Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Firefox versucht unbekannte Erweiterung zu updaten (https://www.trojaner-board.de/160887-firefox-versucht-unbekannte-erweiterung-updaten.html)

LigH 18.11.2014 14:54
Firefox versucht unbekannte Erweiterung zu updaten
 
Hallo.

Als Webbrowser verwende ich meist Pale Moon, ein weitgehend kompatibler Fork von Firefox mit Optimierungen, aber ohne ein paar neueste Entwicklungen, welche die Sicherheit und Anonymität einschränken, daher auch mit begrenzter Kompatibilität. Manchmal wird der aber von einigen Websites nicht richtig erkannt bzw. eingeschätzt, und dann muss doch mal der Mozilla Firefox verwendet werden.

Den habe ich nun gerade auf Version 33.1.1 geupdatet, und auch wenn die Add-ons auf Auto-Update stehen, probiere ich nach einem Browserupdate noch mal manuell, ob was gefunden wird.

So wurden auch diesmal Updates für zwei Add-ons gefunden. Und plötzlich erscheint auch ein Add-on ganz unten in der Liste, das ich nie installiert habe, und versucht sein Update herunterzuladen; allerdings beginnt es damit anscheinend nur, die Fortschrittsanzeige des Downloads bleibt weit links und bewegt sich nicht. Ein Firefox Add-on mit dem angezeigten Namen existiert nicht laut Mozilla Add-on DB und Google-Suche. Nachdem ich den Download abbreche, verschwindet es aus der Liste.

Also Firefox beendet und erst mal mit MBAM 2.0.3 und SB S&D 2 das Firefox-Programm- und -Profil-Verzeichnis gescannt: Keine Funde.

FRST listet Firefox Extensions auf; darunter ist eine ohne eigenen Namen, mit einer CLSID als Dateiname. Der enthaltene Code verwendet auch eine URL mit "sparpilot.com". Aber ob genau das die "unsichtbare" Erweiterung ist?

Code:
FF Extension: YouTube Unblocker - C:\Users\Entwicklung\AppData\Roaming\Mozilla\Firefox\Profiles\o1r40x9k.default-1371043206935\Extensions\youtubeunblocker@unblocker.yt [2014-11-18]
FF Extension: DownloadHelper - C:\Users\Entwicklung\AppData\Roaming\Mozilla\Firefox\Profiles\o1r40x9k.default-1371043206935\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-10-23]
FF Extension: Firebug - C:\Users\Entwicklung\AppData\Roaming\Mozilla\Firefox\Profiles\o1r40x9k.default-1371043206935\Extensions\firebug@software.joehewitt.com.xpi [2013-06-12]
FF Extension: PHP Developer Toolbar - C:\Users\Entwicklung\AppData\Roaming\Mozilla\Firefox\Profiles\o1r40x9k.default-1371043206935\Extensions\php_dev_bar@php_dev_bar.org.xpi [2013-06-12]
FF Extension: {7d69841a-591f-4888-9150-69194354e3f7} - C:\Users\Entwicklung\AppData\Roaming\Mozilla\Firefox\Profiles\o1r40x9k.default-1371043206935\Extensions\{7d69841a-591f-4888-9150-69194354e3f7}.xpi [2014-09-02]
FF Extension: Web Developer - C:\Users\Entwicklung\AppData\Roaming\Mozilla\Firefox\Profiles\o1r40x9k.default-1371043206935\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013-06-12]
FF Extension: Adblock Plus - C:\Users\Entwicklung\AppData\Roaming\Mozilla\Firefox\Profiles\o1r40x9k.default-1371043206935\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-12]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - E:\Programme\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - E:\Programme\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-01-08]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-08-01]
FF Extension: No Name - web2pdfextension@web2pdf.adobedotcom [Not Found]
Ich bitte um weitere Anweisungen...

:kaffee:

schrauber 18.11.2014 16:00
Hi,

poste bitte beide FRST Logs komplett.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

LigH 21.11.2014 08:36
Auto-abonnieren vergessen, wundere mich, dass keine Benachrichtigung über eine Antwort kommt...

Archiv angehängt.
__

Ach so, verlesen. Na gut, dann inline.


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2014
Ran by Entwicklung (administrator) on MARIO2 on 18-11-2014 14:38:44
Running from F:\Downloads
Loaded Profiles: Entwicklung (Available profiles: Verwaltung & Entwicklung & PSTester & Test & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apache Software Foundation) E:\Programme\xampp\apache\bin\httpd.exe
(Schneider Electric) E:\Programme\APC\PowerChute Personal Edition\mainserv.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Apache Software Foundation) E:\Programme\xampp\apache\bin\httpd.exe
() E:\Programme\xampp\mysql\bin\mysqld.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Windows\SysWOW64\PSIService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Safer-Networking Ltd.) E:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
(Schneider Electric) E:\Programme\APC\PowerChute Personal Edition\dataserv.exe
(Safer-Networking Ltd.) E:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) E:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() E:\Programme\TortoiseHg\TortoiseHgOverlayServer.exe
(Disc Soft Ltd) E:\Programme\DAEMON Tools Lite\DTLite.exe
(Safer-Networking Ltd.) E:\Programme\Spybot - Search & Destroy 2\SDTray.exe
(Adobe Systems Inc.) E:\Programme\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Sysinternals - www.sysinternals.com) E:\Programme\SysInternals\ProcExp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Sysinternals - www.sysinternals.com) J:\TEMP\procexp64.exe
(Schneider Electric) E:\Programme\APC\PowerChute Personal Edition\apcsystray.exe
(hxxp://tortoisesvn.net) E:\Programme\TortoiseSVN\bin\TSVNCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) E:\Programme\Internet Explorer\ielowutil.exe
(Eugene Roshal & FAR Group) C:\Program Files\Far Manager\Far.exe
(Safer-Networking Ltd.) E:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Opera Software) E:\Programme\Opera\opera.exe
(Microsoft Corporation) E:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Jasc Software, Inc.) E:\Programme\Jasc Software Inc\Paint Shop Pro 9\Paint Shop Pro 9.exe
(hxxp://tortoisesvn.net) E:\Programme\TortoiseSVN\bin\TSVNCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [4465448 2014-05-12] (O&O Software GmbH)
HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [5885072 2014-02-27] (Space Sciences Laboratory)
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [73360 2014-02-27] (Space Sciences Laboratory)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM\...\Run: [TortoiseHgOverlayIconServer] => E:\Programme\TortoiseHg\TortoiseHgOverlayServer.exe [100616 2014-11-05] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Display] => E:\Programme\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [SDTray] => E:\Programme\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => E:\Programme\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [823224 2012-07-27] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => E:\Programme\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36800 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => E:\Programme\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3472902020-759341144-1792876247-1002\...\Run: [DAEMON Tools Lite] => E:\Programme\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
IFEO\taskmgr.exe: [Debugger] "E:\PROGRAMME\SYSINTERNALS\PROCEXP.EXE"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
ShortcutTarget: APC UPS Status.lnk -> E:\Programme\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk
ShortcutTarget: O&O Defrag Tray.lnk -> C:\Windows\Installer\{A5168EBB-F8E1-4B62-8805-C25684DB9E86}\app_icon.ico ()
Startup: C:\Users\Entwicklung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Process Explorer.lnk
ShortcutTarget: Process Explorer.lnk -> E:\Programme\SysInternals\ProcExp.exe (Sysinternals - www.sysinternals.com)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-3472902020-759341144-1792876247-1002] => 192.168.0.1:3128
HKU\S-1-5-21-3472902020-759341144-1792876247-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-3472902020-759341144-1792876247-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKU\S-1-5-21-3472902020-759341144-1792876247-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF01610DA8721CE01
HKU\S-1-5-21-3472902020-759341144-1792876247-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - E:\Programme\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: SDHelper -> {53707962-6F74-2D53-2644-206D7942484F} -> E:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> E:\Programme\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Toolbar: HKU\S-1-5-21-3472902020-759341144-1792876247-1002 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{BA08CCD2-55EE-412F-93EF-336909D1807D}: [NameServer] 192.168.0.1,80.69.115.48

