Trojaner-Board - Advanced System Protector, Reg Clean Pro, MyPC Backup, Adware

Hallo und vielen Dank schon mal im Voraus für deine Hilfe und Geduld :-)

Security Essentials hatte folgendes erkannt und habe ich entfernt:
Adware:Win32/AddLyrics

Hier das mbam log

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 09.04.2014

Suchlauf-Zeit: 00:17:45

Logdatei: mbam.txt

Administrator: Ja
 

Version: 2.00.1.1004

Malware Datenbank: v2014.04.08.08

Rootkit Datenbank: v2014.03.27.01

Lizenz: Kostenlos

Malware Schutz: Deaktiviert

Bösartiger Webseiten Schutz: Deaktiviert

Chameleon: Deaktiviert
 

Betriebssystem: Windows 7

CPU: x86

Dateisystem: NTFS

Benutzer: frank
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 239105

Verstrichene Zeit: 19 Min, 35 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Shuriken: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 0

(No malicious items detected)
 

Module: 0

(No malicious items detected)
 

Registrierungsschlüssel: 5

PUP.Optional.QuickShare.A, HKU\S-1-5-21-4089588110-1686190585-82104207-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [a93f9a8ddba041f58e69b88ba45edc24], 

PUP.Optional.QuickShare.A, HKU\S-1-5-21-4089588110-1686190585-82104207-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [a93f9a8ddba041f58e69b88ba45edc24], 

PUP.Optional.PlurPush.A, HKU\S-1-5-21-4089588110-1686190585-82104207-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{82249076-D5C8-431D-982B-023779779587}, In Quarantäne, [6f7911169cdf59dd21e27ec843bfa25e], 

PUP.Optional.PlurPush.A, HKU\S-1-5-21-4089588110-1686190585-82104207-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{82249076-D5C8-431D-982B-023779779587}, In Quarantäne, [6f7911169cdf59dd21e27ec843bfa25e], 

PUP.Optional.PriceGong.A, HKU\S-1-5-21-4089588110-1686190585-82104207-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, In Quarantäne, [23c5c85f27541125d679d9932dd5a858], 
 

Registrierungswerte: 0

(No malicious items detected)
 

Registrierungsdaten: 7

PUP.Optional.SnapDo.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5hb0cgnKGL_o0V0UUEiYKBzAxfgCc_2SfHRG05Dpd7wi54X_Q0akJHTQ-QBh8yVLKkRyPtqkrpy1Q2n0Gwoghs0IPtKsxtVV7vGKIFooj6U8w-61pPaToeOvg5cfMlEU,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5hb0cgnKGL_o0V0UUEiYKBzAxfgCc_2SfHRG05Dpd7wi54X_Q0akJHTQ-QBh8yVLKkRyPtqkrpy1Q2n0Gwoghs0IPtKsxtVV7vGKIFooj6U8w-61pPaToeOvg5cfMlEU,&q={searchTerms}),Ersetzt,[29bf3fe8a8d3d75f0eadf9166e96f010]

PUP.Optional.Snapdo, HKU\S-1-5-21-4089588110-1686190585-82104207-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5hb0cgnKGL_o0V0UUEiYKBzAxfgCc_2SfHRG05Dpd7wi54X_Q0akJHTQ-QBh8yVLKkRyPtqkrpy1Q2n0Gwoghs0IPtKsxtVV7vGKIFooj6U8w-61pPaToeOvg5cfMlEI,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5hb0cgnKGL_o0V0UUEiYKBzAxfgCc_2SfHRG05Dpd7wi54X_Q0akJHTQ-QBh8yVLKkRyPtqkrpy1Q2n0Gwoghs0IPtKsxtVV7vGKIFooj6U8w-61pPaToeOvg5cfMlEI,&q={searchTerms}),Ersetzt,[d711c95ecdaeba7cdb490c0df01449b7]

PUP.Optional.Snapdo, HKU\S-1-5-21-4089588110-1686190585-82104207-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5hb0cgnKGL_o0V0UUEiYKBzAxfgCc_2SfHRG05Dpd7wi54X_Q0akJHTQ-QBh8yVLKnd_5y-9vbkmZTZYQT3SrvtvPTq-Wp9Bai_-wydVin3sSkU0bfG18GgS6rb_B2Qo,, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5hb0cgnKGL_o0V0UUEiYKBzAxfgCc_2SfHRG05Dpd7wi54X_Q0akJHTQ-QBh8yVLKnd_5y-9vbkmZTZYQT3SrvtvPTq-Wp9Bai_-wydVin3sSkU0bfG18GgS6rb_B2Qo,),Ersetzt,[7d6b55d280fb0e28ed38f920ea1a8e72]

PUP.Optional.Snapdo, HKU\S-1-5-21-4089588110-1686190585-82104207-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5hb0cgnKGL_o0V0UUEiYKBzAxfgCc_2SfHRG05Dpd7wi54X_Q0akJHTQ-QBh8yVLKkRyPtqkrpy1Q2n0Gwoghs0IPtKsxtVV7vGKIFooj6U8w-61pPaToeOvg5cfMlEI,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5hb0cgnKGL_o0V0UUEiYKBzAxfgCc_2SfHRG05Dpd7wi54X_Q0akJHTQ-QBh8yVLKkRyPtqkrpy1Q2n0Gwoghs0IPtKsxtVV7vGKIFooj6U8w-61pPaToeOvg5cfMlEI,&q={searchTerms}),Ersetzt,[dc0c2601daa1ef47b56e65b4ed17926e]

PUP.Optional.Snapdo, HKU\S-1-5-21-4089588110-1686190585-82104207-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5hb0cgnKGL_o0V0UUEiYKBzAxfgCc_2SfHRG05Dpd7wi54X_Q0akJHTQ-QBh8yVLKkRyPtqkrpy1Q2n0Gwoghs0IPtKsxtVV7vGKIFooj6U8w-61pPaToeOvg5cfMlEI,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5hb0cgnKGL_o0V0UUEiYKBzAxfgCc_2SfHRG05Dpd7wi54X_Q0akJHTQ-QBh8yVLKkRyPtqkrpy1Q2n0Gwoghs0IPtKsxtVV7vGKIFooj6U8w-61pPaToeOvg5cfMlEI,&q={searchTerms}),Ersetzt,[6b7dea3d1665e5512ef822f7d034a15f]

PUP.Optional.Snapdo, HKU\S-1-5-21-4089588110-1686190585-82104207-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5hb0cgnKGL_o0V0UUEiYKBzAxfgCc_2SfHRG05Dpd7wi54X_Q0akJHTQ-QBh8yVLKkRyPtqkrpy1Q2n0Gwoghs0IPtKsxtVV7vGKIFooj6U8w-61pPaToeOvg5cfMlEI,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5hb0cgnKGL_o0V0UUEiYKBzAxfgCc_2SfHRG05Dpd7wi54X_Q0akJHTQ-QBh8yVLKkRyPtqkrpy1Q2n0Gwoghs0IPtKsxtVV7vGKIFooj6U8w-61pPaToeOvg5cfMlEI,&q={searchTerms}),Ersetzt,[a7410423166595a1fd2a03160afa748c]

PUP.Optional.SnapDo.A, HKU\S-1-5-21-4089588110-1686190585-82104207-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5hb0cgnKGL_o0V0UUEiYKBzAxfgCc_2SfHRG05Dpd7wi54X_Q0akJHTQ-QBh8yVLKkRyPtqkrpy1Q2n0Gwoghs0IPtKsxtVV7vGKIFooj6U8w-61pPaToeOvg5cfMlEI,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5hb0cgnKGL_o0V0UUEiYKBzAxfgCc_2SfHRG05Dpd7wi54X_Q0akJHTQ-QBh8yVLKkRyPtqkrpy1Q2n0Gwoghs0IPtKsxtVV7vGKIFooj6U8w-61pPaToeOvg5cfMlEI,&q={searchTerms}),Ersetzt,[52962dfa9ae12511dddf858a07fdb947]
 

Ordner: 5

PUP.Optional.OpenCandy, C:\Users\frank\AppData\Roaming\OpenCandy, In Quarantäne, [14d48d9a364544f269abcd8aec160ff1], 

PUP.Optional.OpenCandy, C:\Users\frank\AppData\Roaming\OpenCandy\79C23119E28F4C99936FA5B4DC83387B, In Quarantäne, [14d48d9a364544f269abcd8aec160ff1], 

PUP.Optional.Conduit.A, C:\Users\frank\AppData\Local\Temp\ct3288691, In Quarantäne, [40a835f2681377bf9def9dba59a9fa06], 

PUP.Optional.Conduit.A, C:\Users\frank\AppData\Local\Temp\ct3297265, In Quarantäne, [7d6bd7504e2db680a4e8ce89e31fd828], 

PUP.Optional.Conduit.A, C:\Users\frank\AppData\Local\Temp\ct3297861, In Quarantäne, [7276af789cdf05313b51afa8ca3811ef], 
 

Dateien: 15

PUP.Optional.Babylon.A, C:\Users\frank\AppData\Local\Temp\is1070216317\DeltaTB.exe, In Quarantäne, [02e6ae79cbb0191d9565e717e7197f81], 

PUP.Optional.OutBrowse, C:\Users\frank\Downloads\setup.exe, In Quarantäne, [48a075b22f4c7eb8d6767a35897af60a], 

PUP.Optional.SmartBar, C:\Windows\Installer\MSIE8E0.tmp-\Smartbar.Installer.CustomActions.dll, In Quarantäne, [14d4b770dc9f45f1d63eb47ad42c27d9], 

PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot.exe, In Quarantäne, [4a9eaf786a1194a21f2379100af9b54b], 

PUP.Optional.OpenCandy, C:\Users\frank\AppData\Roaming\OpenCandy\79C23119E28F4C99936FA5B4DC83387B\2787.ico, In Quarantäne, [14d48d9a364544f269abcd8aec160ff1], 

PUP.Optional.OpenCandy, C:\Users\frank\AppData\Roaming\OpenCandy\79C23119E28F4C99936FA5B4DC83387B\EBB77268-338F-4C6A-8590-AD88FED26F4A, In Quarantäne, [14d48d9a364544f269abcd8aec160ff1], 

PUP.Optional.OpenCandy, C:\Users\frank\AppData\Roaming\OpenCandy\79C23119E28F4C99936FA5B4DC83387B\Installer.exe, In Quarantäne, [14d48d9a364544f269abcd8aec160ff1], 

