Overwolf) C:\Program Files (x86)\Overwolf\Overwolf.exe
() C:\Program Files (x86)\Steganos Internet Anonym 2012\polipo\polipo.exe
(Google Inc.) C:\Users\TimoWerner\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Zecter Inc.) C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
(Microsoft Corporation) C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(J3S GmbH) C:\Program Files (x86)\COMPUTERBILD Vorteil-Center\COMPUTERBILD Vorteil-Center.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Online Shield\OnlineShieldClient.exe
(Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe
(Honest Technology) C:\Program Files (x86)\honestech Audio Recorder 2.0 Deluxe\HTARLauncher.exe
(Google Inc.) C:\Users\TimoWerner\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Cleverlearn, Inc.) C:\Program Files (x86)\Clicktionary\Cleverlearn Clicktionary.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Google Inc.) C:\Users\TimoWerner\AppData\Local\Google\Update\GoogleUpdate.exe
(AVEO) C:\Program Files (x86)\AVEO USB2.0 PC Camera(U2HGCV3P31048)\AveoSTI.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\2.9.0.21\tampmon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD9\PowerDVD9.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\update\RealOneMessageCenter.exe
() C:\Program Files (x86)\Overwolf\Purplizer\Purplizer.exe
(Microsoft) C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD9\PowerDVD Cox\PowerDVDCox.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Overwolf) C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\avast.setup
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2281256 2010-09-13] (Synaptics Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6489704 2010-09-22] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [Samsung Link] - C:\Program Files\Samsung\Samsung Link\utils\Samsung Link Launcher.exe [407384 2013-05-09] (Samsung Electronics)
HKLM-x32\...\RunOnce: [*TampMon] - C:\Program Files (x86)\Norton Family\Engine\2.9.0.21\tampmon.exe [61264 2013-09-12] (Symantec Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKCU\...\Run: [GMX_GMX MultiMessenger] - C:\Program Files (x86)\GMX\GMX MultiMessenger\MESSENGR.EXE [5031336 2009-10-16] (GMX GmbH)
HKCU\...\Run: [GMX_GMX Upload-Manager] - C:\Program Files (x86)\GMX\GMX Upload-Manager\DAVSRV.EXE [960608 2011-11-16] (1&1 Mail & Media GmbH)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\TimoWerner\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [35256 2013-08-22] (Overwolf)
HKCU\...\Run: [AshSnap] - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe [3249032 2011-12-12] (ashampoo GmbH & Co. KG)
HKCU\...\Run: [Steganos VPN Local Proxy] - C:\Program Files (x86)\Steganos Internet Anonym 2012\polipo\polipo.exe [632272 2011-04-18] ()
HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKCU\...\Run: [Google Update] - C:\Users\TimoWerner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-22] (Google Inc.)
HKCU\...\Run: [ZumoDrive] - C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2080 2011-04-08] ()
HKCU\...\Run: [Personal ID] - C:\Program Files (x86)\coolspot AG\Personal ID\pid.exe [1132984 2012-09-17] (coolspot AG, Düsseldorf)
HKCU\...\Run: [SkyDrive] - C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation)
HKCU\...\Run: [SugarSync] - C:\Program Files (x86)\SugarSync\SugarSyncManager.exe [11184480 2013-01-24] (SugarSync, Inc.)
HKCU\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKCU\...\Run: [RGSC] - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Run: [COMPUTERBILD Vorteil-Center] - C:\Program Files (x86)\COMPUTERBILD Vorteil-Center\COMPUTERBILD Vorteil-Center.exe [1858096 2013-02-12] (J3S GmbH)
HKCU\...\Run: [E365A742319C80E04F1A1C073157E1275BD24649._service_run] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [829392 2013-09-17] (Google Inc.)
HKCU\...\Run: [SOS_Agent] - C:\Program Files (x86)\Steganos Online Shield\OnlineShieldClient.exe [4493536 2013-05-16] (Steganos Software GmbH)
HKCU\...\Run: [Clownfish] - C:\Program Files (x86)\Clownfish\Clownfish.exe [1276152 2013-07-02] (Bogdan Sharkov)
HKCU\...\Run: [Real Desktop] - C:\Program Files (x86)\Real Desktop\rdesc.exe [4743168 2013-08-27] (Schillergames)
HKCU\...\Run: [GoogleChromeAutoLaunch_D2F7DF8E6B143CD661F0CD4F13848684] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [829392 2013-09-17] (Google Inc.)
HKCU\...\Runonce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64"
HKCU\...\Runonce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64"
HKCU\...\Runonce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
HKCU\...\Runonce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
HKCU\...\Runonce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64"
HKCU\...\Runonce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64"
HKCU\...\Runonce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\system: [DisableLockWorkstation] 1
HKCU\...\Policies\system: [DisableChangePassword] 0
MountPoints2: {682df1de-d0cf-11e0-b14e-2c27d7ca8df3} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.hta
MountPoints2: {682df1fa-d0cf-11e0-b14e-2c27d7ca8df3} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.hta
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [584760 2010-09-28] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-08-12] (Logitech Inc.)
HKLM-x32\...\Run: [MyPublicWiFi] - C:\Program Files (x86)\MyPublicWiFi\MyPublicWiFi.exe [2002432 2011-12-02] ()
HKLM-x32\...\Run: [AveoSTI.exe] - C:\Program Files (x86)\AVEO USB2.0 PC Camera(U2HGCV3P31048)\AveoSTI.exe [32768 2010-12-02] (AVEO)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Plugin Install] - C:\Program Files (x86)\QuickTime\Plugins\DeleteMe1.exe [86016 2012-10-09] ()
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296096 2012-10-09] (RealNetworks, Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [581496 2012-10-17] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [AllShareAgent] - C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-02] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [bdruninstaller] - C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setupdownloader.exe [747096 2013-05-15] (Bitdefender)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKU\BitBox\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [336560 2010-10-04] (Expert System S.p.A.)
HKU\Default\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [336560 2010-10-04] (Expert System S.p.A.)
HKU\Default User\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [336560 2010-10-04] (Expert System S.p.A.)
HKU\Gast\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\Gast\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [336560 2010-10-04] (Expert System S.p.A.)
HKU\Gast\...\Run: [GMX_GMX MultiMessenger] - C:\Program Files (x86)\GMX\GMX MultiMessenger\MESSENGR.EXE [5031336 2009-10-16] (GMX GmbH)
HKU\Gast\...\Run: [GMX_GMX Upload-Manager] - C:\Program Files (x86)\GMX\GMX Upload-Manager\DAVSRV.EXE [960608 2011-11-16] (1&1 Mail & Media GmbH)
HKU\Gast\...\Run: [Akamai NetSession Interface] - C:\Users\TimoWerner\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\Gast\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [35256 2013-08-22] (Overwolf)
HKU\Gast\...\Run: [AshSnap] - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe [3249032 2011-12-12] (ashampoo GmbH & Co. KG)
HKU\Gast\...\Run: [Steganos VPN Local Proxy] - C:\Program Files (x86)\Steganos Internet Anonym 2012\polipo\polipo.exe [632272 2011-04-18] ()
HKU\Gast\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\Gast\...\Run: [Google Update] - C:\Users\TimoWerner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-22] (Google Inc.)