FireFox:
========
FF ProfilePath: C:\Users\Entwicklung\AppData\Roaming\Mozilla\Firefox\Profiles\o1r40x9k.default-1371043206935
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @gpac/osmozilla,version=1.0 -> E:\Programme\GPAC\nposmozilla.dll ( )
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> E:\Programme\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> E:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> E:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> E:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> E:\Programme\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3472902020-759341144-1792876247-1002: @gpac/osmozilla,version=1.0 -> E:\Programme\GPAC\nposmozilla.dll ( )
FF Plugin ProgramFiles/Appdata: E:\Programme\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: E:\Programme\mozilla firefox\plugins\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
FF Plugin ProgramFiles/Appdata: E:\Programme\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: E:\Programme\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: E:\Programme\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: E:\Programme\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: E:\Programme\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: YouTube Unblocker - C:\Users\Entwicklung\AppData\Roaming\Mozilla\Firefox\Profiles\o1r40x9k.default-1371043206935\Extensions\youtubeunblocker@unblocker.yt [2014-11-18]
FF Extension: DownloadHelper - C:\Users\Entwicklung\AppData\Roaming\Mozilla\Firefox\Profiles\o1r40x9k.default-1371043206935\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-10-23]
FF Extension: Firebug - C:\Users\Entwicklung\AppData\Roaming\Mozilla\Firefox\Profiles\o1r40x9k.default-1371043206935\Extensions\firebug@software.joehewitt.com.xpi [2013-06-12]
FF Extension: PHP Developer Toolbar - C:\Users\Entwicklung\AppData\Roaming\Mozilla\Firefox\Profiles\o1r40x9k.default-1371043206935\Extensions\php_dev_bar@php_dev_bar.org.xpi [2013-06-12]
FF Extension: {7d69841a-591f-4888-9150-69194354e3f7} - C:\Users\Entwicklung\AppData\Roaming\Mozilla\Firefox\Profiles\o1r40x9k.default-1371043206935\Extensions\{7d69841a-591f-4888-9150-69194354e3f7}.xpi [2014-09-02]
FF Extension: Web Developer - C:\Users\Entwicklung\AppData\Roaming\Mozilla\Firefox\Profiles\o1r40x9k.default-1371043206935\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013-06-12]
FF Extension: Adblock Plus - C:\Users\Entwicklung\AppData\Roaming\Mozilla\Firefox\Profiles\o1r40x9k.default-1371043206935\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-12]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - E:\Programme\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - E:\Programme\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-01-08]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-08-01]
FF Extension: No Name - web2pdfextension@web2pdf.adobedotcom [Not Found]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apache2.4; E:\programme\xampp\apache\bin\httpd.exe [22016 2012-08-18] (Apache Software Foundation) [File not signed]
R2 APC Data Service; E:\Programme\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; E:\Programme\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
S3 fussvc; E:\Programme\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 mysql; E:\programme\xampp\mysql\bin\mysqld.exe [8186368 2012-07-20] () [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1657640 2014-05-12] (O&O Software GmbH)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
U2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SDScannerService; E:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; E:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; E:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S2 SkypeUpdate; E:\Programme\Skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
S3 Te.Service; E:\Programme\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [60488 2013-03-15] (SafeNet Inc.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [303368 2013-03-15] (SafeNet Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-18] (Disc Soft Ltd)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331144 2013-03-15] (SafeNet Inc.)
R0 hotcore3; C:\Windows\SysWow64\drivers\hotcore3.sys [36368 2008-01-21] (Paragon Software Group)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2014-10-21] (REALiX(tm))
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-11-18] (Duplex Secure Ltd.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [106408 2012-12-19] (Oracle Corporation)
U3 affywudr; C:\Windows\System32\Drivers\affywudr.sys [0 ] (Microsoft Corporation)
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-18 14:38 - 2014-11-18 14:38 - 00000000 ____D () C:\FRST
2014-11-18 13:24 - 2014-11-18 13:24 - 00000000 ____D () E:\Programme\Mozilla Firefox
2014-11-18 11:27 - 2014-11-18 11:33 - 00000000 ____D () E:\Programme\AviSynth+
2014-11-18 11:27 - 2014-01-03 18:11 - 01064448 _____ (The Public) C:\Windows\system32\AviSynth.dll
2014-11-18 11:27 - 2013-10-13 13:56 - 02300928 _____ (Abysmal Software) C:\Windows\system32\DevIL.dll
2014-11-17 09:35 - 2014-11-17 09:35 - 00000000 ____D () E:\Programme\Pale Moon
2014-11-13 08:41 - 2014-11-13 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CMake 3.1.0-rc1
2014-11-13 08:32 - 2014-11-13 08:41 - 00000000 ____D () E:\Programme\CMake
2014-11-13 08:32 - 2014-11-13 08:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CMake 3.0.2
2014-11-13 08:04 - 2014-11-13 08:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseHg
2014-11-12 09:30 - 2014-10-27 21:32 - 17870336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 09:30 - 2014-10-27 21:13 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 09:30 - 2014-10-27 21:12 - 10921472 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 09:30 - 2014-10-27 21:07 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 09:30 - 2014-10-27 21:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 09:30 - 2014-10-27 21:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 09:30 - 2014-10-27 21:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-12 09:30 - 2014-10-27 21:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 09:30 - 2014-10-27 21:04 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 09:30 - 2014-10-27 21:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 09:30 - 2014-10-27 21:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 09:30 - 2014-10-27 21:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 09:30 - 2014-10-27 21:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 09:30 - 2014-10-27 21:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 09:30 - 2014-10-27 21:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 09:30 - 2014-10-27 21:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 09:30 - 2014-10-27 21:03 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 09:30 - 2014-10-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 09:30 - 2014-10-27 21:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-12 09:30 - 2014-10-27 21:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-12 09:30 - 2014-10-27 21:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-12 09:30 - 2014-10-27 20:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 09:30 - 2014-10-27 20:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 09:30 - 2014-10-27 20:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 09:30 - 2014-10-27 19:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 09:30 - 2014-10-27 19:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 09:30 - 2014-10-27 19:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 09:30 - 2014-10-27 19:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-12 09:30 - 2014-10-27 19:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 09:30 - 2014-10-27 19:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 09:30 - 2014-10-27 19:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-12 09:30 - 2014-10-27 19:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 09:30 - 2014-10-27 19:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 09:30 - 2014-10-27 19:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 09:30 - 2014-10-27 19:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 09:30 - 2014-10-27 19:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 09:30 - 2014-10-27 19:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 09:30 - 2014-10-27 19:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 09:30 - 2014-10-27 19:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-12 09:30 - 2014-10-27 19:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-12 09:30 - 2014-10-27 19:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-12 09:30 - 2014-10-27 19:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 09:29 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 09:29 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 09:29 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 09:29 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 09:29 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 09:29 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 09:29 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 09:29 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 09:29 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 09:29 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 09:29 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 09:29 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 09:29 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 09:29 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 09:29 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 09:29 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 09:29 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 09:29 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 09:29 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 09:29 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 09:29 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 09:29 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 09:29 - 2014-09-19 10:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-12 09:29 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 09:29 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 09:29 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 09:29 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 09:29 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 09:29 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 09:29 - 2014-09-19 10:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-12 09:29 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 09:29 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 09:29 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 09:29 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 09:29 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 09:29 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 09:29 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 09:29 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 09:29 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 09:29 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 09:29 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 09:29 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 09:28 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 09:28 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 11:33 - 2014-11-11 11:33 - 00001742 _____ () C:\Users\Entwicklung\Desktop\XML Notepad 2007.lnk
2014-11-11 11:33 - 2014-11-11 11:33 - 00000000 ____D () C:\Users\Entwicklung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XML Notepad 2007
2014-11-04 12:57 - 2014-11-04 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GPAC
2014-11-04 07:56 - 2014-11-04 07:56 - 00000679 _____ () C:\Users\Public\Desktop\CodecVisa.lnk
2014-11-04 07:56 - 2014-11-04 07:56 - 00000000 ____D () E:\Programme\CodecVisa
2014-11-04 07:56 - 2014-11-04 07:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodecVisa
2014-11-03 15:17 - 2014-11-03 15:17 - 00000000 ____D () C:\Users\Entwicklung\AppData\Roaming\Machete
2014-10-28 14:28 - 2014-10-28 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
2014-10-27 15:10 - 2014-10-27 15:10 - 27231532 _____ () C:\tree3.far
2014-10-27 13:13 - 2014-10-19 18:12 - 00713216 _____ () C:\Windows\system32\xvidcore.dll
2014-10-27 13:13 - 2014-10-19 18:12 - 00251392 _____ () C:\Windows\system32\xvidvfw.dll
2014-10-27 13:13 - 2014-10-19 18:12 - 00169984 _____ () C:\Windows\system32\xvid.ax
2014-10-21 10:52 - 2014-10-27 09:41 - 00000000 ____D () C:\Users\Entwicklung\AppData\Roaming\XnViewMP
2014-10-21 10:51 - 2014-10-21 10:51 - 00001473 _____ () C:\Users\Entwicklung\Desktop\XnViewMP.lnk
2014-10-21 10:51 - 2014-10-21 10:51 - 00000000 ____D () E:\Programme\XnViewMP
2014-10-21 10:51 - 2014-10-21 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnViewMP

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-18 14:20 - 2013-01-21 16:46 - 00000000 ____D () E:\Programme\WSCC
2014-11-18 14:02 - 2014-07-09 07:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-18 13:45 - 2013-04-10 06:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-18 11:51 - 2009-09-09 13:02 - 00000000 ____D () C:\Users\Entwicklung\Documents\Eigene PSP-Dateien
2014-11-18 11:30 - 2013-01-05 12:19 - 00000000 ____D () E:\Programme\MeGUI
2014-11-18 11:29 - 2013-01-29 16:41 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-18 11:29 - 2012-08-03 14:43 - 01322885 _____ () C:\Windows\WindowsUpdate.log
2014-11-18 11:27 - 2013-01-05 10:30 - 00000000 ____D () E:\Programme\AviSynth 2.5
2014-11-18 11:21 - 2013-01-25 16:22 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7ED00D45-2038-4F1B-AFA7-1EF68EA8F239}
2014-11-18 11:17 - 2013-08-16 13:33 - 00000000 ____D () E:\Programme\x265
2014-11-18 08:10 - 2013-01-07 12:52 - 00000334 _____ () C:\Windows\BRCALIB.INI
2014-11-17 08:49 - 2013-01-05 11:07 - 00000000 ____D () E:\Programme\eclipse-php
2014-11-17 08:44 - 2009-07-14 05:45 - 00020272 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-17 08:44 - 2009-07-14 05:45 - 00020272 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-17 08:43 - 2011-04-12 08:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-11-17 08:43 - 2011-04-12 08:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-11-17 08:43 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-17 08:37 - 2014-02-10 13:12 - 00000000 ____D () C:\Users\Entwicklung\AppData\Roaming\TortoiseHg
2014-11-17 08:35 - 2013-04-26 08:53 - 08405015 _____ () C:\Windows\TmpFile1
2014-11-17 08:35 - 2013-04-16 09:03 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-17 08:35 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-17 08:35 - 2009-07-14 05:51 - 00075471 _____ () C:\Windows\setupact.log
2014-11-14 17:27 - 2014-04-25 09:35 - 00000600 _____ () C:\Users\Entwicklung\AppData\Roaming\winscp.rnd
2014-11-14 07:56 - 2013-01-05 14:32 - 00000000 ____D () E:\Programme\QuickTime
2014-11-14 07:56 - 2012-11-09 07:51 - 00001666 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-11-14 07:56 - 2012-11-09 07:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-14 07:56 - 2012-08-06 11:39 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-11-13 08:04 - 2014-05-05 12:56 - 00000000 ____D () C:\Program Files\Common Files\TortoiseOverlays
2014-11-13 08:04 - 2013-01-05 14:57 - 00000000 ____D () E:\Programme\TortoiseHg
2014-11-12 12:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-12 09:56 - 2013-04-10 06:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 09:56 - 2012-08-03 14:58 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 09:56 - 2012-08-03 14:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 09:46 - 2009-07-14 05:45 - 01353360 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 09:36 - 2013-07-12 06:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 09:31 - 2012-12-29 00:28 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 11:33 - 2009-11-17 11:09 - 00000000 ____D () E:\Programme\XML Notepad 2007
2014-11-04 16:14 - 2013-01-10 08:57 - 00000000 ____D () C:\Users\Entwicklung\AppData\Roaming\TV-Browser
2014-11-04 13:28 - 2013-01-05 14:49 - 00000000 ____D () E:\Programme\SeaMonkey
2014-11-04 13:28 - 2009-09-03 07:58 - 00001594 _____ () C:\Users\Public\Desktop\SeaMonkey.lnk
2014-11-04 13:28 - 2009-09-03 07:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey
2014-11-04 13:14 - 2010-10-04 08:25 - 00000678 _____ () C:\Users\Public\Desktop\SRWare Iron.lnk
2014-11-04 13:14 - 2010-10-04 08:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron
2014-11-04 13:13 - 2013-01-05 14:51 - 00000000 ____D () E:\Programme\SRWare Iron
2014-11-04 12:57 - 2012-01-20 14:09 - 00001478 _____ () C:\Users\Public\Desktop\Osmo4.lnk
2014-11-03 11:18 - 2013-01-05 12:19 - 00000000 ____D () E:\Programme\MediaInfo
2014-11-03 10:44 - 2012-01-20 15:41 - 00001834 _____ () C:\Users\Public\Desktop\Machete.lnk
2014-11-03 10:44 - 2012-01-20 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Machete
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-30 09:35 - 2012-10-11 12:49 - 00000000 ____D () C:\Temp
2014-10-29 13:53 - 2014-09-30 16:22 - 00000000 ____D () E:\Programme\wsusoffline
2014-10-29 08:48 - 2013-01-28 09:37 - 00000000 ____D () C:\Users\Entwicklung\AppData\Roaming\PlaneShift
2014-10-29 07:39 - 2014-07-09 07:20 - 00000000 ____D () E:\Programme\Malwarebytes Anti-Malware
2014-10-28 16:19 - 2013-09-11 07:34 - 00000000 ____D () C:\Users\Entwicklung\AppData\Roaming\.minecraft
2014-10-28 14:28 - 2014-08-19 12:44 - 00001292 _____ () C:\Users\Public\Desktop\LibreOffice 4.3.lnk
2014-10-28 14:28 - 2014-08-19 12:43 - 00000000 ____D () E:\Programme\LibreOffice 4
2014-10-28 14:11 - 2013-08-12 10:38 - 00000000 ____D () C:\Users\Entwicklung\AppData\Roaming\uTorrent
2014-10-27 15:36 - 2014-07-09 07:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-27 15:36 - 2013-11-11 10:49 - 00000740 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-27 13:13 - 2011-02-24 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
2014-10-27 13:13 - 2009-09-30 14:35 - 00000000 ____D () E:\Programme\Xvid
2014-10-24 15:47 - 2012-08-06 11:31 - 00000000 ____D () C:\Users\PSTester
2014-10-23 14:42 - 2010-02-02 08:09 - 00000000 ____D () C:\Users\Entwicklung\dwhelper
2014-10-21 12:41 - 2013-10-08 14:42 - 00027552 _____ (REALiX(tm)) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2014-10-21 12:41 - 2013-10-08 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO32
2014-10-21 12:41 - 2013-01-08 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
2014-10-21 12:41 - 2013-01-08 14:39 - 00000000 ____D () C:\Program Files\HWiNFO64
2014-10-21 10:50 - 2013-01-18 09:58 - 00001461 _____ () C:\Users\Entwicklung\Desktop\XnView.lnk
2014-10-21 10:50 - 2009-09-03 09:07 - 00000000 ____D () E:\Programme\XnView
2014-10-21 10:50 - 2009-09-03 09:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView
2014-10-21 10:06 - 2013-01-18 09:58 - 00000000 ____D () C:\Users\Entwicklung\AppData\Roaming\XnView
2014-10-19 18:12 - 2013-08-30 10:01 - 00638976 _____ () C:\Windows\SysWOW64\xvidcore.dll
2014-10-19 18:12 - 2013-08-30 10:01 - 00235520 _____ () C:\Windows\SysWOW64\xvidvfw.dll
2014-10-19 18:12 - 2013-08-30 10:01 - 00147456 _____ () C:\Windows\SysWOW64\xvid.ax

Files to move or delete:
====================
C:\Users\Entwicklung\en_res.dll
C:\Users\Entwicklung\es_res.dll
C:\Users\Entwicklung\fr_res.dll
C:\Users\Entwicklung\grm_res.dll
C:\Users\Entwicklung\it_res.dll
C:\Users\Entwicklung\jp_res.dll
C:\Users\Entwicklung\mfc80u.dll
C:\Users\Entwicklung\msvcr80.dll
C:\Users\Entwicklung\pt_res.dll
C:\Users\Entwicklung\ResourceReader.dll
C:\Users\Entwicklung\ru_res.dll
C:\Users\Entwicklung\zh_res.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-17 12:22