PUP.Optional.OpenCandy, C:\Users\frank\AppData\Roaming\OpenCandy\79C23119E28F4C99936FA5B4DC83387B\OCBrowserHelper_1.0.3.85.dll, In Quarantäne, [14d48d9a364544f269abcd8aec160ff1], 

PUP.Optional.Conduit.A, C:\Users\frank\AppData\Local\Temp\ct3288691\chromeid.txt, In Quarantäne, [40a835f2681377bf9def9dba59a9fa06], 

PUP.Optional.Conduit.A, C:\Users\frank\AppData\Local\Temp\ct3288691\setup.ini.txt, In Quarantäne, [40a835f2681377bf9def9dba59a9fa06], 

PUP.Optional.Conduit.A, C:\Users\frank\AppData\Local\Temp\ct3297265\ism.exe, In Quarantäne, [7d6bd7504e2db680a4e8ce89e31fd828], 

PUP.Optional.Conduit.A, C:\Users\frank\AppData\Local\Temp\ct3297861\chromeid.txt, In Quarantäne, [7276af789cdf05313b51afa8ca3811ef], 

PUP.Optional.Conduit.A, C:\Users\frank\AppData\Local\Temp\ct3297861\setup.ini.txt, In Quarantäne, [7276af789cdf05313b51afa8ca3811ef], 

PUP.Optional.Conduit.A, C:\Users\frank\AppData\Roaming\Mozilla\Firefox\Profiles\5qwtjodz.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}");), Ersetzt,[e206a87f7cfff73ff5c7cc78db296b95]

PUP.Optional.Conduit.A, C:\Users\frank\AppData\Roaming\Mozilla\Firefox\Profiles\5qwtjodz.default\prefs.js, Gut: (), Schlecht: (user_pref("CT2475029.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q=");), Ersetzt,[b830c85f176453e32f8e5be939cb7f81]
 

Physische Sektoren: 0

(No malicious items detected)
 
 

(end)

und jrt

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.3 (03.23.2014:1)

OS: Windows 7 Home Premium x86

Ran by frank on 09.04.2014 at  0:43:52,08

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\frank\AppData\Roaming\mozilla\firefox\profiles\5qwtjodz.default\minidumps [136 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 09.04.2014 at  0:46:14,49

Computer was rebooted

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

jetzt frst

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-04-2014 01

Ran by frank (administrator) on FRANK-PC on 13-04-2014 14:53:34

Running from C:\Users\frank\Downloads

Microsoft Windows 7 Home Premium  (X86) OS Language: German Standard

Internet Explorer Version 8

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe

(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

() C:\Program Files\Synology\Assistant\UsbClientService.exe

(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe

(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\tv_w32.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe

(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe

(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe

(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe

(Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

(CyberLink Corp.) C:\Program Files\CyberLink\YouCam\YouCamTray.exe

(Haufe-Lexware GmbH & Co. KG) C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(DivX, LLC) C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe

() C:\Program Files\DivX\DivX Update\DivXUpdate.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe

(MAXA Research Int'l Inc.) C:\Program Files\MAXA Cookie Manager\Cookie.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Secunia) C:\Program Files\Secunia\PSI\sua.exe

(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-05-10] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1423904 2010-05-10] (Realtek Semiconductor)

HKLM\...\Run: [HotkeyApp] - C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)

HKLM\...\Run: [LMgrVolOSD] - C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-12] (Wistron Corp.)

HKLM\...\Run: [LMgrOSD] - "C:\Program Files\Launch Manager\OSDCtrl.exe"

HKLM\...\Run: [Wbutton] - C:\Program Files\Launch Manager\Wbutton.exe [413696 2010-01-13] (Wistron Corp.)

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2010-05-10] (Synaptics Incorporated)

HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)

HKLM\...\Run: [YouCam Mirror Tray icon] - C:\Program Files\CyberLink\YouCam\YouCamTray.exe [171104 2010-03-03] (CyberLink Corp.)

HKLM\...\Run: [LexwareInfoService] - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [339312 2010-09-15] (Haufe-Lexware GmbH & Co. KG)

HKLM\...\Run: [Ashampoo HDD Control Guard] - C:\Program Files\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe [4085080 2011-01-28] (Ashampoo Development GmbH & Co. KG)

HKLM\...\Run: [KeePass 2 PreLoad] - C:\Program Files\KeePass Password Safe 2\KeePass.exe [1733120 2011-04-10] (Dominik Reichl)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)

HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-11] (DivX, LLC)

HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKU\.DEFAULT\...\RunOnce: [{90140000-003D-0000-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H

HKU\S-1-5-21-4089588110-1686190585-82104207-1000\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)

HKU\S-1-5-21-4089588110-1686190585-82104207-1000\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

HKU\S-1-5-21-4089588110-1686190585-82104207-1000\...\Run: [MSCS] - C:\Program Files\MAXA Cookie Manager\Cookie.exe [1036288 2011-01-29] (MAXA Research Int'l Inc.)

HKU\S-1-5-21-4089588110-1686190585-82104207-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)

HKU\S-1-5-21-4089588110-1686190585-82104207-1000\...\MountPoints2: {4ba2377e-e6cb-11df-8b97-806e6f6e6963} - E:\_SETIMG\EPSSWT.EXE /NODISP:"ALL" /NOWIZ:"..\EPSETUP.EXE" /ST:"3500,WIN98,WINME"

Startup: C:\Users\frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://medion.msn.com

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.medion.com

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.medion.com

SearchScopes: HKLM - DefaultScope value is missing.

BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\frank\AppData\Roaming\Mozilla\Firefox\Profiles\5qwtjodz.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File

FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File

FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Dr.Web Anti-Virus Link Checker - C:\Users\frank\AppData\Roaming\Mozilla\Firefox\Profiles\5qwtjodz.default\Extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5} [2013-10-22]

FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\frank\AppData\Roaming\Mozilla\Firefox\Profiles\5qwtjodz.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-25]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-04-03]
 

========================== Services (Whitelisted) =================
 

S3 DfSdkS; C:\Program Files\Ashampoo\Ashampoo HDD Control\Dfsdks.exe [406016 2009-08-24] (mst software GmbH, Germany)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)

R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [988216 2011-01-05] (Secunia)

R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-01-05] (Secunia)

R2 UsbClientService; C:\Program Files\Synology\Assistant\UsbClientService.exe [248704 2013-04-30] ()

R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)

R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10)

S2 ADExchange; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [X]
 

==================== Drivers (Whitelisted) ====================
 

R3 busenum; C:\Windows\System32\DRIVERS\busenum.sys [45792 2012-08-03] (Windows (R) Win 7 DDK provider)

R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)

S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [786400 2010-05-10] (DiBcom SA)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)

R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)

R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)

R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)

S3 FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-04-13 14:53 - 2014-04-13 14:54 - 00014857 _____ () C:\Users\frank\Downloads\FRST.txt

2014-04-13 14:53 - 2014-04-13 14:53 - 00000000 ____D () C:\FRST

2014-04-12 21:46 - 2014-04-12 21:46 - 00010438 _____ () C:\Users\frank\Desktop\mbam.txt

2014-04-12 21:37 - 2014-04-12 21:37 - 00380416 _____ () C:\Users\frank\Downloads\yjilwuw7.exe

2014-04-12 21:36 - 2014-04-12 21:37 - 01145856 _____ (Farbar) C:\Users\frank\Downloads\FRST.exe

2014-04-12 21:35 - 2014-04-12 21:36 - 00050477 _____ () C:\Users\frank\Downloads\Defogger.exe

2014-04-12 21:32 - 2014-04-12 21:57 - 1866796298 _____ () C:\Users\frank\Downloads\Knight_and_Day_2014-04-11_2015_531608.mp4

2014-04-12 21:32 - 2014-04-12 21:52 - 1821480924 _____ () C:\Users\frank\Downloads\Die_Fremde_in_dir_2014-04-12_0050_531608.mp4

2014-04-10 21:58 - 2014-04-11 00:19 - 1791525191 _____ () C:\Users\frank\Downloads\Black_Swan_2014-04-06_2225_531608.mp4

2014-04-10 21:58 - 2014-04-11 00:19 - 1628904034 _____ () C:\Users\frank\Downloads\From_Dusk_Till_Dawn_2014-04-05_2300_531608.mp4

2014-04-10 21:58 - 2014-04-11 00:18 - 1751121311 _____ () C:\Users\frank\Downloads\X_Men_Der_letzte_Widerstand_2014-04-04_2015_531608.mp4

2014-04-10 21:58 - 2014-04-11 00:15 - 1477338610 _____ () C:\Users\frank\Downloads\Flightplan_Ohne_jede_Spur_2014-03-26_2015_531608.mp4

2014-04-10 21:58 - 2014-04-11 00:10 - 1476713986 _____ () C:\Users\frank\Downloads\Dream_House_2014-04-05_2015_531608.mp4

2014-04-10 21:58 - 2014-04-11 00:07 - 1295836075 _____ () C:\Users\frank\Downloads\Jagdfieber_3_2014-04-06_1150_531608.mp4

2014-04-10 21:58 - 2014-04-11 00:06 - 1412191860 _____ () C:\Users\frank\Downloads\Triff_die_Robinsons_2014-04-05_2015_531608.mp4

2014-04-10 17:16 - 2014-04-10 17:48 - 2444856222 _____ () C:\Users\frank\Downloads\Pirates_of_the_Caribbean_Fluch_der_Kar_2014-04-05_2015_531608.mp4

2014-04-10 17:16 - 2014-04-10 17:47 - 2138667568 _____ () C:\Users\frank\Downloads\Spider_Man_2_2014-03-31_2015_531608.mp4

2014-04-10 17:16 - 2014-04-10 17:46 - 2311963124 _____ () C:\Users\frank\Downloads\Fluch_der_Karibik_2014-03-29_2015_531608.mp4

2014-04-10 17:16 - 2014-04-10 17:34 - 1489497797 _____ () C:\Users\frank\Downloads\Spider_Man_2014-04-06_1520_531608.mp4

2014-04-09 21:48 - 2014-04-09 22:01 - 1412762013 _____ () C:\Users\frank\Downloads\Jagdfieber_2014-03-30_1335_531608.mp4

2014-04-09 21:45 - 2014-04-09 22:04 - 1652000589 _____ () C:\Users\frank\Downloads\Haben_Sie_das_von_den_Morgans_gehoert_2014-04-02_2015_531608.mp4