HKU\Gast\...\Run: [ZumoDrive] - C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2080 2011-04-08] ()
HKU\Gast\...\Run: [Personal ID] - C:\Program Files (x86)\coolspot AG\Personal ID\pid.exe [1132984 2012-09-17] (coolspot AG, Düsseldorf)
HKU\Gast\...\Run: [SkyDrive] - C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation)
HKU\Gast\...\Run: [HP Deskjet 3520 series (NET)] - C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\Gast\...\Run: [SugarSync] - C:\Program Files (x86)\SugarSync\SugarSyncManager.exe [11184480 2013-01-24] (SugarSync, Inc.)
HKU\Gast\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\Gast\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKU\Gast\...\Run: [GoogleChromeAutoLaunch_D2F7DF8E6B143CD661F0CD4F13848684] - "C:\Users\TimoWerner\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
HKU\Gast\...\Run: [RGSC] - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.)
HKU\Gast\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKU\Gast\...\Run: [COMPUTERBILD Vorteil-Center] - C:\Program Files (x86)\COMPUTERBILD Vorteil-Center\COMPUTERBILD Vorteil-Center.exe [1858096 2013-02-12] (J3S GmbH)
HKU\Gast\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64"
HKU\Gast\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64"
HKU\Gast\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
HKU\Gast\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
HKU\Gast\...\Policies\system: [LogonHoursAction] 2
HKU\Gast\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Gast\...\Policies\system: [DisableLockWorkstation] 0
HKU\Gast\...\Policies\system: [DisableChangePassword] 0
HKU\peer\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [336560 2010-10-04] (Expert System S.p.A.)
HKU\peer\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\peer\...\Run: [GMX_GMX MultiMessenger] - C:\Program Files (x86)\GMX\GMX MultiMessenger\MESSENGR.EXE [5031336 2009-10-16] (GMX GmbH)
HKU\peer\...\Run: [GMX_GMX Upload-Manager] - C:\Program Files (x86)\GMX\GMX Upload-Manager\DAVSRV.EXE [960608 2011-11-16] (1&1 Mail & Media GmbH)
HKU\peer\...\Run: [Akamai NetSession Interface] - C:\Users\TimoWerner\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\peer\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [35256 2013-08-22] (Overwolf)
HKU\peer\...\Run: [AshSnap] - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe [3249032 2011-12-12] (ashampoo GmbH & Co. KG)
HKU\peer\...\Run: [Steganos VPN Local Proxy] - C:\Program Files (x86)\Steganos Internet Anonym 2012\polipo\polipo.exe [632272 2011-04-18] ()
HKU\peer\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\peer\...\Run: [Google Update] - C:\Users\TimoWerner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-22] (Google Inc.)
HKU\peer\...\Run: [ZumoDrive] - C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2080 2011-04-08] ()
HKU\peer\...\Run: [Personal ID] - C:\Program Files (x86)\coolspot AG\Personal ID\pid.exe [1132984 2012-09-17] (coolspot AG, Düsseldorf)
HKU\peer\...\Run: [SkyDrive] - C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation)
HKU\peer\...\Run: [HP Deskjet 3520 series (NET)] - C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\peer\...\Run: [SugarSync] - C:\Program Files (x86)\SugarSync\SugarSyncManager.exe [11184480 2013-01-24] (SugarSync, Inc.)
HKU\peer\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\peer\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKU\peer\...\Run: [GoogleChromeAutoLaunch_D2F7DF8E6B143CD661F0CD4F13848684] - "C:\Users\TimoWerner\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
HKU\peer\...\Run: [RGSC] - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.)
HKU\peer\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKU\peer\...\Run: [COMPUTERBILD Vorteil-Center] - C:\Program Files (x86)\COMPUTERBILD Vorteil-Center\COMPUTERBILD Vorteil-Center.exe [1858096 2013-02-12] (J3S GmbH)
HKU\peer\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64"
HKU\peer\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64"
HKU\peer\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
HKU\peer\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
HKU\peer\...\Policies\system: [LogonHoursAction] 2
HKU\peer\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\peer\...\Policies\system: [DisableLockWorkstation] 0
HKU\peer\...\Policies\system: [DisableChangePassword] 0
HKU\php 1255\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [336560 2010-10-04] (Expert System S.p.A.)
HKU\php 1255\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\php 1255\...\Run: [GMX_GMX MultiMessenger] - C:\Program Files (x86)\GMX\GMX MultiMessenger\MESSENGR.EXE [5031336 2009-10-16] (GMX GmbH)
HKU\php 1255\...\Run: [GMX_GMX Upload-Manager] - C:\Program Files (x86)\GMX\GMX Upload-Manager\DAVSRV.EXE [960608 2011-11-16] (1&1 Mail & Media GmbH)
HKU\php 1255\...\Run: [Akamai NetSession Interface] - C:\Users\TimoWerner\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\php 1255\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [35256 2013-08-22] (Overwolf)
HKU\php 1255\...\Run: [AshSnap] - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe [3249032 2011-12-12] (ashampoo GmbH & Co. KG)
HKU\php 1255\...\Run: [Steganos VPN Local Proxy] - C:\Program Files (x86)\Steganos Internet Anonym 2012\polipo\polipo.exe [632272 2011-04-18] ()
HKU\php 1255\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\php 1255\...\Run: [Google Update] - C:\Users\TimoWerner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-22] (Google Inc.)
HKU\php 1255\...\Run: [ZumoDrive] - C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2080 2011-04-08] ()
HKU\php 1255\...\Run: [Personal ID] - C:\Program Files (x86)\coolspot AG\Personal ID\pid.exe [1132984 2012-09-17] (coolspot AG, Düsseldorf)
HKU\php 1255\...\Run: [SkyDrive] - C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation)
HKU\php 1255\...\Run: [HP Deskjet 3520 series (NET)] - C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\php 1255\...\Run: [SugarSync] - C:\Program Files (x86)\SugarSync\SugarSyncManager.exe [11184480 2013-01-24] (SugarSync, Inc.)
HKU\php 1255\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\php 1255\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKU\php 1255\...\Run: [GoogleChromeAutoLaunch_D2F7DF8E6B143CD661F0CD4F13848684] - "C:\Users\TimoWerner\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
HKU\php 1255\...\Run: [RGSC] - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.)
HKU\php 1255\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKU\php 1255\...\Run: [COMPUTERBILD Vorteil-Center] - C:\Program Files (x86)\COMPUTERBILD Vorteil-Center\COMPUTERBILD Vorteil-Center.exe [1858096 2013-02-12] (J3S GmbH)
HKU\php 1255\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64"
HKU\php 1255\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64"
HKU\php 1255\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
HKU\php 1255\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
HKU\php 1255\...\Policies\system: [LogonHoursAction] 2
HKU\php 1255\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\php 1255\...\Policies\system: [DisableLockWorkstation] 0
HKU\php 1255\...\Policies\system: [DisableChangePassword] 0
HKU\v\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\v\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [336560 2010-10-04] (Expert System S.p.A.)