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-11-2014
Ran by Entwicklung at 2014-11-18 14:40:11
Running from F:\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3472902020-759341144-1792876247-1002\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.34 (HKLM-x32\...\{23170F69-40C1-2701-0934-000001000000}) (Version: 9.34.00.0 - Igor Pavlov)
7-Zip 9.34 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0934-000001000000}) (Version: 9.34.00.0 - Igor Pavlov)
abrMate version 1.1 (HKLM-x32\...\abrMate_is1) (Version: 1.1 - )
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.4 - Adobe Systems)
Adobe Audition 3.0 (HKLM-x32\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AIDA64 Extreme Edition v2.70 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 2.70 - FinalWire Ltd.)
Alien Skin Eye Candy 5 Impact (HKLM-x32\...\EyeCandy5Impact) (Version:  - )
Alien Skin Eye Candy 5 Nature (HKLM-x32\...\EyeCandy5Nature) (Version:  - )
Alien Skin Eye Candy 5 Textures (HKLM-x32\...\EyeCandy5Textures) (Version:  - )
Alien Skin Xenofex 2.0 (HKLM-x32\...\Xenofex2) (Version:  - )
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Verifier x64 External Package (Version: 8.59.29722 - Microsoft) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.10.0 - Asmedia Technology)
ATI Catalyst Install Manager (HKLM\...\{62140B07-129A-2BD0-81D2-2A1A7408ADC8}) (Version: 3.0.762.0 - ATI Technologies, Inc.)
Avidemux 2.6 - 64bits (HKLM-x32\...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.6.8941 - )
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.6.8941 - )
AviSynth+ 0.1 (r1576) (HKLM-x32\...\{AC78780F-BACA-4805-8D4F-AE1B52B7E7D3}_is1) (Version: 2.6.0.5 - The Public)
BenVista PhotoZoom Pro 5.0.8 (HKU\S-1-5-21-3472902020-759341144-1792876247-1002\...\PhotoZoom Pro 5) (Version: 5.0.8 - BenVista Ltd.)
BenVista PhotoZoom Pro 5.1 (HKLM-x32\...\PhotoZoom Pro 5) (Version: 5.1 - BenVista Ltd.)
Beyond Compare 3.3.8 (HKLM-x32\...\BeyondCompare3_is1) (Version: 3.3.8.16340 - Scooter Software)
Bitrate Viewer 2.3 (HKLM-x32\...\Bitrate Viewer) (Version: 2.3 - EDV & Astro Service)
Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation)
BOINC (HKLM\...\{D0183F8F-46BB-409F-9CD7-FB43F1A4279B}) (Version: 7.2.42 - Space Sciences Laboratory, U.C. Berkeley)
Bridge Constructor (HKLM-x32\...\Steam App 250460) (Version:  - )
ByteScout BarCode Generator 3.30.667 (FREEWARE) (HKLM-x32\...\ByteScout BarCode Generator_is1) (Version:  - Bytescout Software)
ByteScout BarCode Reader 7.00.1109 (FREEWARE) (HKLM-x32\...\ByteScout BarCode Reader_is1) (Version: 7.00.1109 - Bytescout Software)
cadwork (x32 Version: 19.280.0 - Cadwork Informatik) Hidden
Canon iX4000 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iX4000) (Version:  - )
CMake 2.8, a cross-platform, open-source build system (HKLM-x32\...\CMake 2.8.12.2) (Version: 2.8.12.2 - Kitware)
CMake 3.0.2, a cross-platform, open-source build system (HKLM-x32\...\CMake 3.0.2) (Version: 3.0.2 - Kitware)
CMake 3.1.0-rc1, a cross-platform, open-source build system (HKLM-x32\...\CMake 3.1.0-rc1) (Version: 3.1.0-rc1 - Kitware)
CodecVisa (HKLM-x32\...\CodecVisa_is1) (Version:  - Codecian Co. Ltd.)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Cool & Quiet (HKLM-x32\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version:  - )
Corel DESIGNER Technical Suite X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
Corel DESIGNER Technical Suite X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
Corel DESIGNER Technical Suite X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
Corel DESIGNER Technical Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation)
Corel DESIGNER Technical Suite X5 (x32 Version: 15.3 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension (HKLM\...\_{EBDC2D0D-1E26-4EF2-BB48-C7E18F7800C6}) (Version: 16.0.0.707 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.0.707 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.0.707 - Corel Corporation) Hidden
Corel Graphics Suite 11 (x32 Version: 11 - Corel Corporation) Hidden
Corel Paint Shop Pro Photo X2 (HKLM-x32\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.010.0000 - Corel Corporation)
CorelDRAW 11 - SVG Filter Update (x32 Version: 11.714 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 11 (HKLM-x32\...\InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}) (Version: 11 - Corel Corporation)
CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Designer (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - EN (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.0 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.0.0.707 - Corel Corporation)
CorelDRAW Graphics Suite X6 (x64) (Version: 16.0 - Corel Corporation) Hidden
Curse Client (HKU\S-1-5-21-3472902020-759341144-1792876247-1002\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Das Telefonbuch Gelbe Seiten Map & Route (HKLM-x32\...\DasTelefonbuch Gelbe Seiten Map & Route) (Version:  - TVG Telefonbuch- und Verzeichnisverlag GmbH & Co. KG)
Deep Exploration 6 CE (HKLM-x32\...\{E903CEC4-6822-47A4-9F6C-4A93C02119A3}) (Version: 6.3 - Right Hemisphere)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Doomsday Engine 1.10.3 (HKLM-x32\...\Doomsday Engine_is1) (Version:  - deng Team)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
Dynamic Auto-Painter x64 PRO version 3.2 (HKLM\...\{30994599-9734-455F-B51D-7E5E987AFA2A}_is1) (Version: 3.2 - Mediachance.com)
EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
English Country Tune version 1.9 (HKLM-x32\...\{9F59B1EF-4094-4C6C-87C3-17F15E6063C8}_is1) (Version: 1.9 - increpare games ltd.)
Eye Candy 4000 (HKLM-x32\...\Eye Candy 4000) (Version:  - )
Far Manager 3 x64 (HKLM\...\{54AAF47E-41D8-4294-B6B8-214D7374ACFD}) (Version: 3.0.4040 - Eugene Roshal & Far Group)
ffdshow v1.3.4527 [2013-12-03] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4527.0 - )
FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
Flash Drive Tester v1.14 (HKLM-x32\...\{272C8DEE-F54F-406C-9AA6-B4DE2985A47C}) (Version: 1.14 - Virtual Console)
Focus Magic 4.01 (HKLM-x32\...\Focus Magic_is1) (Version: 4.01 - Acclaim Software Ltd)
foobar2000 v1.3.2 (HKLM-x32\...\foobar2000) (Version: 1.3.2 - Peter Pawlowski)
Free Download Manager 3.9.3 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
G-Mapper (HKLM-x32\...\{08D2435E-DC4E-464D-8C2F-606B9BC0A465}) (Version: 3.1.60 - db net solutions)
GnuWin32: sed-4.2.1 (HKLM-x32\...\sed-4.2.1_is1) (Version: 4.2.1 - GnuWin)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
GPAC (remove only) (HKLM-x32\...\GPAC) (Version:  - )
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
GPU Caps Viewer 1.17.2 (HKLM-x32\...\{F6E04BE8-2FA4-44C4-9BD3-142CE3EB15B4}_is1) (Version:  - Geeks3D.com)
GSview 5.0 (HKLM\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Huffyuv AVI lossless video codec - MultiThread (Remove Only) (HKLM\...\HuffyuvcodecMT) (Version:  - )
HWiNFO32 Version 4.46 (HKLM-x32\...\HWiNFO32_is1) (Version: 4.46 - Martin Malík - REALiX)
HWiNFO64 Version 4.46 (HKLM\...\HWiNFO64_is1) (Version: 4.46 - Martin Malík - REALiX)
Hybrid (remove only) (HKLM-x32\...\Hybrid) (Version: 2014.2.14.1 - Selur´s Hybrid)
Image Trends' ShineOff Plug-In 2.1.5 (HKLM-x32\...\{BEB1097E-3A87-4406-AD9D-E8E569D3FADE}) (Version: 2.1.5 - Image Trends, Inc. )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Inpaint (HKLM-x32\...\{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}) (Version: 1.0.0 - Teorex)
Inpaint 6.0 (HKLM\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version:  - Teorex)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Jasc Paint Shop Pro 9 (HKLM-x32\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc)
Jasc Paint Shop Pro 9.01 Patch (HKLM-x32\...\Jasc Paint Shop Pro 9.01 Patch) (Version:  - )
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
Lame ACM MP3 Codec (HKLM-x32\...\LameACM) (Version:  - )
LameXP v4.09 (HKLM-x32\...\{FBD7A67D-D700-4043-B54F-DD106D00F308}) (Version: 4.09 Alpha-8 [Build #1474] - LoRd_MuldeR <mulder2@gmx.de>)
LAV Filters 0.63.0 (HKLM-x32\...\lavfilters_is1) (Version: 0.63.0 - Hendrik Leppkes)
Lazarus 1.0.8 (HKLM\...\Lazarus_is1) (Version: 1.0.8 - Lazarus Team)
LibreOffice 4.3 Help Pack (German) (HKLM-x32\...\{4E972CC6-84A0-4A25-B5C0-5B84229A208B}) (Version: 4.3.2.2 - The Document Foundation)
LibreOffice 4.3.2.2 (HKLM-x32\...\{9C13F99C-6E1A-4126-AE91-EAA2DADE08D6}) (Version: 4.3.2.2 - The Document Foundation)
Luminance HDR 2.3.1 (HKLM\...\{7020FC34-6E04-4858-924D-354B28CB2402}_is1) (Version:  - Luminance HDR Dev Team)
Luxuria Superbia version 1 (HKLM-x32\...\{00BB5CA5-20CD-48D2-9E90-2E2A5BB551D8}_is1) (Version: 1 - Tale of Tales)
Machete 4.2 (HKLM-x32\...\{1799612D-556F-4D26-ABB3-3ED6BB98ECE1}) (Version: 4.2.11 - MacheteSoft)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MediaInfo 0.7.61 (HKLM\...\MediaInfo) (Version: 0.7.61 - MediaArea.net)
Microangelo Toolset 6 (x64) (HKLM\...\{CE63DE9D-2CBA-4B01-B3CF-FF06497403AD}) (Version: 6.10.70 - Impact Software)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{A2E24035-9B11-4E1D-9FBC-FA7F20C16832}) (Version: 16.4.1970.0624 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM-x32\...\{91170407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Works 7.0  (HKLM-x32\...\{EDDDC607-91D9-4758-9F57-265FDCD8A772}) (Version: 07.02.0702 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
MKVToolNix 7.0.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 7.0.0 - Moritz Bunkus)
Mozilla Firefox 33.1.1 (x86 de) (HKU\S-1-5-21-3472902020-759341144-1792876247-1002\...\Mozilla Firefox 33.1.1 (x86 de)) (Version: 33.1.1 - Mozilla)
MPC-HC 1.6.7.7114 (9eb64ec) (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.6.7.7114 - MPC-HC Team)
MPC-HC 1.6.7.7114 (9eb64ec) (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.7.7114 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Game Long Name (HKLM\...\UDK-fd982452-341a-4982-b728-14be89eb5d76) (Version:  - Epic Games, Inc.)
NEF Codec (HKLM-x32\...\{D6506521-0959-4FA3-875F-E2E28830B0D2}) (Version: 1.00.0000 - Nikon)
Nero 6 Ultra Edition (HKLM-x32\...\Nero - Burning Rom!UninstallKey) (Version:  - )
Nero CoverDesigner (HKLM-x32\...\{35F59E66-CAA0-4585-8DC4-037A04717FCF}) (Version: 12.0.01100 - Nero AG)
NetStress 2.0.9686.0 (HKLM-x32\...\NetStress_is1) (Version:  - Nuts About Nets, LLC)
Nettalk 6.7 (HKLM-x32\...\Nettalk_is1) (Version:  - Nicolas Kruse)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA DDS Utilities (HKLM-x32\...\{64963F0E-03F2-4B59-8D1B-1806545E7092}) (Version: 1.0 - )
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Texture Tools 2 - 64 bit (HKLM-x32\...\{65C967FA-29D8-4A5F-99C5-BC9AF1F8F9D2}) (Version: 2.0 - )
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
O&O Defrag Professional (HKLM\...\{A5168EBB-F8E1-4B62-8805-C25684DB9E86}) (Version: 17.5.559 - O&O Software GmbH)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Oracle VM VirtualBox 4.3.14 (HKLM\...\{8DD94059-60C6-42E3-AB59-8F37445ACC79}) (Version: 4.3.14 - Oracle Corporation)
Osmo4/GPAC (remove only) (HKLM-x32\...\Osmo4) (Version:  - )
Osmo4/GPAC (remove only) (HKU\S-1-5-21-3472902020-759341144-1792876247-1002\...\Osmo4) (Version:  - )
Pale Moon 25.1.0 (x86 en-US) (HKU\S-1-5-21-3472902020-759341144-1792876247-1002\...\Pale Moon 25.1.0 (x86 en-US)) (Version: 25.1.0 - Moonchild Productions)
Paragon Partition Manager 9.0 Professional (HKLM-x32\...\{C887C75D-2636-41F6-BB7B-FD4B0314C1E1}) (Version:  - Paragon Software Group)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF/X-3 Inspector (Freeware) (HKLM-x32\...\PDF/X-3 Inspector (Freeware)) (Version:  - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
PDF-XChange Editor (HKLM-x32\...\{A261A521-AFDF-48BE-BD5D-88E71489077F}) (Version: 3.0.306.1 - Tracker Software Products (Canada) Ltd.)
PlaneShift (HKLM-x32\...\PlaneShift 0.5.9.11) (Version: 0.5.9.11 - Atomic Blue)
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
Preispiraten (HKLM-x32\...\{5384EA8A-FECA-4D6E-B7B4-3D4D9D47E5DF}) (Version: 6 - metaspinner net GmbH)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
pstoedit and importps 3.62 (HKLM\...\pstoedit and importps_is1) (Version: 3.62 - H&W Glunz)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Really Slick Screensavers 0.2 (HKLM-x32\...\ReallySlickScreensavers) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.006 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
RIFT (HKU\S-1-5-21-3472902020-759341144-1792876247-1002\...\RIFT) (Version:  - Trion Worlds, Inc.)
Risen3D version 2.2.25 (HKLM-x32\...\Risen3D_is1) (Version:  - )
Ruby 1.9.3-p545 (HKU\S-1-5-21-3472902020-759341144-1792876247-1002\...\{17E73B15-62D2-43FD-B851-ACF86A8C9D25}_is1) (Version: 1.9.3-p545 - RubyInstaller Team)
SARDU 2.0.6.5 (HKLM-x32\...\SARDU) (Version: 2.0.6.5 - Davide Costa)
Sauerbraten (HKLM-x32\...\Sauerbraten) (Version:  - )
SDK Debuggers (x32 Version: 8.59.29746 - Microsoft Corporation) Hidden
SeaMonkey 2.30 (x86 de) (HKLM-x32\...\SeaMonkey 2.30 (x86 de)) (Version: 2.30 - Mozilla)
SIF1 v.1.20 (HKLM-x32\...\SIF1_is1) (Version:  - Neiromaster)
SiteMap Generator 0.975 (beta) (HKLM-x32\...\SiteMap Generator_is1) (Version:  - wonderwebware.com)
Sitemap Generator 1.0.0.0 (HKLM-x32\...\Sitemap Generator) (Version: 1.0.0.0 - DevIntelligence.com)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SolidWorks eDrawings 2013 (HKLM-x32\...\{23AF214D-3360-4979-9132-5586D6E11FC5}) (Version: 13.4.107 - Dassault Systèmes SolidWorks Corp)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
SRWare Iron Version SRWare Iron 38.2050.0 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 38.2050.0 - SRWare)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.25942 - TeamViewer)
TEncoder Video Converter version 3.1 (HKLM-x32\...\{36B6CC84-FFEE-4EFE-BB9F-F23356D7F9EF}_is1) (Version: 3.1 - ozok)
The Compressonator 1.50 (HKLM\...\{5C46703D-92EE-40d9-BCF8-DEADBEEFAAAA}) (Version: 1.50 - AMD)
The Dude (HKLM-x32\...\Dude) (Version:  - )
Topaz InFocus (HKLM-x32\...\Topaz InFocus) (Version: 1.0.0 - Topaz Labs, LLC)
TortoiseHg 3.2.0 (x64) (HKLM\...\{92A5D824-F420-43DA-8956-B8A59C799066}) (Version: 3.2.0 - Steve Borho and others)
TortoiseSVN 1.8.6.25419 (64 bit) (HKLM\...\{0DD7C466-163D-4901-AD4B-E78EEFD7FE01}) (Version: 1.8.25419 - TortoiseSVN)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
TV-Browser 3.4 (HKLM-x32\...\tvbrowser) (Version: 3.4 - TV-Browser Team)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Ut Video Codec Suite (HKLM\...\utvideo_is1) (Version: 13.3.0 - UMEZAWA Takeshi)
Viewer V7 (HKLM-x32\...\Viewer V7) (Version:  - )
VisualSubSync (remove only) (HKLM-x32\...\VisualSubSync) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version:  - )
VueScan x64 (HKLM\...\VueScan x64) (Version:  - )
WebP Codec for Windows 0.19 (HKLM\...\{9D2F4EB8-98AD-4C8B-A0C5-4C114B3F1287}) (Version: 0.19.9 - Google Inc)
WhackEd2 (HKLM-x32\...\{13798206-C1C4-11D7-8CCB-CE81DE993523}}_is1) (Version:  - )
WhackEd3 (HKLM-x32\...\WhackEd3_is1) (Version: 0.9.10 beta - )
Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZip 12.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}) (Version: 12.0.8252 - WinZip Computing, S.L. )
Wireshark 1.8.7 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.8.7 - The Wireshark developer community, hxxp://www.wireshark.org)
WPT Redistributables (x32 Version: 8.59.29750 - Microsoft) Hidden
WPTx64 (x32 Version: 8.59.29722 - Microsoft) Hidden
XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)
XnConvert 1.55 (HKLM\...\XnConvert_is1) (Version: 1.55 - Gougelet Pierre-e)
XnView 2.24 (HKLM-x32\...\XnView_is1) (Version: 2.24 - Gougelet Pierre-e)
XnViewMP 0.69 (HKLM\...\XnViewMP_is1) (Version: 0.69 - Gougelet Pierre-e)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.0) (Version: 1.3.3 - )
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
ZBar Bar Code Reader (HKLM-x32\...\ZBar) (Version: 0.10 - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3472902020-759341144-1792876247-1002_Classes\CLSID\{869C14C8-1830-491F-B575-5F9AB40D2B42}\InprocServer32 -> E:\Programme\MediaInfo\MediaInfo_InfoTip.dll (hxxp://MediaArea.net/MediaInfo)
CustomCLSID: HKU\S-1-5-21-3472902020-759341144-1792876247-1002_Classes\CLSID\{9ca2b884-f754-4e46-aa17-f4c9667d8087}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3472902020-759341144-1792876247-1002_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()