2014-04-09 20:57 - 2014-04-09 21:17 - 1681416386 _____ () C:\Users\frank\Downloads\Percy_Jackson_Diebe_im_Olymp_2014-03-23_1600_531608.mp4

2014-04-09 20:56 - 2014-04-09 21:17 - 1680793072 _____ () C:\Users\frank\Downloads\Das_Imperium_der_Woelfe_2014-03-22_2310_531608.mp4

2014-04-09 20:56 - 2014-04-09 21:14 - 1336478285 _____ () C:\Users\frank\Downloads\Underworld_Aufstand_der_Lykaner_2014-03-22_2225_531608.mp4

2014-04-09 00:46 - 2014-04-09 00:46 - 00000781 _____ () C:\Users\frank\Desktop\JRT.txt

2014-04-09 00:41 - 2014-04-09 00:41 - 00000000 ____D () C:\Windows\ERUNT

2014-04-09 00:05 - 2014-04-09 00:05 - 01016261 _____ (Thisisu) C:\Users\frank\Downloads\JRT_6.1.4.exe

2014-04-09 00:04 - 2014-04-09 00:39 - 00000000 ____D () C:\AdwCleaner

2014-04-09 00:04 - 2014-04-09 00:04 - 01426178 _____ () C:\Users\frank\Downloads\adwcleaner3023.exe

2014-04-08 23:57 - 2014-04-12 21:43 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-08 23:57 - 2014-04-08 23:57 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-08 23:57 - 2014-04-08 23:57 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-04-08 23:57 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-08 23:57 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-08 23:57 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-08 23:53 - 2014-04-08 23:53 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\frank\Downloads\mbam-setup-2.0.1.1004.exe

2014-04-08 23:30 - 2014-04-08 23:30 - 00001819 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk

2014-04-08 23:29 - 2014-04-08 23:30 - 00000000 ____D () C:\Program Files\QuickTime

2014-04-08 23:25 - 2014-04-08 23:26 - 41945432 _____ (Apple Inc.) C:\Users\frank\Downloads\QuickTimeInstaller.exe

2014-04-08 23:15 - 2014-04-08 23:15 - 00001993 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk

2014-04-08 23:00 - 2014-04-08 23:00 - 00240352 _____ () C:\Users\frank\Downloads\RemoveFakeAntivirus_1.97.exe

2014-04-08 22:39 - 2014-04-08 22:41 - 103920400 _____ (Microsoft Corporation) C:\Users\frank\Downloads\msert.exe

2014-04-03 21:45 - 2014-04-03 22:00 - 1105103744 _____ () C:\Users\frank\Downloads\Pocahontas_II_Reise_in_eine_neue_Welt_2014-03-21_2015_531608.mp4

2014-04-03 21:44 - 2014-04-03 22:01 - 1238022203 _____ () C:\Users\frank\Downloads\Fischen_Impossible_Eine_tierische_Rett_2014-03-23_1200_531608.mp4

2014-04-03 20:29 - 2014-04-03 20:56 - 2014585110 _____ () C:\Users\frank\Downloads\Die_Fremde_in_dir_2014-03-19_2220_531608.mp4

2014-04-03 20:29 - 2014-04-03 20:47 - 1485590699 _____ () C:\Users\frank\Downloads\An_ihrer_Seite_2014-03-18_2315_531608.mp4

2014-04-03 20:28 - 2014-04-03 20:57 - 2135299165 _____ () C:\Users\frank\Downloads\Die_Hebamme_2014-03-25_2015_531608.mp4

2014-04-03 20:23 - 2014-04-03 20:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-04-03 19:41 - 2014-04-03 20:00 - 1481784666 _____ () C:\Users\frank\Downloads\Monster_House_2014-03-16_1205_531608.mp4

2014-04-03 19:41 - 2014-04-03 19:57 - 1241504555 _____ () C:\Users\frank\Downloads\Pocahontas_2014-03-14_2015_531608.mp4

2014-03-23 12:10 - 2014-03-23 12:27 - 1420533721 _____ () C:\Users\frank\Downloads\Alvin_und_die_Chipmunks_2_2014-03-09_1145_531608.mp4

2014-03-23 11:13 - 2014-03-23 11:43 - 1881727650 _____ () C:\Users\frank\Downloads\Prince_of_Persia_Der_Sand_der_Zeit_2014-03-07_2015_531608.mp4

2014-03-22 21:23 - 2014-03-22 21:23 - 00000216 _____ () C:\Users\frank\Desktop\DiskStation.URL

2014-03-22 14:37 - 2014-03-22 14:37 - 00001757 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-03-22 14:36 - 2014-03-22 14:37 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2014-03-22 14:36 - 2014-03-22 14:37 - 00000000 ____D () C:\Program Files\iTunes

2014-03-22 14:36 - 2014-03-22 14:36 - 00000000 ____D () C:\Program Files\iPod

2014-03-22 13:44 - 2014-03-22 14:11 - 1753724271 _____ () C:\Users\frank\Downloads\I_Robot_2014-03-06_2015_531608.mp4

2014-03-22 13:44 - 2014-03-22 14:01 - 1675981722 _____ () C:\Users\frank\Downloads\Little_Miss_Sunshine_2014-03-04_2015_531608.mp4

2014-03-22 12:53 - 2014-03-22 13:16 - 1547600962 _____ () C:\Users\frank\Downloads\Rocky_V_2014-02-24_0000_531608.mp4

2014-03-22 10:46 - 2014-03-22 11:09 - 1571555112 _____ () C:\Users\frank\Downloads\Dennis_2014-03-01_1210_531608.mp4

2014-03-22 10:46 - 2014-03-22 11:08 - 1545546072 _____ () C:\Users\frank\Downloads\Auf_der_anderen_Seite_2014-02-28_2015_531608.mp4

2014-03-22 10:46 - 2014-03-22 11:07 - 1689451317 _____ () C:\Users\frank\Downloads\I_am_Legend_2014-03-02_2240_531608.mp4

2014-03-22 10:46 - 2014-03-22 11:07 - 1290050486 _____ () C:\Users\frank\Downloads\Herr_Figo_auf_der_Suche_nach_dem_verlore_2014-02-28_1930_531608.mp4

2014-03-15 00:25 - 2014-03-15 00:32 - 00008284 _____ () C:\Windows\system32\eps_icon.avi
 

==================== One Month Modified Files and Folders =======
 

2014-04-13 14:54 - 2014-04-13 14:53 - 00014857 _____ () C:\Users\frank\Downloads\FRST.txt

2014-04-13 14:53 - 2014-04-13 14:53 - 00000000 ____D () C:\FRST

2014-04-13 14:22 - 2011-03-21 21:08 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-13 14:19 - 2012-04-30 23:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-04-13 14:11 - 2011-02-05 08:01 - 01754177 _____ () C:\Windows\WindowsUpdate.log

2014-04-13 14:00 - 2009-07-14 06:34 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-13 14:00 - 2009-07-14 06:34 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-13 13:53 - 2011-03-21 21:08 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-13 13:53 - 2011-03-13 21:29 - 00000000 ____D () C:\Users\frank\Tracing

2014-04-13 13:53 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-13 13:53 - 2009-07-14 06:39 - 00105504 _____ () C:\Windows\setupact.log

2014-04-12 21:57 - 2014-04-12 21:32 - 1866796298 _____ () C:\Users\frank\Downloads\Knight_and_Day_2014-04-11_2015_531608.mp4

2014-04-12 21:52 - 2014-04-12 21:32 - 1821480924 _____ () C:\Users\frank\Downloads\Die_Fremde_in_dir_2014-04-12_0050_531608.mp4

2014-04-12 21:46 - 2014-04-12 21:46 - 00010438 _____ () C:\Users\frank\Desktop\mbam.txt

2014-04-12 21:43 - 2014-04-08 23:57 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-12 21:37 - 2014-04-12 21:37 - 00380416 _____ () C:\Users\frank\Downloads\yjilwuw7.exe

2014-04-12 21:37 - 2014-04-12 21:36 - 01145856 _____ (Farbar) C:\Users\frank\Downloads\FRST.exe

2014-04-12 21:36 - 2014-04-12 21:35 - 00050477 _____ () C:\Users\frank\Downloads\Defogger.exe

2014-04-12 20:58 - 2011-02-05 12:18 - 00000000 ____D () C:\Users\frank\AppData\Roaming\Skype

2014-04-11 00:19 - 2014-04-10 21:58 - 1791525191 _____ () C:\Users\frank\Downloads\Black_Swan_2014-04-06_2225_531608.mp4

2014-04-11 00:19 - 2014-04-10 21:58 - 1628904034 _____ () C:\Users\frank\Downloads\From_Dusk_Till_Dawn_2014-04-05_2300_531608.mp4

2014-04-11 00:18 - 2014-04-10 21:58 - 1751121311 _____ () C:\Users\frank\Downloads\X_Men_Der_letzte_Widerstand_2014-04-04_2015_531608.mp4

2014-04-11 00:15 - 2014-04-10 21:58 - 1477338610 _____ () C:\Users\frank\Downloads\Flightplan_Ohne_jede_Spur_2014-03-26_2015_531608.mp4

2014-04-11 00:10 - 2014-04-10 21:58 - 1476713986 _____ () C:\Users\frank\Downloads\Dream_House_2014-04-05_2015_531608.mp4

2014-04-11 00:07 - 2014-04-10 21:58 - 1295836075 _____ () C:\Users\frank\Downloads\Jagdfieber_3_2014-04-06_1150_531608.mp4

2014-04-11 00:06 - 2014-04-10 21:58 - 1412191860 _____ () C:\Users\frank\Downloads\Triff_die_Robinsons_2014-04-05_2015_531608.mp4

2014-04-10 17:48 - 2014-04-10 17:16 - 2444856222 _____ () C:\Users\frank\Downloads\Pirates_of_the_Caribbean_Fluch_der_Kar_2014-04-05_2015_531608.mp4

2014-04-10 17:47 - 2014-04-10 17:16 - 2138667568 _____ () C:\Users\frank\Downloads\Spider_Man_2_2014-03-31_2015_531608.mp4

2014-04-10 17:46 - 2014-04-10 17:16 - 2311963124 _____ () C:\Users\frank\Downloads\Fluch_der_Karibik_2014-03-29_2015_531608.mp4

2014-04-10 17:34 - 2014-04-10 17:16 - 1489497797 _____ () C:\Users\frank\Downloads\Spider_Man_2014-04-06_1520_531608.mp4

2014-04-09 22:04 - 2014-04-09 21:45 - 1652000589 _____ () C:\Users\frank\Downloads\Haben_Sie_das_von_den_Morgans_gehoert_2014-04-02_2015_531608.mp4