HKU\v\...\Run: [GMX_GMX MultiMessenger] - C:\Program Files (x86)\GMX\GMX MultiMessenger\MESSENGR.EXE [5031336 2009-10-16] (GMX GmbH)
HKU\v\...\Run: [GMX_GMX Upload-Manager] - C:\Program Files (x86)\GMX\GMX Upload-Manager\DAVSRV.EXE [960608 2011-11-16] (1&1 Mail & Media GmbH)
HKU\v\...\Run: [Akamai NetSession Interface] - C:\Users\TimoWerner\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\v\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [35256 2013-08-22] (Overwolf)
HKU\v\...\Run: [AshSnap] - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe [3249032 2011-12-12] (ashampoo GmbH & Co. KG)
HKU\v\...\Run: [Steganos VPN Local Proxy] - C:\Program Files (x86)\Steganos Internet Anonym 2012\polipo\polipo.exe [632272 2011-04-18] ()
HKU\v\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\v\...\Run: [Google Update] - C:\Users\TimoWerner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-22] (Google Inc.)
HKU\v\...\Run: [ZumoDrive] - C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2080 2011-04-08] ()
HKU\v\...\Run: [Personal ID] - C:\Program Files (x86)\coolspot AG\Personal ID\pid.exe [1132984 2012-09-17] (coolspot AG, Düsseldorf)
HKU\v\...\Run: [SkyDrive] - C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation)
HKU\v\...\Run: [HP Deskjet 3520 series (NET)] - C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\v\...\Run: [SugarSync] - C:\Program Files (x86)\SugarSync\SugarSyncManager.exe [11184480 2013-01-24] (SugarSync, Inc.)
HKU\v\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\v\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKU\v\...\Run: [GoogleChromeAutoLaunch_D2F7DF8E6B143CD661F0CD4F13848684] - "C:\Users\TimoWerner\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
HKU\v\...\Run: [RGSC] - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.)
HKU\v\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKU\v\...\Run: [COMPUTERBILD Vorteil-Center] - C:\Program Files (x86)\COMPUTERBILD Vorteil-Center\COMPUTERBILD Vorteil-Center.exe [1858096 2013-02-12] (J3S GmbH)
HKU\v\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64"
HKU\v\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64"
HKU\v\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
HKU\v\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
HKU\v\...\Policies\system: [LogonHoursAction] 2
HKU\v\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\v\...\Policies\system: [DisableLockWorkstation] 0
HKU\v\...\Policies\system: [DisableChangePassword] 0
HKU\Werner\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\Werner\...\Run: [ZumoDrive] - C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2080 2011-04-08] ()
HKU\Werner\...\Run: [GMX_GMX MultiMessenger] - C:\Program Files (x86)\GMX\GMX MultiMessenger\MESSENGR.EXE [5031336 2009-10-16] (GMX GmbH)
HKU\Werner\...\Run: [GMX_GMX Upload-Manager] - C:\Program Files (x86)\GMX\GMX Upload-Manager\DAVSRV.EXE [960608 2011-11-16] (1&1 Mail & Media GmbH)
HKU\Werner\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [336560 2010-10-04] (Expert System S.p.A.)
HKU\Werner\...\Run: [Akamai NetSession Interface] - C:\Users\TimoWerner\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\Werner\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [35256 2013-08-22] (Overwolf)
HKU\Werner\...\Run: [AshSnap] - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe [3249032 2011-12-12] (ashampoo GmbH & Co. KG)
HKU\Werner\...\Run: [Steganos VPN Local Proxy] - C:\Program Files (x86)\Steganos Internet Anonym 2012\polipo\polipo.exe [632272 2011-04-18] ()
HKU\Werner\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\Werner\...\Run: [Google Update] - C:\Users\TimoWerner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-22] (Google Inc.)
HKU\Werner\...\Run: [Personal ID] - C:\Program Files (x86)\coolspot AG\Personal ID\pid.exe [1132984 2012-09-17] (coolspot AG, Düsseldorf)
HKU\Werner\...\Run: [SkyDrive] - C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation)
HKU\Werner\...\Run: [HP Deskjet 3520 series (NET)] - C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\Werner\...\Run: [SugarSync] - C:\Program Files (x86)\SugarSync\SugarSyncManager.exe [11184480 2013-01-24] (SugarSync, Inc.)
HKU\Werner\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\Werner\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKU\Werner\...\Run: [GoogleChromeAutoLaunch_D2F7DF8E6B143CD661F0CD4F13848684] - "C:\Users\TimoWerner\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
HKU\Werner\...\Run: [RGSC] - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.)
HKU\Werner\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKU\Werner\...\Run: [COMPUTERBILD Vorteil-Center] - C:\Program Files (x86)\COMPUTERBILD Vorteil-Center\COMPUTERBILD Vorteil-Center.exe [1858096 2013-02-12] (J3S GmbH)
HKU\Werner\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64"
HKU\Werner\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64"
HKU\Werner\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
HKU\Werner\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
HKU\Werner\...\Policies\system: [DisableLockWorkstation] 0
HKU\Werner\...\Policies\system: [DisableChangePassword] 0
HKU\Werner\...\Policies\system: [LogonHoursAction] 2
HKU\Werner\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Werner1\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\Werner1\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [336560 2010-10-04] (Expert System S.p.A.)
HKU\Werner1\...\Run: [VoipCheapCom] - C:\Program Files (x86)\VoipCheapCom\voipcheapcom.exe [14054712 2012-02-06] (VoipCheapCom)
HKU\Werner1\...\Run: [GMX_GMX MultiMessenger] - C:\Program Files (x86)\GMX\GMX MultiMessenger\MESSENGR.EXE [5031336 2009-10-16] (GMX GmbH)
HKU\Werner1\...\Run: [GMX_GMX Upload-Manager] - C:\Program Files (x86)\GMX\GMX Upload-Manager\DAVSRV.EXE [960608 2011-11-16] (1&1 Mail & Media GmbH)
HKU\Werner1\...\Run: [Akamai NetSession Interface] - C:\Users\TimoWerner\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\Werner1\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [35256 2013-08-22] (Overwolf)
HKU\Werner1\...\Run: [AshSnap] - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe [3249032 2011-12-12] (ashampoo GmbH & Co. KG)
HKU\Werner1\...\Run: [Steganos VPN Local Proxy] - C:\Program Files (x86)\Steganos Internet Anonym 2012\polipo\polipo.exe [632272 2011-04-18] ()
HKU\Werner1\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\Werner1\...\Run: [ZumoDrive] - C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2080 2011-04-08] ()
HKU\Werner1\...\Run: [Personal ID] - C:\Program Files (x86)\coolspot AG\Personal ID\pid.exe [1132984 2012-09-17] (coolspot AG, Düsseldorf)
HKU\Werner1\...\Run: [SkyDrive] - C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation)
HKU\Werner1\...\Run: [HP Deskjet 3520 series (NET)] - C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\Werner1\...\Run: [SugarSync] - C:\Program Files (x86)\SugarSync\SugarSyncManager.exe [11184480 2013-01-24] (SugarSync, Inc.)