==================== Restore Points  =========================

18-11-2014 10:29:08 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-11-05 07:56 - 00453562 ____R C:\Windows\system32\Drivers\etc\hosts
192.168.0.237        fritz.box
127.0.0.1        localhost
127.0.0.1        www.carportneuheit.de
127.0.0.1        www.carportneuheiten.de
127.0.0.1        www.carport-neuheit.de
127.0.0.1        www.carport-neuheiten.de
127.0.0.1        www.holzon-carport.com
127.0.0.1        www.holzon.de
127.0.0.1        www.holzon.eu
127.0.0.1        www.holzon.com
127.0.0.1        www.holzon.net
127.0.0.1        www.holzon.biz
127.0.0.1        www.holzon.info
127.0.0.1        www.holzon.at
127.0.0.1        www.holzon.be
127.0.0.1        www.holzon.ch
127.0.0.1        www.holzon.dk
127.0.0.1        www.holzon.nl
127.0.0.1        www.ligh.de
127.0.0.1        www.terrassenueberdachung.nl
127.0.0.1        www.terrassenueberdachungen.eu
127.0.0.1        www.terrassenueberdachung-terrassenueberdachungen.de
127.0.0.1        partner.holzon.de
127.0.0.1        www.holzon-partner.de
127.0.0.1        www.holzon-katalog.de
127.0.0.1        www.produktbilder24.de
127.0.0.1        www.meisterbalkon.de
127.0.0.1        www.meister-balkon.de
127.0.0.1        www.carportbausatz24.de