2014-04-09 22:01 - 2014-04-09 21:48 - 1412762013 _____ () C:\Users\frank\Downloads\Jagdfieber_2014-03-30_1335_531608.mp4

2014-04-09 21:17 - 2014-04-09 20:57 - 1681416386 _____ () C:\Users\frank\Downloads\Percy_Jackson_Diebe_im_Olymp_2014-03-23_1600_531608.mp4

2014-04-09 21:17 - 2014-04-09 20:56 - 1680793072 _____ () C:\Users\frank\Downloads\Das_Imperium_der_Woelfe_2014-03-22_2310_531608.mp4

2014-04-09 21:14 - 2014-04-09 20:56 - 1336478285 _____ () C:\Users\frank\Downloads\Underworld_Aufstand_der_Lykaner_2014-03-22_2225_531608.mp4

2014-04-09 00:46 - 2014-04-09 00:46 - 00000781 _____ () C:\Users\frank\Desktop\JRT.txt

2014-04-09 00:41 - 2014-04-09 00:41 - 00000000 ____D () C:\Windows\ERUNT

2014-04-09 00:39 - 2014-04-09 00:04 - 00000000 ____D () C:\AdwCleaner

2014-04-09 00:29 - 2011-03-17 22:52 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft

2014-04-09 00:24 - 2010-08-19 21:44 - 01500294 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-09 00:19 - 2010-08-20 10:20 - 00047430 _____ () C:\Windows\PFRO.log

2014-04-09 00:19 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\schemas

2014-04-09 00:05 - 2014-04-09 00:05 - 01016261 _____ (Thisisu) C:\Users\frank\Downloads\JRT_6.1.4.exe

2014-04-09 00:04 - 2014-04-09 00:04 - 01426178 _____ () C:\Users\frank\Downloads\adwcleaner3023.exe

2014-04-08 23:57 - 2014-04-08 23:57 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-08 23:57 - 2014-04-08 23:57 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-04-08 23:53 - 2014-04-08 23:53 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\frank\Downloads\mbam-setup-2.0.1.1004.exe

2014-04-08 23:36 - 2011-02-22 17:50 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-04-08 23:35 - 2013-08-14 22:08 - 00000000 ____D () C:\Windows\system32\MRT

2014-04-08 23:33 - 2010-08-20 18:48 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-04-08 23:30 - 2014-04-08 23:30 - 00001819 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk

2014-04-08 23:30 - 2014-04-08 23:29 - 00000000 ____D () C:\Program Files\QuickTime

2014-04-08 23:26 - 2014-04-08 23:25 - 41945432 _____ (Apple Inc.) C:\Users\frank\Downloads\QuickTimeInstaller.exe

2014-04-08 23:18 - 2011-02-10 22:20 - 00000000 ____D () C:\Users\frank\AppData\Local\Adobe

2014-04-08 23:17 - 2012-04-30 23:00 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-04-08 23:17 - 2011-07-26 21:34 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-04-08 23:15 - 2014-04-08 23:15 - 00001993 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk

2014-04-08 23:15 - 2011-07-25 21:17 - 00000000 ____D () C:\Program Files\Common Files\Adobe

2014-04-08 23:15 - 2010-08-20 11:30 - 00000000 ____D () C:\ProgramData\Adobe

2014-04-08 23:15 - 2010-08-20 11:29 - 00000000 ____D () C:\Program Files\Adobe

2014-04-08 23:00 - 2014-04-08 23:00 - 00240352 _____ () C:\Users\frank\Downloads\RemoveFakeAntivirus_1.97.exe

2014-04-08 22:41 - 2014-04-08 22:39 - 103920400 _____ (Microsoft Corporation) C:\Users\frank\Downloads\msert.exe

2014-04-08 20:48 - 2012-04-30 22:50 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-04-03 23:29 - 2011-07-25 20:53 - 00001912 _____ () C:\Windows\epplauncher.mif

2014-04-03 23:28 - 2011-07-25 20:53 - 00000000 ____D () C:\Program Files\Microsoft Security Client

2014-04-03 22:01 - 2014-04-03 21:44 - 1238022203 _____ () C:\Users\frank\Downloads\Fischen_Impossible_Eine_tierische_Rett_2014-03-23_1200_531608.mp4

2014-04-03 22:00 - 2014-04-03 21:45 - 1105103744 _____ () C:\Users\frank\Downloads\Pocahontas_II_Reise_in_eine_neue_Welt_2014-03-21_2015_531608.mp4

2014-04-03 20:57 - 2014-04-03 20:28 - 2135299165 _____ () C:\Users\frank\Downloads\Die_Hebamme_2014-03-25_2015_531608.mp4

2014-04-03 20:56 - 2014-04-03 20:29 - 2014585110 _____ () C:\Users\frank\Downloads\Die_Fremde_in_dir_2014-03-19_2220_531608.mp4

2014-04-03 20:47 - 2014-04-03 20:29 - 1485590699 _____ () C:\Users\frank\Downloads\An_ihrer_Seite_2014-03-18_2315_531608.mp4

2014-04-03 20:24 - 2014-04-03 20:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-04-03 20:00 - 2014-04-03 19:41 - 1481784666 _____ () C:\Users\frank\Downloads\Monster_House_2014-03-16_1205_531608.mp4

2014-04-03 19:57 - 2014-04-03 19:41 - 1241504555 _____ () C:\Users\frank\Downloads\Pocahontas_2014-03-14_2015_531608.mp4

2014-04-03 09:51 - 2014-04-08 23:57 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-03 09:51 - 2014-04-08 23:57 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-03 09:50 - 2014-04-08 23:57 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-03-23 22:29 - 2011-07-24 20:27 - 00000000 ____D () C:\Users\frank\AppData\Roaming\streamWriter

2014-03-23 12:27 - 2014-03-23 12:10 - 1420533721 _____ () C:\Users\frank\Downloads\Alvin_und_die_Chipmunks_2_2014-03-09_1145_531608.mp4

2014-03-23 11:43 - 2014-03-23 11:13 - 1881727650 _____ () C:\Users\frank\Downloads\Prince_of_Persia_Der_Sand_der_Zeit_2014-03-07_2015_531608.mp4

2014-03-22 21:23 - 2014-03-22 21:23 - 00000216 _____ () C:\Users\frank\Desktop\DiskStation.URL

2014-03-22 14:37 - 2014-03-22 14:37 - 00001757 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-03-22 14:37 - 2014-03-22 14:36 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2014-03-22 14:37 - 2014-03-22 14:36 - 00000000 ____D () C:\Program Files\iTunes

2014-03-22 14:36 - 2014-03-22 14:36 - 00000000 ____D () C:\Program Files\iPod

2014-03-22 14:36 - 2014-02-04 11:30 - 00000000 ____D () C:\Program Files\Common Files\Apple

2014-03-22 14:11 - 2014-03-22 13:44 - 1753724271 _____ () C:\Users\frank\Downloads\I_Robot_2014-03-06_2015_531608.mp4

2014-03-22 14:01 - 2014-03-22 13:44 - 1675981722 _____ () C:\Users\frank\Downloads\Little_Miss_Sunshine_2014-03-04_2015_531608.mp4

2014-03-22 13:31 - 2011-02-08 22:35 - 00000000 ____D () C:\Users\frank\Documents\Frank

2014-03-22 13:16 - 2014-03-22 12:53 - 1547600962 _____ () C:\Users\frank\Downloads\Rocky_V_2014-02-24_0000_531608.mp4

2014-03-22 11:09 - 2014-03-22 10:46 - 1571555112 _____ () C:\Users\frank\Downloads\Dennis_2014-03-01_1210_531608.mp4

2014-03-22 11:08 - 2014-03-22 10:46 - 1545546072 _____ () C:\Users\frank\Downloads\Auf_der_anderen_Seite_2014-02-28_2015_531608.mp4

2014-03-22 11:07 - 2014-03-22 10:46 - 1689451317 _____ () C:\Users\frank\Downloads\I_am_Legend_2014-03-02_2240_531608.mp4

2014-03-22 11:07 - 2014-03-22 10:46 - 1290050486 _____ () C:\Users\frank\Downloads\Herr_Figo_auf_der_Suche_nach_dem_verlore_2014-02-28_1930_531608.mp4

2014-03-15 21:23 - 2012-04-15 15:03 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH

2014-03-15 16:39 - 2010-08-26 16:16 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-03-15 00:34 - 2011-05-15 20:30 - 00000934 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk

2014-03-15 00:32 - 2014-03-15 00:25 - 00008284 _____ () C:\Windows\system32\eps_icon.avi

2014-03-15 00:32 - 2011-05-15 20:31 - 00000093 _____ () C:\Windows\EPSMTL32.TXT

2014-03-15 00:26 - 2011-05-15 20:31 - 00312555 _____ () C:\Windows\EPSTPLOG.BAK

2014-03-14 22:39 - 2014-03-04 20:29 - 00000000 ____D () C:\Program Files\Steuer 2013

2014-03-14 22:39 - 2012-04-15 15:07 - 00000714 _____ () C:\Windows\wiso.ini
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-04-09 20:06
 

==================== End Of Log ============================

--- --- ---

und noch die addition

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-04-2014 01

Ran by frank at 2014-04-13 14:54:43

Running from C:\Users\frank\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 

==================== Installed Programs ======================
 

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)

abylon KEYSAFE 7.3 (Adv. - Privatlizenz) (HKLM\...\abylonprotectionmanagersafe_is1) (Version: 7.3 - abylonsoft)

AC3Filter 1.63b (HKLM\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)

Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)

Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden

Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)

Adobe Digital Editions 3.0 (HKLM\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)

Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)

Any DVD Cloner Platinum 1.0.7 (HKLM\...\Any DVD Cloner Platinum_is1) (Version:  - any-dvd-cloner.com)

Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Ashampoo Burning Studio 2012 v10.0.15 (HKLM\...\Ashampoo Burning Studio 2012_is1) (Version: 10.0.15 - Ashampoo GmbH & Co. KG)

Ashampoo HDD Control 1.12 (HKLM\...\Ashampoo HDD Control_is1) (Version: 3.1.1 - Ashampoo GmbH & Co. KG)

Ashampoo Photo Commander 8 v.8.4.0 (HKLM\...\Ashampoo Photo Commander 8_is1) (Version: 8.4.0 - ashampoo GmbH & Co. KG)