HKU\Werner1\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\Werner1\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKU\Werner1\...\Run: [GoogleChromeAutoLaunch_D2F7DF8E6B143CD661F0CD4F13848684] - "C:\Users\TimoWerner\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
HKU\Werner1\...\Run: [RGSC] - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.)
HKU\Werner1\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKU\Werner1\...\Run: [COMPUTERBILD Vorteil-Center] - C:\Program Files (x86)\COMPUTERBILD Vorteil-Center\COMPUTERBILD Vorteil-Center.exe [1858096 2013-02-12] (J3S GmbH)
HKU\Werner1\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64"
HKU\Werner1\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64"
HKU\Werner1\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
HKU\Werner1\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
HKU\Werner1\...\Policies\system: [LogonHoursAction] 2
HKU\Werner1\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Werner1\...\Policies\system: [DisableLockWorkstation] 0
HKU\Werner1\...\Policies\system: [DisableChangePassword] 0
HKU\xx\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [336560 2010-10-04] (Expert System S.p.A.)
IMEO\dropbox.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IMEO\gameconsole-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IMEO\tvdtray.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
Startup: C:\Users\TimoWerner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\TimoWerner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\TimoWerner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GMX Clicktionary 2.8.lnk
ShortcutTarget: GMX Clicktionary 2.8.lnk -> C:\Program Files (x86)\Clicktionary\Cleverlearn Clicktionary.exe (Cleverlearn, Inc.)
Startup: C:\Users\TimoWerner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Real Desktop.lnk
ShortcutTarget: Real Desktop.lnk -> C:\Program Files (x86)\Real Desktop\rdesc.exe (Schillergames)
Startup: C:\Users\TimoWerner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3520 series (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3520 series (Netzwerk).lnk -> C:\Program Files\HP\HP Deskjet 3520 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
==================== Internet (Whitelisted) ====================
ProxyServer: localhost:8123
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
SearchScopes: HKLM - DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Notebooks
SearchScopes: HKLM-x32 - DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Notebooks
SearchScopes: HKCU - {0C5A5BF2-683B-4BE6-850E-BB90306D67F0} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=NDV&o=15765&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=NY&apn_dtid=YYYYYYYYDE&apn_uid=5B8CF2D0-C82E-4536-9736-C7F700656C0F&apn_sauid=AC068637-2922-45ED-AEAA-388C22D7EB07&
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101365&mntrId=849cd9b6000000000000889ffaa87be1
SearchScopes: HKCU - {1F096B29-E9DA-4D64-8D63-936BE7762CC5} URL = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=849cd9b6000000000000889ffaa87be1&tlver=1.4.19.19&affID=16553
SearchScopes: HKCU - {30CB5C4D-2BE0-4C68-B0D4-76B9EA618F6E} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {390838FE-C57E-4349-ABE9-BE8744F5DC74} URL = hxxp://go.gmx.net/br/ie8_search_web/?su={searchTerms}
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {714174E0-312F-422B-AFC2-D7AC0CC67532} URL = hxxp://go.gmx.net/br/ie8_search_amazon/?keywords={searchTerms}
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKCU - {D5521E70-FE65-41E4-85BC-7C9B535CA119} URL = hxxp://go.gmx.net/br/ie8_search_ebay/?q={searchTerms}
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\TimoWerner\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\TimoWerner\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
BHO-x32: CBAbzockschutz.InitToolbarBHO - {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Safe Web Lite\Norton Safe Web Lite\Engine\2014.5.0.67\coIEPlg.dll (Symantec Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Norton Family BHO - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files (x86)\Norton Family\Engine\2.9.0.21\coIEPlg.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Safe Web Lite\Norton Safe Web Lite\Engine\2014.5.0.67\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No File
Toolbar: HKCU - No Name - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default
FF user.js: detected! => C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\user.js
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/firefox
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF NetworkProxy: "type", 0
FF NewTab: hxxp://www.google.com/firefox
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @rim.com/npappworld - C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.10 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\TimoWerner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\TimoWerner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\TimoWerner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\TimoWerner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\TimoWerner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\TimoWerner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: samsung.com/SamsungLinkPCPlugin - C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung)
FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\1und1-suche.xml
FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\aol-suche.xml
FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\icqplugin-3.xml
FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\icqplugin-4.xml
FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\icqplugin-5.xml
FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\icqplugin-6.xml
FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\icqplugin-7.xml
FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\icqplugin.gif
FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\icqplugin.src
FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\mailcom-search.xml
FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\nestoria-deutschland.xml
FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Babylon - C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\Extensions\ffxtlbr@babylon.com
FF Extension: Complitly - Speed up your search with your personal search suggestions tool - C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\Extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
FF Extension: No Name - C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\Extensions\{43196362-5378-448b-8944-f097fa65e932}
FF Extension: No Name - C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF Extension: DownloadHelper - C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: COMPUTERBILD-Abzockschutz - C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\Extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}
FF Extension: toolbar - C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\Extensions\toolbar@gmx.net.xpi
FF Extension: No Name - C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\Extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}.xpi
FF Extension: No Name - C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files (x86)\Steganos Password Manager 12\spmplugin3
FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.6.0.52\coFFFw\
FF Extension: Norton Family - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.6.0.52\coFFFw\
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [jid0-hjoQNmABq6jg91jHpQyvgJUouUP@jetpack] - C:\Program Files (x86)\GutscheinFinder\jid0-hjoQNmABq6jg91jHpQyvgJUouUPjetpack.xpi
FF Extension: No Name - C:\Program Files (x86)\GutscheinFinder\jid0-hjoQNmABq6jg91jHpQyvgJUouUPjetpack.xpi
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: No Name - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Thunderbird\Extensions: [{d591241b-9967-418c-9b7d-ee128131d60d}] - C:\Program Files (x86)\GMX\GMX MultiMessenger\ThunderbirdSyncProxy
FF Extension: Adressbuchanbindung für GMX MultiMessenger - C:\Program Files (x86)\GMX\GMX MultiMessenger\ThunderbirdSyncProxy
Chrome:
=======
CHR Extension: (Complitly plugin for chrome) - C:\Users\TIMOWE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\TIMOWE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\TIMOWE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.2.3.3_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\TIMOWE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbar.crx
CHR HKLM-x32\...\Chrome\Extension: [didlmjkkjfegblmkekbhgpefajgikncm] - C:\Program Files (x86)\GutscheinFinder\gutscheincodes.crx
CHR HKLM-x32\...\Chrome\Extension: [dlfienamagdnkekbbbocojppncdambda] - C:\Program Files (x86)\Complitly\chrome\ComplitlyChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\TimoWerner\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [napjheenlliimoedooldaalpjfidlidp] - C:\Program Files (x86)\Norton Family\Engine\2.9.0.21\Extensions\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Safe Web Lite\Norton Safe Web Lite\Engine\2014.5.0.67\Exts\Chrome.crx
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-03] (Akamai Technologies, Inc.)