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01DBD47C-A880-4BEB-9C54-1C8D1D193B11} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => E:\Programme\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {04190C21-EF80-4103-BA2D-524DD6E3E2B7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {14A5FCA3-5803-47A7-91FD-1E0A3AB7EA20} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => E:\Programme\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {1DC6115A-A7A5-4E7E-8B45-3DB92679EBA0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {1F518784-9782-4A90-B023-23C3A7F0E34B} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {2A827125-F7EB-436F-9D7F-3EC153768D33} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4D520E83-3805-42C4-83C7-90513ABCBA30} - System32\Tasks\{9E4E8DFC-8716-4D9F-A783-BC5B0F76DEF1} => e:\programme\pale moon\palemoon.exe [2014-11-17] (Moonchild Productions)
Task: {58E0319F-885D-4DA3-8B7B-5A7C27339A2E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {5D5EE36A-2A09-4CAC-8C74-A285C7F82C01} - System32\Tasks\{6EEBFCC4-7D18-4438-B494-9A6E2E8ED091} => e:\programme\pale moon\palemoon.exe [2014-11-17] (Moonchild Productions)
Task: {644BFEA7-0B60-4BC5-9802-BE49D58FEBE8} - System32\Tasks\{8D9A1E69-3705-494A-985E-B13E155CDFBB} => e:\programme\pale moon\palemoon.exe [2014-11-17] (Moonchild Productions)
Task: {6C47D240-BADA-4B95-A50A-C643451C0B01} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => E:\Programme\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {6CFFDA91-F9CC-4EB5-A2D1-70E244CA959E} - System32\Tasks\{AE7BF63D-F59E-487B-978A-9C32A21CE47F} => e:\programme\pale moon\palemoon.exe [2014-11-17] (Moonchild Productions)
Task: {A9115315-17E7-47DD-AC2B-CBC98D2B3739} - System32\Tasks\{50D2D0D6-8DAD-4EE6-92F1-6A102D36AE25} => E:\Programme\VFD\AMD64\vfdwin.exe [2008-02-06] (Ken Kato)
Task: {B5C22337-E677-4B93-BFE8-A40BC2BB808E} - System32\Tasks\{910CD6B7-1206-458E-86A0-814C683DC084} => e:\programme\pale moon\palemoon.exe [2014-11-17] (Moonchild Productions)
Task: {B5C69A7C-54FC-4F84-ADDD-D04BB7A20FED} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {D0550A90-674C-4D3D-856D-661D474080B5} - System32\Tasks\{162D122A-D93C-4F5F-AAD1-567E95D390C0} => e:\programme\pale moon\palemoon.exe [2014-11-17] (Moonchild Productions)
Task: {E876A5DF-F637-4FE7-978A-D76DEE655025} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-06-18 08:20 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-17 13:36 - 2013-10-17 16:32 - 00020472 _____ () C:\Windows\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2012-07-20 19:08 - 2012-07-20 19:08 - 08186368 _____ () E:\programme\xampp\mysql\bin\mysqld.exe
2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 _____ () C:\Windows\SysWOW64\PSIService.exe
2014-04-12 13:48 - 2014-04-12 13:48 - 00076016 _____ () E:\Programme\TortoiseSVN\bin\TortoiseStub.dll
2014-04-12 13:48 - 2014-04-12 13:48 - 00088816 _____ () E:\Programme\TortoiseSVN\bin\libsasl.dll
2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2014-11-05 16:11 - 2014-11-05 16:11 - 00100616 _____ () E:\Programme\TortoiseHg\TortoiseHgOverlayServer.exe
2012-10-27 08:28 - 2012-10-27 08:28 - 00128512 _____ () E:\Programme\TortoiseHg\win32api.pyd
2012-10-27 08:27 - 2012-10-27 08:27 - 00137728 _____ () E:\Programme\TortoiseHg\pywintypes27.dll
2012-10-27 08:28 - 2012-10-27 08:28 - 00223232 _____ () E:\Programme\TortoiseHg\win32gui.pyd
2012-10-27 08:27 - 2012-10-27 08:27 - 00027648 _____ () E:\Programme\TortoiseHg\win32pipe.pyd
2012-10-27 08:27 - 2012-10-27 08:27 - 00023040 _____ () E:\Programme\TortoiseHg\win32event.pyd
2012-10-27 08:27 - 2012-10-27 08:27 - 00149504 _____ () E:\Programme\TortoiseHg\win32file.pyd
2012-10-27 08:28 - 2012-10-27 08:28 - 00136192 _____ () E:\Programme\TortoiseHg\win32security.pyd
2013-11-10 19:24 - 2013-11-10 19:24 - 00111616 _____ () E:\Programme\TortoiseHg\_ctypes.pyd
2014-11-05 16:07 - 2014-11-05 16:07 - 00010752 _____ () E:\Programme\TortoiseHg\mercurial.osutil.pyd
2013-11-10 19:25 - 2013-11-10 19:25 - 00474624 _____ () E:\Programme\TortoiseHg\_hashlib.pyd
2012-10-27 08:27 - 2012-10-27 08:27 - 00044032 _____ () E:\Programme\TortoiseHg\win32process.pyd
2012-10-27 08:29 - 2012-10-27 08:29 - 00503808 _____ () E:\Programme\TortoiseHg\pythoncom27.dll
2012-10-27 08:31 - 2012-10-27 08:31 - 00438784 _____ () E:\Programme\TortoiseHg\win32com.shell.shell.pyd
2014-08-10 03:02 - 2014-08-10 03:02 - 00428820 _____ () C:\Program Files\Far Manager\lua51.dll
2014-08-10 03:02 - 2014-08-10 03:02 - 00062464 _____ () C:\Program Files\Far Manager\lpeg.dll
2014-08-10 03:19 - 2014-08-10 03:19 - 02568704 _____ () C:\Program Files\Far Manager\Plugins\FarColorer\bin\colorer.dll
2012-04-04 17:47 - 2012-04-04 17:47 - 00108032 _____ () E:\programme\xampp\apache\bin\pcre.dll
2012-09-17 11:05 - 2012-09-17 11:05 - 00025088 _____ () E:\Programme\xampp\php\php5apache2_4.dll
2013-02-11 09:16 - 2012-11-13 14:06 - 00108960 _____ () E:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-02-11 09:16 - 2012-11-13 14:06 - 00416160 _____ () E:\Programme\Spybot - Search & Destroy 2\DEC150.bpl
2013-02-11 09:16 - 2012-11-13 14:06 - 00158624 _____ () E:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-02-11 09:16 - 2012-08-23 09:38 - 00574840 _____ () E:\Programme\Spybot - Search & Destroy 2\sqlite3.dll
2013-02-11 09:16 - 2012-11-13 14:06 - 00528288 _____ () E:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2013-02-11 09:16 - 2012-11-13 14:06 - 00554400 _____ () E:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2012-07-27 21:51 - 2012-07-27 21:51 - 00019968 _____ () E:\Programme\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu
2014-04-12 12:45 - 2014-04-12 12:45 - 00065776 _____ () E:\Programme\TortoiseSVN\bin\TortoiseStub32.dll
2014-04-12 12:45 - 2014-04-12 12:45 - 00071920 _____ () E:\Programme\TortoiseSVN\bin\libsasl32.dll
2013-01-05 14:19 - 2014-04-23 14:09 - 00835584 _____ () E:\Programme\Opera\gstreamer\gstreamer.dll
2013-01-05 14:19 - 2014-04-23 14:09 - 00093696 _____ () E:\Programme\Opera\gstreamer\plugins\gstaudioconvert.dll
2013-01-05 14:19 - 2014-04-23 14:09 - 00094208 _____ () E:\Programme\Opera\gstreamer\plugins\gstaudioresample.dll
2013-01-05 14:19 - 2014-04-23 14:09 - 00057344 _____ () E:\Programme\Opera\gstreamer\plugins\gstautodetect.dll
2013-01-05 14:19 - 2014-04-23 14:09 - 00096256 _____ () E:\Programme\Opera\gstreamer\plugins\gstcoreplugins.dll
2013-01-05 14:19 - 2014-04-23 14:09 - 00062976 _____ () E:\Programme\Opera\gstreamer\plugins\gstdecodebin2.dll
2013-01-05 14:19 - 2014-04-23 14:09 - 00067072 _____ () E:\Programme\Opera\gstreamer\plugins\gstdirectsound.dll
2013-01-05 14:19 - 2014-04-23 14:09 - 00158208 _____ () E:\Programme\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
2013-01-05 14:19 - 2014-04-23 14:09 - 00312832 _____ () E:\Programme\Opera\gstreamer\plugins\gstoggdec.dll
2013-01-05 14:19 - 2014-04-23 14:09 - 00038912 _____ () E:\Programme\Opera\gstreamer\plugins\gstwaveform.dll
2013-01-05 14:19 - 2014-04-23 14:09 - 00073728 _____ () E:\Programme\Opera\gstreamer\plugins\gstwavparse.dll
2013-01-05 14:19 - 2014-04-23 14:09 - 00101888 _____ () E:\Programme\Opera\gstreamer\plugins\gstwebmdec.dll
2012-07-27 21:51 - 2012-07-27 21:51 - 02895304 _____ () E:\Programme\Adobe\Acrobat 10.0\PDFMaker\Common\AdobePDFMakerX.dll
2012-07-27 21:51 - 2012-07-27 21:51 - 01446400 _____ () E:\Programme\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\PDFMaker\AdobePDFMakerX.DEU
2013-01-05 12:22 - 2009-08-05 10:45 - 00106312 _____ () E:\Programme\Microsoft Office\OFFICE11\OUTLCTL.DLL
2013-01-05 11:29 - 2005-02-10 09:01 - 00438272 _____ () E:\Programme\Jasc Software Inc\Paint Shop Pro 9\igJPEG2K13d.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\S-1-5-21-3472902020-759341144-1792876247-1002\Software\Classes\.exe:  =>  <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3472902020-759341144-1792876247-500 - Administrator - Disabled) => C:\Users\Administrator
Entwicklung (S-1-5-21-3472902020-759341144-1792876247-1002 - Administrator - Enabled) => C:\Users\Entwicklung
Gast (S-1-5-21-3472902020-759341144-1792876247-501 - Limited - Enabled)
PSTester (S-1-5-21-3472902020-759341144-1792876247-1003 - Administrator - Enabled) => C:\Users\PSTester
Test (S-1-5-21-3472902020-759341144-1792876247-1004 - Limited - Enabled) => C:\Users\Test
Verwaltung (S-1-5-21-3472902020-759341144-1792876247-1000 - Administrator - Enabled) => C:\Users\Verwaltung

==================== Faulty Device Manager Devices =============

Name: J:\CR\xD7\
Description: USB  HS-xD/SM 
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Y-E DATA
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: J:\CR\CF7\
Description: USB  HS-CF Card
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Y-E DATA
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: J:\CR\MS7\
Description: USB  HS-MS Card
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Y-E DATA
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/18/2014 11:29:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable).

Error: (11/18/2014 11:28:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable).

Error: (11/18/2014 11:28:32 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable).

Error: (11/18/2014 11:28:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable).

Error: (11/18/2014 00:00:05 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable).

Error: (11/18/2014 00:00:04 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable).

Error: (11/17/2014 02:26:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: palemoon.exe, Version: 25.1.0.5427, Zeitstempel: 0x5460cac6
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x3321f5a0
ID des fehlerhaften Prozesses: 0x1114
Startzeit der fehlerhaften Anwendung: 0xpalemoon.exe0
Pfad der fehlerhaften Anwendung: palemoon.exe1
Pfad des fehlerhaften Moduls: palemoon.exe2
Berichtskennung: palemoon.exe3

Error: (11/17/2014 08:46:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable).

Error: (11/17/2014 08:46:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable).

Error: (11/17/2014 08:36:08 AM) (Source: MySQL) (EventID: 100) (User: )
Description: Event Scheduler: An error occurred when initializing system tables. Disabling the Event Scheduler.

For more information, see Help and Support Center at hxxp://www.mysql.com.


System errors:
=============
Error: (11/18/2014 11:28:05 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk7\DR7 gefunden.

Error: (11/18/2014 09:05:25 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (11/18/2014 00:00:08 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk7\DR7 gefunden.

Error: (11/17/2014 00:30:14 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk7\DR7 gefunden.

Error: (11/17/2014 00:30:12 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (11/14/2014 01:02:27 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk7\DR7 gefunden.

Error: (11/14/2014 01:02:25 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (11/14/2014 11:35:06 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ABBUND5",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{BA08CCD2-55EE-412F-93EF-336909D1807D}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (11/14/2014 09:57:33 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "MARKO3",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{BA08CCD2-55EE-412F-93EF-336909D1807D}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (11/14/2014 09:45:34 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "MARKO3",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{BA08CCD2-55EE-412F-93EF-336909D1807D}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.


Microsoft Office Sessions:
=========================
Error: (11/18/2014 11:29:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable)

Error: (11/18/2014 11:28:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable)

Error: (11/18/2014 11:28:32 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable)

Error: (11/18/2014 11:28:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable)

Error: (11/18/2014 00:00:05 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable)

Error: (11/18/2014 00:00:04 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable)

Error: (11/17/2014 02:26:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: palemoon.exe25.1.0.54275460cac6unknown0.0.0.000000000c00000053321f5a0111401d00241703a5ddcE:\Programme\Pale Moon\palemoon.exeunknown5673d6bc-6e5d-11e4-96ab-50465d8ba25f

Error: (11/17/2014 08:46:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable)

Error: (11/17/2014 08:46:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable)

Error: (11/17/2014 08:36:08 AM) (Source: MySQL) (EventID: 100) (User: )
Description: Event Scheduler: An error occurred when initializing system tables. Disabling the Event Scheduler.

schrauber 21.11.2014 17:43
Der Proxy is mit Absicht drin?

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

LigH 26.11.2014 17:03
mbam.txt
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 26.11.2014
Suchlauf-Zeit: 16:28:56
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.11.26.04
Rootkit Datenbank: v2014.11.22.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Entwicklung

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 544352
Verstrichene Zeit: 23 Min, 20 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
AdwCleaner[S0].txt
Code:
# AdwCleaner v4.102 - Bericht erstellt am 26/11/2014 um 16:03:00
# Aktualisiert 23/11/2014 von Xplode
# Database : 2014-11-23.7 [Local]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Entwicklung - MARIO2
# Gestartet von : F:\Downloads\AdwCleaner_4.102.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files\DAEMON Tools Toolbar
[x] Nicht Gelöscht : C:\Program Files\Viewpoint
[x] Nicht Gelöscht : C:\Users\Entwicklung\AppData\Local\PackageAware
[x] Nicht Gelöscht : C:\Users\Entwicklung\AppData\Roaming\pdfforge
Datei Gelöscht : C:\Users\Entwicklung\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\4v9nq243.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Entwicklung\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\4v9nq243.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Entwicklung\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\4v9nq243.default\user.js

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16457


-\\ Mozilla Firefox v


-\\ Pale Moon v

[4v9nq243.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
[4v9nq243.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.order.1", "Ask.com");
[4v9nq243.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.cbid", "HQ");
[4v9nq243.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://eu.ask.com/web?qsrc={qsrc}&o={o}&l={l}&q={query}&dm=all");
[4v9nq243.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.first-launch-url", "hxxp://www.imgburn.com/index.php?act=installation_complete");
[4v9nq243.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.fresh-install", false);
[4v9nq243.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.l", "dis");
[4v9nq243.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.last-config-req", "1268811888312");
[4v9nq243.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.locale", "de_EU");
[4v9nq243.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.o", "15785");
[4v9nq243.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
[4v9nq243.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.qsrc", "2871");
[4v9nq243.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.r", "2");

-\\ Chromium v


*************************

AdwCleaner[R0].txt - [3406 octets] - [26/11/2014 15:58:35]
AdwCleaner[S0].txt - [3445 octets] - [26/11/2014 16:03:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3505 octets] ##########
Ich hatte hier ein paar Verzeichnisse absichtlich nicht löschen lassen, um erst nachzuschauen, ob da nicht doch erwünschte Programme betroffen sind. Das hat dann aber JRT übernommen.