Ashampoo Registry Cleaner v.1.00 (HKLM\...\Ashampoo Registry Cleaner_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)

Ashampoo Slideshow Studio Elements 2.0.1 (HKLM\...\Ashampoo Slideshow Studio Elements_is1) (Version: 2.0.1 - ashampoo GmbH & Co. KG)

Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)

CloneDVD2OEM (HKLM\...\CloneDVD2OEM) (Version:  - Elaborate Bytes)

CorelDRAW Essentials 4 - Content (Version: 4.0 - Corel Corporation) Hidden

CorelDRAW Essentials 4 - Draw (Version: 4.0 - Corel Corporation) Hidden

CorelDRAW Essentials 4 - Filters (Version: 4.0 - Corel Corporation) Hidden

CorelDRAW Essentials 4 - ICA (Version: 4.0 - Corel Corporation) Hidden

CorelDRAW Essentials 4 - IPM - No VBA (Version: 4.0 - Corel Corporation) Hidden

CorelDRAW Essentials 4 - Lang BR (Version: 4.0 - Corel Corporation) Hidden

CorelDRAW Essentials 4 - Lang DE (Version: 4.0 - Corel Corporation) Hidden

CorelDRAW Essentials 4 - Lang EN (Version: 4.0 - Corel Corporation) Hidden

CorelDRAW Essentials 4 - Lang ES (Version: 4.0 - Corel Corporation) Hidden

CorelDRAW Essentials 4 - Lang FR (Version: 4.0 - Corel Corporation) Hidden

CorelDRAW Essentials 4 - Lang IT (Version: 4.0 - Corel Corporation) Hidden

CorelDRAW Essentials 4 - Lang NL (Version: 4.0 - Uw bedrijfsnaam) Hidden

CorelDRAW Essentials 4 - PHOTO-PAINT (Version: 4.0 - Corel Corporation) Hidden

CorelDRAW Essentials 4 - Windows Shell Extension (HKLM\...\_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version:  - Corel Corporation)

CorelDRAW Essentials 4 - Windows Shell Extension (Version: 1.1 - Corel Corporation) Hidden

CorelDRAW Essentials 4 (HKLM\...\_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version:  - Corel Corporation)

CorelDRAW Essentials 4 (Version: 4.0 - Corel Corporation) Hidden

CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2602 - CyberLink Corp.)

CyberLink LabelPrint (Version: 2.5.2602 - CyberLink Corp.) Hidden

CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)

CyberLink Power2Go (Version: 6.1.3602c - CyberLink Corp.) Hidden

CyberLink PowerDVD Copy (HKLM\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)

CyberLink PowerDVD Copy (Version: 1.5.1306 - CyberLink Corp.) Hidden

CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2626 - CyberLink Corp.)

CyberLink YouCam (Version: 3.0.2626 - CyberLink Corp.) Hidden

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version:  - Microsoft)

DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.87 - DivX, LLC)

EPSON Copy Utility 3 (HKLM\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.2.0.0 - )

EPSON Easy Photo Print (HKLM\...\{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}) (Version: 1.2.3.0 - )

EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )

EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )

ESDX4000_4050_CX3900 (HKLM\...\ESDX4000_4050_CX3900) (Version:  - )

Free Studio version 2013 (HKLM\...\Free Studio_is1) (Version: 6.2.3.1219 - DVDVideoSoft Ltd.)

Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden

Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2141 - Intel Corporation)

Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)

Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)

InterActual Player (HKLM\...\InterActual Player) (Version:  - )

Internet-TV für Windows Media Center (HKLM\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)

iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)

Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)

Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden

KeePass Password Safe 2.15 (HKLM\...\KeePassPasswordSafe2_is1) (Version:  - Dominik Reichl)

Launch Manager V1.5.0.8 (HKLM\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.0.8 - Wistron Corp.)

Lexware Info Service (HKLM\...\{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}) (Version: 2.70.00.0081 - Haufe-Lexware GmbH & Co.KG)

Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)

MAXA Cookie Manager Pro 4.2 (HKLM\...\MAXA Cookie Manager_is1) (Version:  - MAXA)

Medion Home Cinema (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.1505 - CyberLink Corp.)

Medion Home Cinema (Version: 8.0.1505 - CyberLink Corp.) Hidden

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden

Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden

Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Klick-und-Los 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden

Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)

MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)

MusicBrainz Picard (HKLM\...\MusicBrainz Picard) (Version: 0.16 - MusicBrainz)

NAVIGON Fresh 3.3.1 (HKLM\...\NAVIGON Fresh) (Version: 3.3.1 - NAVIGON)

PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.1.0 - Frank Heindörfer, Philip Chinery)

PIF DESIGNER (HKLM\...\{B90450DF-E781-46FD-B1F1-0C86DA40E443}) (Version:  - )

PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)

Python 2.7.6 (HKLM\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E2}) (Version: 2.7.6150 - Python Software Foundation)

QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version:  - )

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6096 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30121 - Realtek Semiconductor Corp.)

REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0148 - REALTEK Semiconductor Corp.)

Secunia PSI (2.0.0.2001) (HKLM\...\Secunia PSI) (Version:  - )

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden

Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)

SopCast 3.4.0 (HKLM\...\SopCast) (Version: 3.4.0 - www.sopcast.com)

Steuer 2012 (HKLM\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH)

Steuer 2013 (HKLM\...\{05AEF487-8926-48A9-B5BA-9BED72BC6B1C}) (Version: 21.00.8480 - Buhl Data Service GmbH)

streamWriter (HKLM\...\streamWriter_is1) (Version:  - )

swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)

Synology Assistant (remove only) (HKLM\...\Synology Assistant) (Version:  - )

TeamViewer 7 (HKLM\...\TeamViewer 7) (Version: 7.0.13989 - TeamViewer)

TiltShift (HKLM\...\{6D80B6D8-C7FC-C635-B3D2-1DFE9BEE890D}) (Version: 1.60 - UNKNOWN)

Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version:  - )

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)

Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version:  - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)

VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden

Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden

Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)

Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden

Windows Live Fotogalerie (Version: 14.0.8117.416 - Microsoft Corporation) Hidden

Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden

Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden

Windows Live Movie Maker (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden

Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)

Windows Live Writer (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden

Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

Windows Media Center Add-in for Silverlight (HKLM\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)

Wondershare Photo Collage Studio 4.2.9.2 (HKLM\...\Wondershare Photo Collage Studio_is1) (Version: 4.2.9.2 - Wondershare Software Co.,Ltd.)

X10 Hardware(TM) (HKLM\...\X10Hardware) (Version:  - )

Zoner Photo Studio 12 (HKLM\...\ZonerPhotoStudio12_DE_is1) (Version: 12.0.1.10 - ZONER software)
 

==================== Restore Points  =========================
 

12-04-2014 05:56:22 Windows Update
 

==================== Hosts content: ==========================
 

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {24342BAE-E48F-4F96-96D4-81D166FD127D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-21] (Google Inc.)

Task: {6EEC016D-402A-4FF4-A905-4565645F17F7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {75169C46-9EFB-4D68-892F-C761A8C0543D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {8D17F9AC-1C18-4BD6-A269-0A13580A0E28} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-08] (Adobe Systems Incorporated)

Task: {94706F9A-006D-415E-A7C2-9608F2213F3D} - System32\Tasks\{27DC5BCA-FF93-41C5-914E-9BED96853C2C} => C:\Program Files\iTunes\iTunes.exe [2014-02-21] (Apple Inc.)

Task: {95908C98-6B06-4754-AA1F-4F9E36783AAA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-21] (Google Inc.)

Task: {A78D9909-8657-41D8-9988-3ADB1D3BE407} - System32\Tasks\{FD541F70-E03B-4DEA-8207-652E695D2CB8} => Firefox.exe hxxp://ui.skype.com/ui/0/5.3.0.120/en/abandoninstall?page=tsChrome&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-installed;madedefault

Task: {DD250A89-E5D1-444E-85BB-3B4D3EDAE806} - System32\Tasks\{B1404C7B-1EAB-4354-A15B-1DE91E57BCF6} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2011-03-17 22:48 - 2001-10-28 17:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll

2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2013-04-30 05:47 - 2013-04-30 05:47 - 00248704 _____ () C:\Program Files\Synology\Assistant\UsbClientService.exe

2009-11-02 23:20 - 2009-11-02 23:20 - 00619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll

2009-11-02 23:23 - 2009-11-02 23:23 - 00013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll

2013-09-11 05:08 - 2013-09-11 05:08 - 01392640 _____ () C:\Program Files\DivX\DivX Media Server\DivXDLNATranscoder.dll

2013-08-29 02:23 - 2013-08-29 02:23 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe

2013-08-29 02:25 - 2013-08-29 02:25 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll

2011-07-25 22:03 - 2007-04-28 23:49 - 00194560 _____ () C:\Program Files\MAXA Cookie Manager\sqlite3_engine.dll

2014-04-03 20:23 - 2014-04-03 20:24 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

2013-02-07 00:19 - 2013-02-07 00:19 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\d89f0252d910d617de1de783a812f840\IsdiInterop.ni.dll

2010-08-19 22:24 - 2010-03-04 05:08 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

AlternateDataStreams: C:\ProgramData\Temp:B946D9EE
 

==================== Safe Mode (whitelisted) ===================
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
 

==================== Disabled items from MSCONFIG ==============
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================
 

System errors:

=============

Error: (04/10/2014 06:42:41 PM) (Source: volsnap) (User: )

Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 

Microsoft Office Sessions:

=========================
 

CodeIntegrity Errors:

===================================

  Date: 2011-06-04 15:11:32.663

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00088_004\midas32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2011-06-02 22:04:11.603

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00088_004\midas32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2011-06-02 21:29:14.218

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00088_004\midas32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2011-06-01 22:16:19.914

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00088_004\midas32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2011-06-01 21:56:28.323

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00088_004\midas32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2011-06-01 21:47:21.385

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00088_004\midas32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2011-05-29 10:21:34.810

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00088_004\midas32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2011-05-26 20:44:31.859

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00088_004\midas32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2011-05-26 15:44:44.411

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00088_004\midas32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2011-05-25 21:54:42.575

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00088_004\midas32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 45%

Total physical RAM: 2934.6 MB

Available physical RAM: 1602.44 MB

Total Pagefile: 5867.48 MB

Available Pagefile: 4204.51 MB

Total Virtual: 2047.88 MB

Available Virtual: 1883.46 MB
 

==================== Drives ================================
 

Drive c: (Boot) (Fixed) (Total:256.99 GB) (Free:52.99 GB) NTFS

Drive d: (Recover) (Fixed) (Total:40 GB) (Free:18.68 GB) NTFS

Drive f: () (Removable) (Total:0.95 GB) (Free:0.78 GB) FAT
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 298 GB) (Disk ID: 7922D90F)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=257 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
 

========================================================

Disk: 1 (Size: 972 MB) (Disk ID: 00000000)
 

Partition: GPT Partition Type.
 