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe [405896 2013-05-03] (Samsung)
R2 Apache2.2; c:\xampp\apache\bin\httpd.exe [18432 2011-09-10] (Apache Software Foundation)
S3 AppBoosterService; C:\Program Files (x86)\Common Files\PCSUITE Common\BoostService.exe [1556360 2011-10-05] (MARKEMENT)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393080 2012-10-17] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2012-10-17] (BlueStack Systems, Inc.)
R2 CronService; C:\Prey\platform\windows\cronsvc.exe [19968 2011-02-15] (Fork Ltd.)
R2 DokanMounter; C:\Program Files\COMPUTERBILD-Cloud\Data\Tools\mounter.exe [14848 2012-02-15] ()
S3 FileZilla Server; c:\xampp\FileZillaFTP\FileZillaServer.exe [630272 2011-06-07] (FileZilla Project)
S4 MyPublicWiFiService; C:\Program Files (x86)\MyPublicWiFi\PublicWiFiService.exe [597504 2011-12-02] ()
R2 mysql; c:\xampp\mysql\bin\mysqld.exe [8158720 2011-09-09] ()
S2 MySQL55; C:\ProgramData\MySQL\MySQL Server 5.5\my.ini [9503 2012-09-28] ()
R2 NCO; C:\Program Files (x86)\Norton Safe Web Lite\Norton Safe Web Lite\Engine\2014.5.0.67\NST.exe [129424 2013-08-15] (Symantec Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3897432 2011-09-18] (INCA Internet Co., Ltd.)
R2 NSM; C:\Program Files (x86)\Norton Family\Engine\2.9.0.21\NF.exe [570264 2013-09-12] (Symantec Corporation)
R2 Online Shield Starter Service; C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe [303368 2013-05-16] (Steganos Software GmbH)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\\OverwolfUpdater.exe [18360 2013-08-22] (Overwolf Ltd)
R2 SpyroService; C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe [48128 2011-09-09] (FS)
R2 Steganos Anonym VPN Starter Service; C:\Program Files (x86)\Steganos Internet Anonym 2012\VPNService.exe [267928 2011-08-25] (Steganos Software GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2028864 2011-12-13] (TuneUp Software)
S4 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2012-01-31] ()
==================== Drivers (Whitelisted) ====================
S1 acedrv07; C:\Windows\system32\drivers\acedrv07.sys [125440 2011-07-02] ()
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-31] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-31] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-08-31] ()
S3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [346496 2012-02-08] (AVEO)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2012-10-17] (BlueStack Systems)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2012-10-17] (BlueStack Systems)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R1 ccSet_NSM; C:\Windows\system32\drivers\NSMx64\0209000.015\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE05000.043\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation)
R0 CryptBox; C:\Windows\SysWow64\drivers\CryptBox.sys [222080 2011-06-14] (Abelssoft GmbH)
R0 CryptBox; C:\Windows\SysWow64\drivers\CryptBox.sys [222080 2011-06-14] (Abelssoft GmbH)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2012-02-15] (Windows (R) Win 7 DDK provider)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2012-02-15] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-23] (DT Soft Ltd)
R3 Iviaspi; C:\Windows\System32\drivers\Iviaspi.sys [21792 2007-01-11] (InterVideo, Inc.)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-07-23] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-07-23] (RapidSolution Software AG)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-02-19] (Duplex Secure Ltd.)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-09-19] (Symantec Corporation)
R3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}; C:\Windows\System32\Drivers\NSMx64\0209000.015\SymRdrS.SYS [245848 2013-08-17] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2011-12-12] (TuneUp Software)
R1 uigxrdr; C:\Windows\System32\DRIVERS\uigxrdr.sys [199752 2011-11-16] (1&1 Mail & Media GmbH)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
U3 akbl5igu; C:\Windows\System32\Drivers\akbl5igu.sys [0 ] (Microsoft Corporation)
S3 clwvd; system32\DRIVERS\clwvd.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-29 15:41 - 2013-09-29 15:41 - 00000000 ____D C:\FRST
2013-09-29 15:37 - 2013-09-29 15:39 - 01953880 _____ (Farbar) C:\Users\TimoWerner\Downloads\FRST64.exe
2013-09-29 15:22 - 2013-09-29 15:22 - 00003228 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4291137014-3446076692-3718497768-1007
2013-09-26 14:00 - 2013-09-26 14:01 - 00586544 _____ C:\Windows\Minidump\092613-158933-01.dmp
2013-09-23 15:55 - 2013-09-23 15:55 - 00000000 ____D C:\Users\Werner1\Desktop\Neuer Ordner
2013-09-23 13:52 - 2013-09-23 13:52 - 00000000 ____D C:\Users\Werner1\AppData\Local\COMPUTERBILD Vorteil-Center
2013-09-23 09:01 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 09:01 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 09:01 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 09:01 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-23 09:01 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 09:01 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 09:01 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 09:01 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 09:01 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 09:01 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 09:01 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-23 09:01 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-23 09:01 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-23 09:01 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-23 09:01 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-23 09:01 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-23 09:01 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-23 09:01 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-23 09:01 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-23 09:01 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-23 09:01 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-23 09:01 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-23 09:01 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-23 09:01 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-23 09:00 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 09:00 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 09:00 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 09:00 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-23 09:00 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-23 09:00 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-23 09:00 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-23 01:05 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-23 01:05 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-23 01:05 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-23 01:05 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-23 01:05 