JRT.txt
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Ultimate x64
Ran by Entwicklung on 26.11.2014 at 16:07:09,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\Corel DESIGNER Technical Suite X5
Successfully deleted: [Folder] "C:\Users\Entwicklung\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "E:\Programme\hypercam toolbar"
Successfully deleted: [Folder] "E:\Programme\ask.com"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Entwicklung\AppData\Roaming\mozilla\firefox\profiles\o1r40x9k.default-1371043206935\extensions\staged



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.11.2014 at 16:11:15,64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST.txt
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014
Ran by Entwicklung (administrator) on MARIO2 on 26-11-2014 16:16:16
Running from C:\FRST
Loaded Profile: Entwicklung (Available profiles: Verwaltung & Entwicklung & PSTester & Test & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apache Software Foundation) E:\Programme\xampp\apache\bin\httpd.exe
(Schneider Electric) E:\Programme\APC\PowerChute Personal Edition\mainserv.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
() E:\Programme\xampp\mysql\bin\mysqld.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(Apache Software Foundation) E:\Programme\xampp\apache\bin\httpd.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Windows\SysWOW64\PSIService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Safer-Networking Ltd.) E:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
(Schneider Electric) E:\Programme\APC\PowerChute Personal Edition\dataserv.exe
(Safer-Networking Ltd.) E:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) E:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(hxxp://tortoisesvn.net) E:\Programme\TortoiseSVN\bin\TSVNCache.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() E:\Programme\TortoiseHg\TortoiseHgOverlayServer.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boincmgr.exe
(Disc Soft Ltd) E:\Programme\DAEMON Tools Lite\DTLite.exe
(Sysinternals - www.sysinternals.com) E:\Programme\SysInternals\ProcExp.exe
(Sysinternals - www.sysinternals.com) J:\TEMP\procexp64.exe
(Safer-Networking Ltd.) E:\Programme\Spybot - Search & Destroy 2\SDTray.exe
(Adobe Systems Inc.) E:\Programme\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinc.exe
() K:\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_3.52_windows_x86_64.exe
(Schneider Electric) E:\Programme\APC\PowerChute Personal Edition\apcsystray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() K:\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_3.52_windows_x86_64.exe
() K:\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_3.52_windows_x86_64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [4465448 2014-05-12] (O&O Software GmbH)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM\...\Run: [TortoiseHgOverlayIconServer] => E:\Programme\TortoiseHg\TortoiseHgOverlayServer.exe [100616 2014-11-05] ()
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [69616 2014-11-05] (Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [9633776 2014-11-05] (Space Sciences Laboratory)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Display] => E:\Programme\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [SDTray] => E:\Programme\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => E:\Programme\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [823224 2012-07-27] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => E:\Programme\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36800 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => E:\Programme\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3472902020-759341144-1792876247-1002\...\Run: [DAEMON Tools Lite] => E:\Programme\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
IFEO\taskmgr.exe: [Debugger] "E:\PROGRAMME\SYSINTERNALS\PROCEXP.EXE"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
ShortcutTarget: APC UPS Status.lnk -> E:\Programme\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk
ShortcutTarget: O&O Defrag Tray.lnk -> C:\Windows\Installer\{A5168EBB-F8E1-4B62-8805-C25684DB9E86}\app_icon.ico ()
Startup: C:\Users\Entwicklung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Process Explorer.lnk
ShortcutTarget: Process Explorer.lnk -> E:\Programme\SysInternals\ProcExp.exe (Sysinternals - www.sysinternals.com)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-3472902020-759341144-1792876247-1002] => 192.168.0.1:3128
HKU\S-1-5-21-3472902020-759341144-1792876247-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-3472902020-759341144-1792876247-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKU\S-1-5-21-3472902020-759341144-1792876247-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF01610DA8721CE01
HKU\S-1-5-21-3472902020-759341144-1792876247-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - E:\Programme\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: SDHelper -> {53707962-6F74-2D53-2644-206D7942484F} -> E:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> E:\Programme\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3472902020-759341144-1792876247-1002 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{BA08CCD2-55EE-412F-93EF-336909D1807D}: [NameServer] 192.168.0.1,80.69.115.48

FireFox:
========
FF ProfilePath: C:\Users\Entwicklung\AppData\Roaming\Mozilla\Firefox\Profiles\o1r40x9k.default-1371043206935
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @gpac/osmozilla,version=1.0 -> E:\Programme\GPAC\nposmozilla.dll ( )
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> E:\Programme\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> E:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> E:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> E:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> E:\Programme\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3472902020-759341144-1792876247-1002: @gpac/osmozilla,version=1.0 -> E:\Programme\GPAC\nposmozilla.dll ( )
FF Plugin ProgramFiles/Appdata: E:\Programme\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: E:\Programme\mozilla firefox\plugins\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
FF Plugin ProgramFiles/Appdata: E:\Programme\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: E:\Programme\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: E:\Programme\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: E:\Programme\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: E:\Programme\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: YouTube Unblocker - C:\Users\Entwicklung\AppData\Roaming\Mozilla\Firefox\Profiles\o1r40x9k.default-1371043206935\Extensions\youtubeunblocker@unblocker.yt [2014-11-21]
FF Extension: DownloadHelper - C:\Users\Entwicklung\AppData\Roaming\Mozilla\Firefox\Profiles\o1r40x9k.default-1371043206935\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-10-23]
FF Extension: Firebug - C:\Users\Entwicklung\AppData\Roaming\Mozilla\Firefox\Profiles\o1r40x9k.default-1371043206935\Extensions\firebug@software.joehewitt.com.xpi [2013-06-12]
FF Extension: PHP Developer Toolbar - C:\Users\Entwicklung\AppData\Roaming\Mozilla\Firefox\Profiles\o1r40x9k.default-1371043206935\Extensions\php_dev_bar@php_dev_bar.org.xpi [2013-06-12]
FF Extension: {7d69841a-591f-4888-9150-69194354e3f7} - C:\Users\Entwicklung\AppData\Roaming\Mozilla\Firefox\Profiles\o1r40x9k.default-1371043206935\Extensions\{7d69841a-591f-4888-9150-69194354e3f7}.xpi [2014-09-02]
FF Extension: Web Developer - C:\Users\Entwicklung\AppData\Roaming\Mozilla\Firefox\Profiles\o1r40x9k.default-1371043206935\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013-06-12]
FF Extension: Adblock Plus - C:\Users\Entwicklung\AppData\Roaming\Mozilla\Firefox\Profiles\o1r40x9k.default-1371043206935\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-12]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - E:\Programme\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - E:\Programme\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-01-08]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-08-01]
FF Extension: No Name - web2pdfextension@web2pdf.adobedotcom [Not Found]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apache2.4; E:\programme\xampp\apache\bin\httpd.exe [22016 2012-08-18] (Apache Software Foundation) [File not signed]
R2 APC Data Service; E:\Programme\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; E:\Programme\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
S3 fussvc; E:\Programme\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 mysql; E:\programme\xampp\mysql\bin\mysqld.exe [8186368 2012-07-20] () [File not signed]
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1657640 2014-05-12] (O&O Software GmbH)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SDScannerService; E:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; E:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; E:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S2 SkypeUpdate; E:\Programme\Skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
S3 Te.Service; E:\Programme\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [60488 2013-03-15] (SafeNet Inc.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [303368 2013-03-15] (SafeNet Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-18] (Disc Soft Ltd)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331144 2013-03-15] (SafeNet Inc.)
R0 hotcore3; C:\Windows\SysWow64\drivers\hotcore3.sys [36368 2008-01-21] (Paragon Software Group)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2014-10-21] (REALiX(tm))
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-11-18] (Duplex Secure Ltd.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [106408 2012-12-19] (Oracle Corporation)
U3 ao0448qb; C:\Windows\System32\Drivers\ao0448qb.sys [0 ] (Microsoft Corporation)
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-26 16:11 - 2014-11-26 16:11 - 00001236 _____ () C:\Users\Entwicklung\Desktop\JRT.txt
2014-11-26 16:07 - 2014-11-26 16:07 - 00000000 ____D () C:\Windows\ERUNT
2014-11-26 15:58 - 2014-11-26 16:03 - 00000000 ____D () C:\AdwCleaner
2014-11-26 12:56 - 2014-11-26 12:56 - 00000000 ____D () C:\Users\Entwicklung\AppData\Roaming\BOINC
2014-11-26 12:56 - 2014-11-26 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BOINC
2014-11-26 12:56 - 2014-11-26 12:56 - 00000000 ____D () C:\Program Files\BOINC
2014-11-25 13:46 - 2014-11-25 13:50 - 00000000 ____D () E:\Programme\SARDU3
2014-11-19 10:34 - 2014-11-19 10:34 - 00536360 _____ () C:\Windows\Minidump\111914-45099-01.dmp
2014-11-19 10:34 - 2014-11-19 10:34 - 00000000 ____D () C:\Windows\Minidump
2014-11-19 09:59 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 09:59 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 09:59 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 09:59 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 14:38 - 2014-11-26 16:16 - 00000000 ____D () C:\FRST
2014-11-18 13:24 - 2014-11-18 13:24 - 00000000 ____D () E:\Programme\Mozilla Firefox
2014-11-18 11:27 - 2014-11-18 11:33 - 00000000 ____D () E:\Programme\AviSynth+
2014-11-18 11:27 - 2014-01-03 18:11 - 01064448 _____ (The Public) C:\Windows\system32\AviSynth.dll
2014-11-18 11:27 - 2013-10-13 13:56 - 02300928 _____ (Abysmal Software) C:\Windows\system32\DevIL.dll
2014-11-17 09:35 - 2014-11-17 09:35 - 00000000 ____D () E:\Programme\Pale Moon
2014-11-13 08:41 - 2014-11-13 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CMake 3.1.0-rc1
2014-11-13 08:32 - 2014-11-13 08:41 - 00000000 ____D () E:\Programme\CMake
2014-11-13 08:32 - 2014-11-13 08:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CMake 3.0.2
2014-11-13 08:04 - 2014-11-13 08:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseHg
2014-11-12 09:30 - 2014-10-27 21:32 - 17870336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 09:30 - 2014-10-27 21:13 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 09:30 - 2014-10-27 21:12 - 10921472 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 09:30 - 2014-10-27 21:07 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 09:30 - 2014-10-27 21:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 09:30 - 2014-10-27 21:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 09:30 - 2014-10-27 21:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-12 09:30 - 2014-10-27 21:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 09:30 - 2014-10-27 21:04 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 09:30 - 2014-10-27 21:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 09:30 - 2014-10-27 21:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 09:30 - 2014-10-27 21:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 09:30 - 2014-10-27 21:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 09:30 - 2014-10-27 21:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 09:30 - 2014-10-27 21:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 09:30 - 2014-10-27 21:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 09:30 - 2014-10-27 21:03 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 09:30 - 2014-10-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 09:30 - 2014-10-27 21:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-12 09:30 - 2014-10-27 21:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-12 09:30 - 2014-10-27 21:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-12 09:30 - 2014-10-27 20:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 09:30 - 2014-10-27 20:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 09:30 - 2014-10-27 20:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 09:30 - 2014-10-27 19:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 09:30 - 2014-10-27 19:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 09:30 - 2014-10-27 19:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 09:30 - 2014-10-27 19:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-12 09:30 - 2014-10-27 19:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 09:30 - 2014-10-27 19:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 09:30 - 2014-10-27 19:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-12 09:30 - 2014-10-27 19:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 09:30 - 2014-10-27 19:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 09:30 - 2014-10-27 19:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 09:30 - 2014-10-27 19:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 09:30 - 2014-10-27 19:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 09:30 - 2014-10-27 19:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 09:30 - 2014-10-27 19:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 09:30 - 2014-10-27 19:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-12 09:30 - 2014-10-27 19:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-12 09:30 - 2014-10-27 19:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-12 09:30 - 2014-10-27 19:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 09:29 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 09:29 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 09:29 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 09:29 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 09:29 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 09:29 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 09:29 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 09:29 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 09:29 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 09:29 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 09:29 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 09:29 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 09:29 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 09:29 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 09:29 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 09:29 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 09:29 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 09:29 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 09:29 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 09:29 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 09:29 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 09:29 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 09:29 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 09:29 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 09:29 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 09:29 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 09:29 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 09:29 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 09:29 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 09:29 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 09:29 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 09:29 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 09:29 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 09:29 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 09:29 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 09:29 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 09:29 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 09:29 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 09:29 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 09:29 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 09:28 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 09:28 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 11:33 - 2014-11-11 11:33 - 00001742 _____ () C:\Users\Entwicklung\Desktop\XML Notepad 2007.lnk
2014-11-11 11:33 - 2014-11-11 11:33 - 00000000 ____D () C:\Users\Entwicklung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XML Notepad 2007
2014-11-05 15:01 - 2014-11-05 15:01 - 01120752 _____ (Space Sciences Laboratory) C:\Windows\boinc.scr
2014-11-04 12:57 - 2014-11-04 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GPAC
2014-11-04 07:56 - 2014-11-04 07:56 - 00000679 _____ () C:\Users\Public\Desktop\CodecVisa.lnk
2014-11-04 07:56 - 2014-11-04 07:56 - 00000000 ____D () E:\Programme\CodecVisa
2014-11-04 07:56 - 2014-11-04 07:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodecVisa
2014-11-03 15:17 - 2014-11-03 15:17 - 00000000 ____D () C:\Users\Entwicklung\AppData\Roaming\Machete
2014-10-28 14:28 - 2014-10-28 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
2014-10-27 15:10 - 2014-10-27 15:10 - 27231532 _____ () C:\tree3.far
2014-10-27 13:13 - 2014-10-19 18:12 - 00713216 _____ () C:\Windows\system32\xvidcore.dll
2014-10-27 13:13 - 2014-10-19 18:12 - 00251392 _____ () C:\Windows\system32\xvidvfw.dll
2014-10-27 13:13 - 2014-10-19 18:12 - 00169984 _____ () C:\Windows\system32\xvid.ax