==================== End Of Log ============================

Ok, da sind sie.

adwCleaner

Code:

# AdwCleaner v3.023 - Bericht erstellt am 13/04/2014 um 16:19:02

# Aktualisiert 01/04/2014 von Xplode

# Betriebssystem : Windows 7 Home Premium  (32 bits)

# Benutzername : frank - FRANK-PC

# Gestartet von : C:\Users\frank\Downloads\adwcleaner.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 
 

***** [ Browser ] *****
 

-\\ Internet Explorer v8.0.7600.17267
 
 

-\\ Mozilla Firefox v28.0 (de)
 

[ Datei : C:\Users\frank\AppData\Roaming\Mozilla\Firefox\Profiles\5qwtjodz.default\prefs.js ]
 
 

*************************
 

AdwCleaner[R0].txt - [43640 octets] - [09/04/2014 00:23:34]

AdwCleaner[R1].txt - [42502 octets] - [09/04/2014 00:30:33]

AdwCleaner[R2].txt - [1037 octets] - [09/04/2014 00:38:56]

AdwCleaner[R3].txt - [1094 octets] - [13/04/2014 16:17:41]

AdwCleaner[S0].txt - [1377 octets] - [09/04/2014 00:29:07]

AdwCleaner[S1].txt - [42564 octets] - [09/04/2014 00:34:32]

AdwCleaner[S2].txt - [1016 octets] - [13/04/2014 16:19:02]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1076 octets] ##########

JRT

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.3 (03.23.2014:1)

OS: Windows 7 Home Premium x86

Ran by frank on 13.04.2014 at 16:26:51,06

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\frank\AppData\Roaming\mozilla\firefox\profiles\5qwtjodz.default\minidumps [1 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 13.04.2014 at 16:28:50,05

Computer was rebooted

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

und das neue frst

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-04-2014 01

Ran by frank (administrator) on FRANK-PC on 13-04-2014 16:37:30

Running from C:\Users\frank\Downloads

Microsoft Windows 7 Home Premium  (X86) OS Language: German Standard

Internet Explorer Version 8

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe

(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

() C:\Program Files\Synology\Assistant\UsbClientService.exe

(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe

(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\tv_w32.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe

(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe

(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe

(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe

(Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

(CyberLink Corp.) C:\Program Files\CyberLink\YouCam\YouCamTray.exe

(Haufe-Lexware GmbH & Co. KG) C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(DivX, LLC) C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe

() C:\Program Files\DivX\DivX Update\DivXUpdate.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(MAXA Research Int'l Inc.) C:\Program Files\MAXA Cookie Manager\Cookie.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

(Secunia) C:\Program Files\Secunia\PSI\sua.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Farbar) C:\Users\frank\Downloads\FRST(1).exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-05-10] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1423904 2010-05-10] (Realtek Semiconductor)

HKLM\...\Run: [HotkeyApp] - C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)

HKLM\...\Run: [LMgrVolOSD] - C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-12] (Wistron Corp.)

HKLM\...\Run: [LMgrOSD] - "C:\Program Files\Launch Manager\OSDCtrl.exe"

HKLM\...\Run: [Wbutton] - C:\Program Files\Launch Manager\Wbutton.exe [413696 2010-01-13] (Wistron Corp.)

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2010-05-10] (Synaptics Incorporated)

HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)

HKLM\...\Run: [YouCam Mirror Tray icon] - C:\Program Files\CyberLink\YouCam\YouCamTray.exe [171104 2010-03-03] (CyberLink Corp.)

HKLM\...\Run: [LexwareInfoService] - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [339312 2010-09-15] (Haufe-Lexware GmbH & Co. KG)

HKLM\...\Run: [Ashampoo HDD Control Guard] - C:\Program Files\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe [4085080 2011-01-28] (Ashampoo Development GmbH & Co. KG)

HKLM\...\Run: [KeePass 2 PreLoad] - C:\Program Files\KeePass Password Safe 2\KeePass.exe [1733120 2011-04-10] (Dominik Reichl)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)

HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-11] (DivX, LLC)

HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKU\.DEFAULT\...\RunOnce: [{90140000-003D-0000-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H

HKU\S-1-5-21-4089588110-1686190585-82104207-1000\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)

HKU\S-1-5-21-4089588110-1686190585-82104207-1000\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

HKU\S-1-5-21-4089588110-1686190585-82104207-1000\...\Run: [MSCS] - C:\Program Files\MAXA Cookie Manager\Cookie.exe [1036288 2011-01-29] (MAXA Research Int'l Inc.)

HKU\S-1-5-21-4089588110-1686190585-82104207-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)

HKU\S-1-5-21-4089588110-1686190585-82104207-1000\...\MountPoints2: {4ba2377e-e6cb-11df-8b97-806e6f6e6963} - E:\_SETIMG\EPSSWT.EXE /NODISP:"ALL" /NOWIZ:"..\EPSETUP.EXE" /ST:"3500,WIN98,WINME"

Startup: C:\Users\frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://medion.msn.com

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.medion.com

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.medion.com

SearchScopes: HKLM - DefaultScope value is missing.

BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\frank\AppData\Roaming\Mozilla\Firefox\Profiles\5qwtjodz.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File

FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File

FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Dr.Web Anti-Virus Link Checker - C:\Users\frank\AppData\Roaming\Mozilla\Firefox\Profiles\5qwtjodz.default\Extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5} [2013-10-22]

FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\frank\AppData\Roaming\Mozilla\Firefox\Profiles\5qwtjodz.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-25]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-04-03]
 

========================== Services (Whitelisted) =================
 

S3 DfSdkS; C:\Program Files\Ashampoo\Ashampoo HDD Control\Dfsdks.exe [406016 2009-08-24] (mst software GmbH, Germany)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)

R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [988216 2011-01-05] (Secunia)

R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-01-05] (Secunia)

R2 UsbClientService; C:\Program Files\Synology\Assistant\UsbClientService.exe [248704 2013-04-30] ()

R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)

R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10)

S2 ADExchange; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [X]
 

==================== Drivers (Whitelisted) ====================
 

R3 busenum; C:\Windows\System32\DRIVERS\busenum.sys [45792 2012-08-03] (Windows (R) Win 7 DDK provider)

R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)

S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [786400 2010-05-10] (DiBcom SA)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)

R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)

R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)

R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)

S3 FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-04-13 16:35 - 2014-04-13 16:37 - 01145856 _____ (Farbar) C:\Users\frank\Downloads\FRST(1).exe

2014-04-13 16:28 - 2014-04-13 16:28 - 00000779 _____ () C:\Users\frank\Desktop\JRT.txt

2014-04-13 16:23 - 2014-04-13 16:23 - 01016261 _____ (Thisisu) C:\Users\frank\Downloads\JRT.exe

2014-04-13 16:15 - 2014-04-13 16:15 - 01426178 _____ () C:\Users\frank\Downloads\adwcleaner.exe

2014-04-13 14:54 - 2014-04-13 14:55 - 00031368 _____ () C:\Users\frank\Downloads\Addition.txt

2014-04-13 14:53 - 2014-04-13 16:37 - 00014748 _____ () C:\Users\frank\Downloads\FRST.txt

2014-04-13 14:53 - 2014-04-13 16:37 - 00000000 ____D () C:\FRST

2014-04-12 21:46 - 2014-04-12 21:46 - 00010438 _____ () C:\Users\frank\Desktop\mbam.txt

2014-04-12 21:37 - 2014-04-12 21:37 - 00380416 _____ () C:\Users\frank\Downloads\yjilwuw7.exe

2014-04-12 21:36 - 2014-04-12 21:37 - 01145856 _____ (Farbar) C:\Users\frank\Downloads\FRST.exe

2014-04-12 21:35 - 2014-04-12 21:36 - 00050477 _____ () C:\Users\frank\Downloads\Defogger.exe

2014-04-12 21:32 - 2014-04-12 21:57 - 1866796298 _____ () C:\Users\frank\Downloads\Knight_and_Day_2014-04-11_2015_531608.mp4

2014-04-12 21:32 - 2014-04-12 21:52 - 1821480924 _____ () C:\Users\frank\Downloads\Die_Fremde_in_dir_2014-04-12_0050_531608.mp4

2014-04-10 21:58 - 2014-04-11 00:19 - 1791525191 _____ () C:\Users\frank\Downloads\Black_Swan_2014-04-06_2225_531608.mp4

2014-04-10 21:58 - 2014-04-11 00:19 - 1628904034 _____ () C:\Users\frank\Downloads\From_Dusk_Till_Dawn_2014-04-05_2300_531608.mp4

2014-04-10 21:58 - 2014-04-11 00:18 - 1751121311 _____ () C:\Users\frank\Downloads\X_Men_Der_letzte_Widerstand_2014-04-04_2015_531608.mp4

2014-04-10 21:58 - 2014-04-11 00:15 - 1477338610 _____ () C:\Users\frank\Downloads\Flightplan_Ohne_jede_Spur_2014-03-26_2015_531608.mp4

2014-04-10 21:58 - 2014-04-11 00:10 - 1476713986 _____ () C:\Users\frank\Downloads\Dream_House_2014-04-05_2015_531608.mp4

2014-04-10 21:58 - 2014-04-11 00:07 - 1295836075 _____ () C:\Users\frank\Downloads\Jagdfieber_3_2014-04-06_1150_531608.mp4

2014-04-10 21:58 - 2014-04-11 00:06 - 1412191860 _____ () C:\Users\frank\Downloads\Triff_die_Robinsons_2014-04-05_2015_531608.mp4

2014-04-10 17:16 - 2014-04-10 17:48 - 2444856222 _____ () C:\Users\frank\Downloads\Pirates_of_the_Caribbean_Fluch_der_Kar_2014-04-05_2015_531608.mp4

2014-04-10 17:16 - 2014-04-10 17:47 - 2138667568 _____ () C:\Users\frank\Downloads\Spider_Man_2_2014-03-31_2015_531608.mp4

2014-04-10 17:16 - 2014-04-10 17:46 - 2311963124 _____ () C:\Users\frank\Downloads\Fluch_der_Karibik_2014-03-29_2015_531608.mp4