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-23 01:05 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-23 01:05 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-23 01:05 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-23 01:05 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-23 01:05 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-23 01:05 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-23 01:05 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-23 01:05 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-23 01:05 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-23 01:05 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-23 01:05 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-23 01:05 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-23 01:05 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-23 01:05 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-23 01:05 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-23 01:05 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-23 01:05 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-23 01:05 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-23 01:05 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-23 01:05 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-23 01:05 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-23 01:05 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-23 01:05 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-23 01:05 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-23 01:05 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-23 01:04 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-23 01:04 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-23 01:04 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-23 01:04 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-23 01:04 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-23 01:04 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-23 01:04 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-23 00:52 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-23 00:52 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-23 00:52 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-23 00:51 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-23 00:51 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-23 00:42 - 2013-09-23 00:43 - 00675424 _____ C:\Windows\Minidump\092313-151476-01.dmp
2013-09-21 19:34 - 2013-09-29 15:21 - 00003352 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4291137014-3446076692-3718497768-1007
2013-09-21 18:50 - 2013-09-21 18:51 - 00534840 _____ C:\Windows\Minidump\092113-151913-01.dmp
2013-09-20 20:29 - 2013-09-20 20:29 - 00000000 ____D C:\Windows\System32\Tasks\Norton Family
2013-09-20 19:31 - 2013-09-20 19:31 - 00006914 _____ C:\Windows\DPINST.LOG
2013-09-20 19:31 - 2013-09-20 19:31 - 00000000 ____D C:\Program Files\DIFX
2013-09-20 19:30 - 2013-09-20 19:30 - 00000000 ____D C:\Users\TimoWerner\Desktop\CDM 2.08.30 WHQL Certified
2013-09-20 19:30 - 2013-07-12 14:36 - 00257384 _____ (FTDI Ltd.) C:\Windows\system32\ftd2xx.dll
2013-09-20 19:30 - 2013-07-12 14:36 - 00219496 _____ (FTDI Ltd.) C:\Windows\SysWOW64\ftd2xx.dll
2013-09-20 19:30 - 2013-07-12 14:36 - 00215400 _____ (FTDI Ltd.) C:\Windows\system32\FTLang.dll
2013-09-20 19:30 - 2013-07-12 14:36 - 00109928 _____ (FTDI Ltd.) C:\Windows\system32\ftbusui.dll
2013-09-20 19:30 - 2013-07-12 14:29 - 00086376 _____ (FTDI Ltd.) C:\Windows\system32\Drivers\ftser2k.sys
2013-09-20 19:30 - 2013-07-12 14:29 - 00079592 _____ (FTDI Ltd.) C:\Windows\system32\Drivers\ftdibus.sys
2013-09-20 19:30 - 2013-07-12 14:29 - 00065896 _____ (FTDI Ltd.) C:\Windows\system32\ftcserco.dll
2013-09-20 19:30 - 2013-07-12 14:28 - 00056168 _____ (FTDI Ltd.) C:\Windows\system32\ftserui2.dll
2013-09-20 12:43 - 2013-09-20 12:49 - 00000000 ____D C:\Users\Werner1\AppData\Roaming\vlc
2013-09-20 12:42 - 2013-09-20 12:42 - 00000000 ____D C:\Users\Werner1\.swt
2013-09-19 20:49 - 2013-09-19 20:49 - 00001017 _____ C:\Users\Public\Desktop\WTT.lnk
2013-09-19 20:49 - 2013-09-19 20:49 - 00000000 ____D C:\Program Files (x86)\Webasto Thermo Test
2013-09-19 20:30 - 2013-09-19 20:31 - 03257976 _____ C:\Users\TimoWerner\Downloads\pc_diag_2_14.exe
2013-09-15 19:38 - 2013-09-26 14:06 - 00003410 _____ C:\Windows\System32\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9
2013-09-09 19:32 - 2013-09-09 19:36 - 67098877 _____ C:\Users\TimoWerner\Downloads\-TNT- - A Minecraft Parody of Taio Cruz's Dynamite - Crafted Using Note Blocks - 10Youtube.com.mp4
2013-09-09 19:27 - 2013-09-09 19:40 - 247133681 _____ C:\Users\TimoWerner\Downloads\Top Minecraft Songs of All Time - Top Twenty HD (ft. FALLEN KINGDOM, CUBE LAND, AND MORE!) - 10Youtube.com.mp4
2013-09-09 19:07 - 2013-09-09 19:07 - 00335068 _____ C:\Users\TimoWerner\Downloads\your-imagesbook.zip
2013-09-04 13:35 - 2013-09-04 13:35 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\{5B4C6A49-9319-433A-BDAA-75AE338E649C}
2013-09-04 13:17 - 2013-09-04 16:17 - 00000000 ____D C:\Users\TimoWerner\Dokumente
2013-09-04 13:16 - 2013-09-04 13:16 - 00000000 ____D C:\Users\TimoWerner\Desktop\Dokumente
2013-09-04 11:43 - 2013-09-04 11:43 - 00000000 __SHD C:\found.004
2013-09-02 15:10 - 2013-09-02 15:10 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\{0987EEA7-578A-4793-AFF2-C02F737ACD9A}
2013-08-31 12:45 - 2013-08-31 12:45 - 00000000 ____D C:\Users\TimoWerner\Desktop\Neuer Ordner
2013-08-31 11:09 - 2013-08-31 11:16 - 00000000 ___RD C:\Users\TimoWerner\Desktop\Wichtig für Windows und Sicherheit
2013-08-31 11:06 - 2013-08-31 11:12 - 00000000 ____D C:\Users\TimoWerner\Desktop\Anderes
2013-08-31 11:06 - 2013-08-31 11:06 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\CrashRpt
2013-08-31 11:05 - 2013-08-31 11:11 - 00000000 ____D C:\Users\TimoWerner\Desktop\Musik Kostenlos Audials One
2013-08-31 11:01 - 2013-08-31 11:01 - 00000000 ____D C:\ProgramData\RapidSolution
2013-08-31 11:01 - 2013-08-31 11:01 - 00000000 ____D C:\Program Files (x86)\Audials
2013-08-31 10:28 - 2013-08-31 17:44 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-08-31 10:28 - 2013-08-31 17:43 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-08-31 10:27 - 2013-08-31 17:43 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-08-30 11:42 - 2013-09-29 15:21 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-30 11:42 - 2013-08-30 11:58 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-30 11:39 - 2013-08-30 11:40 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\{ADE8146A-3E0D-4DEB-9697-969A781D6420}
2013-08-30 11:25 - 2013-09-29 15:55 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-08-30 11:25 - 2013-08-31 17:44 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-30 11:25 - 2013-08-31 17:43 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-30 11:25 - 2013-08-31 17:43 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-30 11:25 - 2013-08-30 11:25 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-08-30 11:25 - 2013-05-09 10:59 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-08-30 11:25 - 2013-05-09 10:59 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-08-30 11:25 - 2013-05-09 10:59 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-08-30 11:25 - 2013-05-09 10:59 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-08-30 11:25 - 2013-05-09 10:59 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-08-30 11:25 - 2013-05-09 10:58 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-08-30 11:23 - 2013-08-30 11:23 - 00000000 ____D C:\Program Files\AVAST Software
2013-08-30 11:23 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-08-30 11:18 - 2013-08-30 11:23 - 00000000 ____D C:\ProgramData\AVAST Software
2013-08-30 11:09 - 2013-08-30 11:15 - 117478104 _____ C:\Users\TimoWerner\Downloads\avast_free_antivirus_setup.exe
2013-08-30 11:04 - 2013-08-30 11:04 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-08-30 11:03 - 2013-08-30 11:04 - 00006180 _____ C:\Users\TimoWerner\Documents\cc_20130830_110356.reg
2013-08-30 11:03 - 2013-08-30 11:03 - 00255176 _____ C:\Users\TimoWerner\Documents\Nach Kasperskey deinstallation.reg
2013-08-30 10:38 - 2013-08-30 10:38 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
==================== One Month Modified Files and Folders =======
2013-09-29 15:56 - 2011-09-21 14:19 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-29 15:55 - 2013-08-30 11:25 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-29 15:54 - 2011-04-08 01:41 - 01258392 _____ C:\Windows\WindowsUpdate.log
2013-09-29 15:52 - 2013-02-19 16:38 - 00000376 _____ C:\Windows\Tasks\AmiUpdXp.job
2013-09-29 15:49 - 2012-11-24 13:55 - 00000029 _____ C:\Windows\SysWOW64\TempWmicBatchFile.bat
2013-09-29 15:49 - 2009-07-14 06:45 - 00023024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-29 15:49 - 2009-07-14 06:45 - 00023024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-29 15:42 - 2012-04-20 14:06 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\Purplizer
2013-09-29 15:41 - 2013-09-29 15:41 - 00000000 ____D C:\FRST
2013-09-29 15:39 - 2013-09-29 15:37 - 01953880 _____ (Farbar) C:\Users\TimoWerner\Downloads\FRST64.exe
2013-09-29 15:38 - 2012-05-21 12:37 - 00000000 ___RD C:\Users\TimoWerner\SkyDrive
2013-09-29 15:32 - 2012-04-20 13:28 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\Overwolf
2013-09-29 15:32 - 2011-11-30 16:12 - 00000000 ____D C:\Users\TimoWerner\AppData\Roaming\Skype
2013-09-29 15:31 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-09-29 15:30 - 2013-05-10 15:47 - 00000000 ____D C:\Samsung Link
2013-09-29 15:28 - 2013-06-03 16:13 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\LogMeIn Hamachi
2013-09-29 15:22 - 2013-09-29 15:22 - 00003228 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4291137014-3446076692-3718497768-1007
2013-09-29 15:21 - 2013-09-21 19:34 - 00003352 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4291137014-3446076692-3718497768-1007
2013-09-29 15:21 - 2013-08-30 11:42 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-29 15:21 - 2011-08-18 11:35 - 00000000 ___RD C:\Users\TimoWerner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-29 15:21 - 2011-08-18 11:35 - 00000000 ___RD C:\Users\TimoWerner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-29 15:20 - 2011-09-21 14:19 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-29 15:19 - 2011-11-30 17:40 - 00001140 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4291137014-3446076692-3718497768-1007UA.job
2013-09-29 15:19 - 2011-11-30 17:40 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4291137014-3446076692-3718497768-1007Core.job
2013-09-26 14:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2013-09-26 14:06 - 2013-09-15 19:38 - 00003410 _____ C:\Windows\System32\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9
2013-09-26 14:02 - 2011-10-30 10:56 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-09-26 14:01 - 2013-09-26 14:00 - 00586544 _____ C:\Windows\Minidump\092613-158933-01.dmp
2013-09-26 14:01 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-26 14:00 - 2013-01-07 18:54 - 392457743 _____ C:\Windows\MEMORY.DMP
2013-09-26 14:00 - 2013-01-07 18:54 - 00000000 ____D C:\Windows\Minidump
2013-09-26 14:00 - 2011-08-22 17:43 - 00071753 _____ C:\Windows\setupact.log
2013-09-25 18:53 - 2012-02-29 19:41 - 00000000 ____D C:\Users\Werner1\AppData\Roaming\Adobe
2013-09-25 18:52 - 2012-06-06 13:14 - 00000000 ____D C:\Users\Werner1\AppData\Local\LogMeIn Hamachi
2013-09-24 13:30 - 2012-03-12 10:08 - 00000000 ____D C:\Users\Werner1\AppData\Local\Adobe
2013-09-24 12:36 - 2013-05-02 13:00 - 00000000 ____D C:\Users\Werner1\AppData\Roaming\ZumoDrive
2013-09-24 10:05 - 2012-02-29 19:34 - 00000000 ____D C:\Users\Werner1\AppData\Local\VirtualStore
2013-09-24 10:02 - 2012-02-29 20:18 - 00000000 ____D C:\Users\Werner1\AppData\Roaming\Skype
2013-09-23 16:52 - 2013-05-02 16:07 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A7DB815E-96C6-4A57-9C4A-16B827A6DC3C}
2013-09-23 15:55 - 2013-09-23 15:55 - 00000000 ____D C:\Users\Werner1\Desktop\Neuer Ordner
2013-09-23 13:57 - 2013-05-02 13:01 - 00000000 ____D C:\Users\Werner1\AppData\Local\Overwolf
2013-09-23 13:52 - 2013-09-23 13:52 - 00000000 ____D C:\Users\Werner1\AppData\Local\COMPUTERBILD Vorteil-Center
2013-09-23 13:49 - 2012-02-29 19:34 - 00000000 ___RD C:\Users\Werner1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-23 13:49 - 2012-02-29 19:34 - 00000000 ___RD C:\Users\Werner1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-23 09:23 - 2009-07-14 06:45 - 00482952 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-23 09:00 - 2011-10-28 13:06 - 01538058 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-23 09:00 - 2011-10-28 13:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-09-23 09:00 - 2010-10-18 04:29 - 00658830 _____ C:\Windows\system32\perfh007.dat
2013-09-23 09:00 - 2010-10-18 04:29 - 00131622 _____ C:\Windows\system32\perfc007.dat
2013-09-23 08:59 - 2013-08-15 14:24 - 00000000 ____D C:\Windows\system32\MRT
2013-09-23 08:52 - 2011-08-02 20:55 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-23 01:05 - 2013-05-02 13:31 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-23 00:43 - 2013-09-23 00:42 - 00675424 _____ C:\Windows\Minidump\092313-151476-01.dmp
2013-09-21 19:57 - 2009-07-14 07:13 - 01510400 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-21 18:51 - 2013-09-21 18:50 - 00534840 _____ C:\Windows\Minidump\092113-151913-01.dmp
2013-09-20 20:32 - 2012-03-02 15:56 - 00000000 ____D C:\Users\Werner1\AppData\Local\CrashDumps
2013-09-20 20:31 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-20 20:29 - 2013-09-20 20:29 - 00000000 ____D C:\Windows\System32\Tasks\Norton Family
2013-09-20 19:31 - 2013-09-20 19:31 - 00006914 _____ C:\Windows\DPINST.LOG