2014-04-10 17:16 - 2014-04-10 17:34 - 1489497797 _____ () C:\Users\frank\Downloads\Spider_Man_2014-04-06_1520_531608.mp4

2014-04-09 21:48 - 2014-04-09 22:01 - 1412762013 _____ () C:\Users\frank\Downloads\Jagdfieber_2014-03-30_1335_531608.mp4

2014-04-09 21:45 - 2014-04-09 22:04 - 1652000589 _____ () C:\Users\frank\Downloads\Haben_Sie_das_von_den_Morgans_gehoert_2014-04-02_2015_531608.mp4

2014-04-09 20:57 - 2014-04-09 21:17 - 1681416386 _____ () C:\Users\frank\Downloads\Percy_Jackson_Diebe_im_Olymp_2014-03-23_1600_531608.mp4

2014-04-09 20:56 - 2014-04-09 21:17 - 1680793072 _____ () C:\Users\frank\Downloads\Das_Imperium_der_Woelfe_2014-03-22_2310_531608.mp4

2014-04-09 20:56 - 2014-04-09 21:14 - 1336478285 _____ () C:\Users\frank\Downloads\Underworld_Aufstand_der_Lykaner_2014-03-22_2225_531608.mp4

2014-04-09 00:41 - 2014-04-09 00:41 - 00000000 ____D () C:\Windows\ERUNT

2014-04-09 00:05 - 2014-04-09 00:05 - 01016261 _____ (Thisisu) C:\Users\frank\Downloads\JRT_6.1.4.exe

2014-04-09 00:04 - 2014-04-13 16:19 - 00000000 ____D () C:\AdwCleaner

2014-04-09 00:04 - 2014-04-09 00:04 - 01426178 _____ () C:\Users\frank\Downloads\adwcleaner3023.exe

2014-04-08 23:57 - 2014-04-12 21:43 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-08 23:57 - 2014-04-08 23:57 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-08 23:57 - 2014-04-08 23:57 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-04-08 23:57 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-08 23:57 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-08 23:57 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-08 23:53 - 2014-04-08 23:53 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\frank\Downloads\mbam-setup-2.0.1.1004.exe

2014-04-08 23:30 - 2014-04-08 23:30 - 00001819 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk

2014-04-08 23:29 - 2014-04-08 23:30 - 00000000 ____D () C:\Program Files\QuickTime

2014-04-08 23:25 - 2014-04-08 23:26 - 41945432 _____ (Apple Inc.) C:\Users\frank\Downloads\QuickTimeInstaller.exe

2014-04-08 23:15 - 2014-04-08 23:15 - 00001993 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk

2014-04-08 23:00 - 2014-04-08 23:00 - 00240352 _____ () C:\Users\frank\Downloads\RemoveFakeAntivirus_1.97.exe

2014-04-08 22:39 - 2014-04-08 22:41 - 103920400 _____ (Microsoft Corporation) C:\Users\frank\Downloads\msert.exe

2014-04-03 21:45 - 2014-04-03 22:00 - 1105103744 _____ () C:\Users\frank\Downloads\Pocahontas_II_Reise_in_eine_neue_Welt_2014-03-21_2015_531608.mp4

2014-04-03 21:44 - 2014-04-03 22:01 - 1238022203 _____ () C:\Users\frank\Downloads\Fischen_Impossible_Eine_tierische_Rett_2014-03-23_1200_531608.mp4

2014-04-03 20:29 - 2014-04-03 20:56 - 2014585110 _____ () C:\Users\frank\Downloads\Die_Fremde_in_dir_2014-03-19_2220_531608.mp4

2014-04-03 20:29 - 2014-04-03 20:47 - 1485590699 _____ () C:\Users\frank\Downloads\An_ihrer_Seite_2014-03-18_2315_531608.mp4

2014-04-03 20:28 - 2014-04-03 20:57 - 2135299165 _____ () C:\Users\frank\Downloads\Die_Hebamme_2014-03-25_2015_531608.mp4

2014-04-03 20:23 - 2014-04-03 20:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-04-03 19:41 - 2014-04-03 20:00 - 1481784666 _____ () C:\Users\frank\Downloads\Monster_House_2014-03-16_1205_531608.mp4

2014-04-03 19:41 - 2014-04-03 19:57 - 1241504555 _____ () C:\Users\frank\Downloads\Pocahontas_2014-03-14_2015_531608.mp4

2014-03-23 12:10 - 2014-03-23 12:27 - 1420533721 _____ () C:\Users\frank\Downloads\Alvin_und_die_Chipmunks_2_2014-03-09_1145_531608.mp4

2014-03-23 11:13 - 2014-03-23 11:43 - 1881727650 _____ () C:\Users\frank\Downloads\Prince_of_Persia_Der_Sand_der_Zeit_2014-03-07_2015_531608.mp4

2014-03-22 21:23 - 2014-03-22 21:23 - 00000216 _____ () C:\Users\frank\Desktop\DiskStation.URL

2014-03-22 14:37 - 2014-03-22 14:37 - 00001757 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-03-22 14:36 - 2014-03-22 14:37 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2014-03-22 14:36 - 2014-03-22 14:37 - 00000000 ____D () C:\Program Files\iTunes

2014-03-22 14:36 - 2014-03-22 14:36 - 00000000 ____D () C:\Program Files\iPod

2014-03-22 13:44 - 2014-03-22 14:11 - 1753724271 _____ () C:\Users\frank\Downloads\I_Robot_2014-03-06_2015_531608.mp4

2014-03-22 13:44 - 2014-03-22 14:01 - 1675981722 _____ () C:\Users\frank\Downloads\Little_Miss_Sunshine_2014-03-04_2015_531608.mp4

2014-03-22 12:53 - 2014-03-22 13:16 - 1547600962 _____ () C:\Users\frank\Downloads\Rocky_V_2014-02-24_0000_531608.mp4

2014-03-22 10:46 - 2014-03-22 11:09 - 1571555112 _____ () C:\Users\frank\Downloads\Dennis_2014-03-01_1210_531608.mp4

2014-03-22 10:46 - 2014-03-22 11:08 - 1545546072 _____ () C:\Users\frank\Downloads\Auf_der_anderen_Seite_2014-02-28_2015_531608.mp4

2014-03-22 10:46 - 2014-03-22 11:07 - 1689451317 _____ () C:\Users\frank\Downloads\I_am_Legend_2014-03-02_2240_531608.mp4

2014-03-22 10:46 - 2014-03-22 11:07 - 1290050486 _____ () C:\Users\frank\Downloads\Herr_Figo_auf_der_Suche_nach_dem_verlore_2014-02-28_1930_531608.mp4

2014-03-15 00:25 - 2014-03-15 00:32 - 00008284 _____ () C:\Windows\system32\eps_icon.avi
 

==================== One Month Modified Files and Folders =======
 

2014-04-13 16:38 - 2014-04-13 14:53 - 00014748 _____ () C:\Users\frank\Downloads\FRST.txt

2014-04-13 16:37 - 2014-04-13 16:35 - 01145856 _____ (Farbar) C:\Users\frank\Downloads\FRST(1).exe

2014-04-13 16:37 - 2014-04-13 14:53 - 00000000 ____D () C:\FRST

2014-04-13 16:33 - 2009-07-14 06:34 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-13 16:33 - 2009-07-14 06:34 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-13 16:29 - 2011-02-05 08:01 - 01763310 _____ () C:\Windows\WindowsUpdate.log

2014-04-13 16:28 - 2014-04-13 16:28 - 00000779 _____ () C:\Users\frank\Desktop\JRT.txt

2014-04-13 16:26 - 2011-03-21 21:08 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-13 16:26 - 2011-03-13 21:29 - 00000000 ____D () C:\Users\frank\Tracing

2014-04-13 16:26 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-13 16:26 - 2009-07-14 06:39 - 00105616 _____ () C:\Windows\setupact.log

2014-04-13 16:23 - 2014-04-13 16:23 - 01016261 _____ (Thisisu) C:\Users\frank\Downloads\JRT.exe

2014-04-13 16:22 - 2011-03-21 21:08 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-13 16:21 - 2011-02-05 12:18 - 00000000 ____D () C:\Users\frank\AppData\Roaming\Skype

2014-04-13 16:19 - 2014-04-09 00:04 - 00000000 ____D () C:\AdwCleaner

2014-04-13 16:19 - 2012-04-30 23:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-04-13 16:15 - 2014-04-13 16:15 - 01426178 _____ () C:\Users\frank\Downloads\adwcleaner.exe

2014-04-13 14:55 - 2014-04-13 14:54 - 00031368 _____ () C:\Users\frank\Downloads\Addition.txt

2014-04-12 21:57 - 2014-04-12 21:32 - 1866796298 _____ () C:\Users\frank\Downloads\Knight_and_Day_2014-04-11_2015_531608.mp4

2014-04-12 21:52 - 2014-04-12 21:32 - 1821480924 _____ () C:\Users\frank\Downloads\Die_Fremde_in_dir_2014-04-12_0050_531608.mp4

2014-04-12 21:46 - 2014-04-12 21:46 - 00010438 _____ () C:\Users\frank\Desktop\mbam.txt

2014-04-12 21:43 - 2014-04-08 23:57 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-12 21:37 - 2014-04-12 21:37 - 00380416 _____ () C:\Users\frank\Downloads\yjilwuw7.exe

2014-04-12 21:37 - 2014-04-12 21:36 - 01145856 _____ (Farbar) C:\Users\frank\Downloads\FRST.exe

2014-04-12 21:36 - 2014-04-12 21:35 - 00050477 _____ () C:\Users\frank\Downloads\Defogger.exe

2014-04-11 00:19 - 2014-04-10 21:58 - 1791525191 _____ () C:\Users\frank\Downloads\Black_Swan_2014-04-06_2225_531608.mp4

2014-04-11 00:19 - 2014-04-10 21:58 - 1628904034 _____ () C:\Users\frank\Downloads\From_Dusk_Till_Dawn_2014-04-05_2300_531608.mp4

2014-04-11 00:18 - 2014-04-10 21:58 - 1751121311 _____ () C:\Users\frank\Downloads\X_Men_Der_letzte_Widerstand_2014-04-04_2015_531608.mp4

2014-04-11 00:15 - 2014-04-10 21:58 - 1477338610 _____ () C:\Users\frank\Downloads\Flightplan_Ohne_jede_Spur_2014-03-26_2015_531608.mp4