2013-09-20 19:31 - 2013-09-20 19:31 - 00000000 ____D C:\Program Files\DIFX
2013-09-20 19:30 - 2013-09-20 19:30 - 00000000 ____D C:\Users\TimoWerner\Desktop\CDM 2.08.30 WHQL Certified
2013-09-20 14:18 - 2012-08-17 15:11 - 00000000 ____D C:\Users\TimoWerner\AppData\Roaming\ZumoDrive
2013-09-20 13:48 - 2011-08-18 13:09 - 00000000 ____D C:\Users\TimoWerner\AppData\Roaming\Mozilla
2013-09-20 13:37 - 2012-04-20 13:30 - 00000000 ____D C:\Program Files (x86)\Overwolf
2013-09-20 12:49 - 2013-09-20 12:43 - 00000000 ____D C:\Users\Werner1\AppData\Roaming\vlc
2013-09-20 12:42 - 2013-09-20 12:42 - 00000000 ____D C:\Users\Werner1\.swt
2013-09-20 12:42 - 2012-02-29 19:34 - 00000000 ____D C:\Users\Werner1
2013-09-20 12:39 - 2012-02-29 19:38 - 00133760 _____ C:\Users\Werner1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-20 12:35 - 2013-01-02 15:36 - 00000000 ____D C:\Windows\system32\Drivers\NSMx64
2013-09-20 12:31 - 2011-08-26 17:09 - 00611666 _____ C:\Windows\PFRO.log
2013-09-19 20:49 - 2013-09-19 20:49 - 00001017 _____ C:\Users\Public\Desktop\WTT.lnk
2013-09-19 20:49 - 2013-09-19 20:49 - 00000000 ____D C:\Program Files (x86)\Webasto Thermo Test
2013-09-19 20:31 - 2013-09-19 20:30 - 03257976 _____ C:\Users\TimoWerner\Downloads\pc_diag_2_14.exe
2013-09-19 20:23 - 2013-01-02 15:37 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-09-19 20:23 - 2013-01-02 15:37 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-09-10 15:12 - 2011-08-19 17:00 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\CrashDumps
2013-09-10 15:11 - 2013-03-31 11:08 - 00000000 ____D C:\Users\TimoWerner\Documents\WebCam Capture Media
2013-09-09 19:40 - 2013-09-09 19:27 - 247133681 _____ C:\Users\TimoWerner\Downloads\Top Minecraft Songs of All Time - Top Twenty HD (ft. FALLEN KINGDOM, CUBE LAND, AND MORE!) - 10Youtube.com.mp4
2013-09-09 19:36 - 2013-09-09 19:32 - 67098877 _____ C:\Users\TimoWerner\Downloads\-TNT- - A Minecraft Parody of Taio Cruz's Dynamite - Crafted Using Note Blocks - 10Youtube.com.mp4
2013-09-09 19:22 - 2011-08-18 11:57 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{631F1FCF-A0A7-4D04-BDAF-42267D0DD50D}
2013-09-09 19:07 - 2013-09-09 19:07 - 00335068 _____ C:\Users\TimoWerner\Downloads\your-imagesbook.zip
2013-09-08 19:03 - 2012-05-10 18:50 - 00000000 ____D C:\Users\TimoWerner\AppData\Roaming\.minecraft
2013-09-04 16:17 - 2013-09-04 13:17 - 00000000 ____D C:\Users\TimoWerner\Dokumente
2013-09-04 13:35 - 2013-09-04 13:35 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\{5B4C6A49-9319-433A-BDAA-75AE338E649C}
2013-09-04 13:27 - 2013-04-21 13:46 - 00021504 ___SH C:\Users\TimoWerner\Thumbs.db
2013-09-04 13:17 - 2011-08-18 11:35 - 00000000 ____D C:\Users\TimoWerner
2013-09-04 13:16 - 2013-09-04 13:16 - 00000000 ____D C:\Users\TimoWerner\Desktop\Dokumente
2013-09-04 13:04 - 2011-10-28 13:07 - 00000000 ____D C:\Users\TimoWerner\AppData\Roaming\SoftGrid Client
2013-09-04 11:43 - 2013-09-04 11:43 - 00000000 __SHD C:\found.004
2013-09-02 15:10 - 2013-09-02 15:10 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\{0987EEA7-578A-4793-AFF2-C02F737ACD9A}
2013-08-31 18:14 - 2013-08-12 13:39 - 00000000 ____D C:\Users\TimoWerner\Desktop\Musik
2013-08-31 17:44 - 2013-08-31 10:28 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-08-31 17:44 - 2013-08-30 11:25 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-31 17:43 - 2013-08-31 10:28 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-08-31 17:43 - 2013-08-31 10:27 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-08-31 17:43 - 2013-08-30 11:25 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-31 17:43 - 2013-08-30 11:25 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-31 12:45 - 2013-08-31 12:45 - 00000000 ____D C:\Users\TimoWerner\Desktop\Neuer Ordner
2013-08-31 11:16 - 2013-08-31 11:09 - 00000000 ___RD C:\Users\TimoWerner\Desktop\Wichtig für Windows und Sicherheit
2013-08-31 11:12 - 2013-08-31 11:06 - 00000000 ____D C:\Users\TimoWerner\Desktop\Anderes
2013-08-31 11:11 - 2013-08-31 11:05 - 00000000 ____D C:\Users\TimoWerner\Desktop\Musik Kostenlos Audials One
2013-08-31 11:06 - 2013-08-31 11:06 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\CrashRpt
2013-08-31 11:01 - 2013-08-31 11:01 - 00000000 ____D C:\ProgramData\RapidSolution
2013-08-31 11:01 - 2013-08-31 11:01 - 00000000 ____D C:\Program Files (x86)\Audials
2013-08-30 11:58 - 2013-08-30 11:42 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-30 11:58 - 2012-04-11 18:02 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-30 11:58 - 2011-07-30 19:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-30 11:40 - 2013-08-30 11:39 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\{ADE8146A-3E0D-4DEB-9697-969A781D6420}
2013-08-30 11:25 - 2013-08-30 11:25 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-08-30 11:23 - 2013-08-30 11:23 - 00000000 ____D C:\Program Files\AVAST Software
2013-08-30 11:23 - 2013-08-30 11:18 - 00000000 ____D C:\ProgramData\AVAST Software
2013-08-30 11:15 - 2013-08-30 11:09 - 117478104 _____ C:\Users\TimoWerner\Downloads\avast_free_antivirus_setup.exe
2013-08-30 11:04 - 2013-08-30 11:04 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-08-30 11:04 - 2013-08-30 11:03 - 00006180 _____ C:\Users\TimoWerner\Documents\cc_20130830_110356.reg
2013-08-30 11:03 - 2013-08-30 11:03 - 00255176 _____ C:\Users\TimoWerner\Documents\Nach Kasperskey deinstallation.reg
2013-08-30 11:01 - 2012-06-19 15:57 - 00000000 ____D C:\Users\TimoWerner\AppData\Roaming\FileZilla
2013-08-30 10:52 - 2009-09-07 03:03 - 00000000 ____D C:\Users\Administrator
2013-08-30 10:38 - 2013-08-30 10:38 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-08-30 10:19 - 2012-05-18 13:36 - 00000000 ____D C:\Users\TimoWerner\AppData\Roaming\QuickScan
Some content of TEMP:
====================
C:\Users\TimoWerner\AppData\Local\Temp\bitdefender_isecurity_[quickscan].exe
C:\Users\TimoWerner\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\TimoWerner\AppData\Local\Temp\swt-gdip-win32-3448.dll
C:\Users\TimoWerner\AppData\Local\Temp\swt-win32-3448.dll
C:\Users\v\AppData\Local\Temp\mPlayer.df.dll
C:\Users\Werner\AppData\Local\Temp\contentDATs.exe
C:\Users\Werner\AppData\Local\Temp\drm_dyndata_7400008.dll
C:\Users\Werner\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Werner\AppData\Local\Temp\gmx_mediacenter_uploadmanager.exe
C:\Users\Werner\AppData\Local\Temp\mPlayer.df.dll
C:\Users\Werner\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Werner\AppData\Local\Temp\swt-gdip-win32-3448.dll
C:\Users\Werner\AppData\Local\Temp\swt-win32-3448.dll
C:\Users\Werner1\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Werner1\AppData\Local\Temp\swt-gdip-win32-3448.dll
C:\Users\Werner1\AppData\Local\Temp\swt-win32-3448.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2012-06-15 18:41
==================== End Of Log ============================
--- --- --- |
FRST 32-Bit | FRST 64-Bit