2014-04-11 00:10 - 2014-04-10 21:58 - 1476713986 _____ () C:\Users\frank\Downloads\Dream_House_2014-04-05_2015_531608.mp4

2014-04-11 00:07 - 2014-04-10 21:58 - 1295836075 _____ () C:\Users\frank\Downloads\Jagdfieber_3_2014-04-06_1150_531608.mp4

2014-04-11 00:06 - 2014-04-10 21:58 - 1412191860 _____ () C:\Users\frank\Downloads\Triff_die_Robinsons_2014-04-05_2015_531608.mp4

2014-04-10 17:48 - 2014-04-10 17:16 - 2444856222 _____ () C:\Users\frank\Downloads\Pirates_of_the_Caribbean_Fluch_der_Kar_2014-04-05_2015_531608.mp4

2014-04-10 17:47 - 2014-04-10 17:16 - 2138667568 _____ () C:\Users\frank\Downloads\Spider_Man_2_2014-03-31_2015_531608.mp4

2014-04-10 17:46 - 2014-04-10 17:16 - 2311963124 _____ () C:\Users\frank\Downloads\Fluch_der_Karibik_2014-03-29_2015_531608.mp4

2014-04-10 17:34 - 2014-04-10 17:16 - 1489497797 _____ () C:\Users\frank\Downloads\Spider_Man_2014-04-06_1520_531608.mp4

2014-04-09 22:04 - 2014-04-09 21:45 - 1652000589 _____ () C:\Users\frank\Downloads\Haben_Sie_das_von_den_Morgans_gehoert_2014-04-02_2015_531608.mp4

2014-04-09 22:01 - 2014-04-09 21:48 - 1412762013 _____ () C:\Users\frank\Downloads\Jagdfieber_2014-03-30_1335_531608.mp4

2014-04-09 21:17 - 2014-04-09 20:57 - 1681416386 _____ () C:\Users\frank\Downloads\Percy_Jackson_Diebe_im_Olymp_2014-03-23_1600_531608.mp4

2014-04-09 21:17 - 2014-04-09 20:56 - 1680793072 _____ () C:\Users\frank\Downloads\Das_Imperium_der_Woelfe_2014-03-22_2310_531608.mp4

2014-04-09 21:14 - 2014-04-09 20:56 - 1336478285 _____ () C:\Users\frank\Downloads\Underworld_Aufstand_der_Lykaner_2014-03-22_2225_531608.mp4

2014-04-09 00:41 - 2014-04-09 00:41 - 00000000 ____D () C:\Windows\ERUNT

2014-04-09 00:29 - 2011-03-17 22:52 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft

2014-04-09 00:24 - 2010-08-19 21:44 - 01500294 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-09 00:19 - 2010-08-20 10:20 - 00047430 _____ () C:\Windows\PFRO.log

2014-04-09 00:19 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\schemas

2014-04-09 00:05 - 2014-04-09 00:05 - 01016261 _____ (Thisisu) C:\Users\frank\Downloads\JRT_6.1.4.exe

2014-04-09 00:04 - 2014-04-09 00:04 - 01426178 _____ () C:\Users\frank\Downloads\adwcleaner3023.exe

2014-04-08 23:57 - 2014-04-08 23:57 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-08 23:57 - 2014-04-08 23:57 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-04-08 23:53 - 2014-04-08 23:53 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\frank\Downloads\mbam-setup-2.0.1.1004.exe

2014-04-08 23:36 - 2011-02-22 17:50 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-04-08 23:35 - 2013-08-14 22:08 - 00000000 ____D () C:\Windows\system32\MRT

2014-04-08 23:33 - 2010-08-20 18:48 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-04-08 23:30 - 2014-04-08 23:30 - 00001819 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk

2014-04-08 23:30 - 2014-04-08 23:29 - 00000000 ____D () C:\Program Files\QuickTime

2014-04-08 23:26 - 2014-04-08 23:25 - 41945432 _____ (Apple Inc.) C:\Users\frank\Downloads\QuickTimeInstaller.exe

2014-04-08 23:18 - 2011-02-10 22:20 - 00000000 ____D () C:\Users\frank\AppData\Local\Adobe

2014-04-08 23:17 - 2012-04-30 23:00 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-04-08 23:17 - 2011-07-26 21:34 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-04-08 23:15 - 2014-04-08 23:15 - 00001993 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk

2014-04-08 23:15 - 2011-07-25 21:17 - 00000000 ____D () C:\Program Files\Common Files\Adobe

2014-04-08 23:15 - 2010-08-20 11:30 - 00000000 ____D () C:\ProgramData\Adobe

2014-04-08 23:15 - 2010-08-20 11:29 - 00000000 ____D () C:\Program Files\Adobe

2014-04-08 23:00 - 2014-04-08 23:00 - 00240352 _____ () C:\Users\frank\Downloads\RemoveFakeAntivirus_1.97.exe

2014-04-08 22:41 - 2014-04-08 22:39 - 103920400 _____ (Microsoft Corporation) C:\Users\frank\Downloads\msert.exe

2014-04-08 20:48 - 2012-04-30 22:50 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-04-03 23:29 - 2011-07-25 20:53 - 00001912 _____ () C:\Windows\epplauncher.mif

2014-04-03 23:28 - 2011-07-25 20:53 - 00000000 ____D () C:\Program Files\Microsoft Security Client

2014-04-03 22:01 - 2014-04-03 21:44 - 1238022203 _____ () C:\Users\frank\Downloads\Fischen_Impossible_Eine_tierische_Rett_2014-03-23_1200_531608.mp4

2014-04-03 22:00 - 2014-04-03 21:45 - 1105103744 _____ () C:\Users\frank\Downloads\Pocahontas_II_Reise_in_eine_neue_Welt_2014-03-21_2015_531608.mp4

2014-04-03 20:57 - 2014-04-03 20:28 - 2135299165 _____ () C:\Users\frank\Downloads\Die_Hebamme_2014-03-25_2015_531608.mp4

2014-04-03 20:56 - 2014-04-03 20:29 - 2014585110 _____ () C:\Users\frank\Downloads\Die_Fremde_in_dir_2014-03-19_2220_531608.mp4

2014-04-03 20:47 - 2014-04-03 20:29 - 1485590699 _____ () C:\Users\frank\Downloads\An_ihrer_Seite_2014-03-18_2315_531608.mp4

2014-04-03 20:24 - 2014-04-03 20:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-04-03 20:00 - 2014-04-03 19:41 - 1481784666 _____ () C:\Users\frank\Downloads\Monster_House_2014-03-16_1205_531608.mp4

2014-04-03 19:57 - 2014-04-03 19:41 - 1241504555 _____ () C:\Users\frank\Downloads\Pocahontas_2014-03-14_2015_531608.mp4

2014-04-03 09:51 - 2014-04-08 23:57 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-03 09:51 - 2014-04-08 23:57 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-03 09:50 - 2014-04-08 23:57 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-03-23 22:29 - 2011-07-24 20:27 - 00000000 ____D () C:\Users\frank\AppData\Roaming\streamWriter

2014-03-23 12:27 - 2014-03-23 12:10 - 1420533721 _____ () C:\Users\frank\Downloads\Alvin_und_die_Chipmunks_2_2014-03-09_1145_531608.mp4

2014-03-23 11:43 - 2014-03-23 11:13 - 1881727650 _____ () C:\Users\frank\Downloads\Prince_of_Persia_Der_Sand_der_Zeit_2014-03-07_2015_531608.mp4

2014-03-22 21:23 - 2014-03-22 21:23 - 00000216 _____ () C:\Users\frank\Desktop\DiskStation.URL

2014-03-22 14:37 - 2014-03-22 14:37 - 00001757 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-03-22 14:37 - 2014-03-22 14:36 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2014-03-22 14:37 - 2014-03-22 14:36 - 00000000 ____D () C:\Program Files\iTunes

2014-03-22 14:36 - 2014-03-22 14:36 - 00000000 ____D () C:\Program Files\iPod

2014-03-22 14:36 - 2014-02-04 11:30 - 00000000 ____D () C:\Program Files\Common Files\Apple

2014-03-22 14:11 - 2014-03-22 13:44 - 1753724271 _____ () C:\Users\frank\Downloads\I_Robot_2014-03-06_2015_531608.mp4

2014-03-22 14:01 - 2014-03-22 13:44 - 1675981722 _____ () C:\Users\frank\Downloads\Little_Miss_Sunshine_2014-03-04_2015_531608.mp4

2014-03-22 13:31 - 2011-02-08 22:35 - 00000000 ____D () C:\Users\frank\Documents\Frank

2014-03-22 13:16 - 2014-03-22 12:53 - 1547600962 _____ () C:\Users\frank\Downloads\Rocky_V_2014-02-24_0000_531608.mp4

2014-03-22 11:09 - 2014-03-22 10:46 - 1571555112 _____ () C:\Users\frank\Downloads\Dennis_2014-03-01_1210_531608.mp4

2014-03-22 11:08 - 2014-03-22 10:46 - 1545546072 _____ () C:\Users\frank\Downloads\Auf_der_anderen_Seite_2014-02-28_2015_531608.mp4

2014-03-22 11:07 - 2014-03-22 10:46 - 1689451317 _____ () C:\Users\frank\Downloads\I_am_Legend_2014-03-02_2240_531608.mp4

2014-03-22 11:07 - 2014-03-22 10:46 - 1290050486 _____ () C:\Users\frank\Downloads\Herr_Figo_auf_der_Suche_nach_dem_verlore_2014-02-28_1930_531608.mp4

2014-03-15 21:23 - 2012-04-15 15:03 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH

2014-03-15 16:39 - 2010-08-26 16:16 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-03-15 00:34 - 2011-05-15 20:30 - 00000934 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk

2014-03-15 00:32 - 2014-03-15 00:25 - 00008284 _____ () C:\Windows\system32\eps_icon.avi

2014-03-15 00:32 - 2011-05-15 20:31 - 00000093 _____ () C:\Windows\EPSMTL32.TXT

2014-03-15 00:26 - 2011-05-15 20:31 - 00312555 _____ () C:\Windows\EPSTPLOG.BAK

2014-03-14 22:39 - 2014-03-04 20:29 - 00000000 ____D () C:\Program Files\Steuer 2013

2014-03-14 22:39 - 2012-04-15 15:07 - 00000714 _____ () C:\Windows\wiso.ini
 

Some content of TEMP:

====================

C:\Users\frank\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-04-09 20:06
 

==================== End Of Log ============================

--- --- ---