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-26 16:12 - 2014-02-10 13:12 - 00000000 ____D () C:\Users\Entwicklung\AppData\Roaming\TortoiseHg
2014-11-26 16:12 - 2009-07-14 05:45 - 00020496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-26 16:12 - 2009-07-14 05:45 - 00020496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-26 16:09 - 2012-08-03 14:43 - 01817068 _____ () C:\Windows\WindowsUpdate.log
2014-11-26 16:05 - 2013-04-26 08:53 - 08405015 _____ () C:\Windows\TmpFile1
2014-11-26 16:05 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-26 16:04 - 2013-04-16 09:03 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-26 16:04 - 2010-11-21 04:47 - 00257810 _____ () C:\Windows\PFRO.log
2014-11-26 16:04 - 2009-07-14 05:51 - 00075695 _____ () C:\Windows\setupact.log
2014-11-26 16:04 - 2009-07-14 05:45 - 01353384 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-26 15:45 - 2013-04-10 06:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-26 14:58 - 2014-04-14 08:02 - 00000000 ____D () E:\Programme\Daala
2014-11-26 13:15 - 2013-01-25 16:22 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7ED00D45-2038-4F1B-AFA7-1EF68EA8F239}
2014-11-26 12:55 - 2013-01-07 15:27 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-11-26 10:45 - 2013-04-10 06:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 10:45 - 2012-08-03 14:58 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 10:45 - 2012-08-03 14:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-26 10:34 - 2014-10-21 10:52 - 00000000 ____D () C:\Users\Entwicklung\AppData\Roaming\XnViewMP
2014-11-26 09:38 - 2013-01-05 11:07 - 00000000 ____D () E:\Programme\eclipse-php
2014-11-26 07:53 - 2014-09-30 16:22 - 00000000 ____D () E:\Programme\wsusoffline
2014-11-25 16:54 - 2014-04-25 09:35 - 00000600 _____ () C:\Users\Entwicklung\AppData\Roaming\winscp.rnd
2014-11-25 15:55 - 2013-01-07 12:52 - 00000334 _____ () C:\Windows\BRCALIB.INI
2014-11-25 13:46 - 2013-08-12 10:38 - 00000000 ____D () C:\Users\Entwicklung\AppData\Roaming\uTorrent
2014-11-25 13:19 - 2013-01-21 16:46 - 00000000 ____D () E:\Programme\WSCC
2014-11-24 11:39 - 2013-08-16 13:33 - 00000000 ____D () E:\Programme\x265
2014-11-24 09:57 - 2009-09-09 13:02 - 00000000 ____D () C:\Users\Entwicklung\Documents\Eigene PSP-Dateien
2014-11-21 13:29 - 2011-04-12 08:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-11-21 13:29 - 2011-04-12 08:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-11-21 13:29 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-19 09:34 - 2013-01-05 10:30 - 00000000 ____D () E:\Programme\Avira
2014-11-19 09:18 - 2014-04-09 09:44 - 00000000 ____D () C:\Users\PSTester\AppData\Roaming\TortoiseHg
2014-11-18 15:51 - 2013-02-11 09:16 - 00000000 ____D () E:\Programme\Spybot - Search & Destroy 2
2014-11-18 15:06 - 2014-07-09 07:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-18 11:30 - 2013-01-05 12:19 - 00000000 ____D () E:\Programme\MeGUI
2014-11-18 11:29 - 2013-01-29 16:41 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-18 11:27 - 2013-01-05 10:30 - 00000000 ____D () E:\Programme\AviSynth 2.5
2014-11-14 07:56 - 2013-01-05 14:32 - 00000000 ____D () E:\Programme\QuickTime
2014-11-14 07:56 - 2012-11-09 07:51 - 00001666 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-11-14 07:56 - 2012-11-09 07:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-14 07:56 - 2012-08-06 11:39 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-11-13 08:04 - 2014-05-05 12:56 - 00000000 ____D () C:\Program Files\Common Files\TortoiseOverlays
2014-11-13 08:04 - 2013-01-05 14:57 - 00000000 ____D () E:\Programme\TortoiseHg
2014-11-12 12:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-12 09:36 - 2013-07-12 06:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 09:31 - 2012-12-29 00:28 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 11:33 - 2009-11-17 11:09 - 00000000 ____D () E:\Programme\XML Notepad 2007
2014-11-05 07:56 - 2009-07-14 03:34 - 00453562 ____R () C:\Windows\system32\Drivers\etc\hosts.20141119-080340.backup
2014-11-04 16:14 - 2013-01-10 08:57 - 00000000 ____D () C:\Users\Entwicklung\AppData\Roaming\TV-Browser
2014-11-04 13:28 - 2013-01-05 14:49 - 00000000 ____D () E:\Programme\SeaMonkey
2014-11-04 13:28 - 2009-09-03 07:58 - 00001594 _____ () C:\Users\Public\Desktop\SeaMonkey.lnk
2014-11-04 13:28 - 2009-09-03 07:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey
2014-11-04 13:14 - 2010-10-04 08:25 - 00000678 _____ () C:\Users\Public\Desktop\SRWare Iron.lnk
2014-11-04 13:14 - 2010-10-04 08:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron
2014-11-04 13:13 - 2013-01-05 14:51 - 00000000 ____D () E:\Programme\SRWare Iron
2014-11-04 12:57 - 2012-01-20 14:09 - 00001478 _____ () C:\Users\Public\Desktop\Osmo4.lnk
2014-11-03 11:18 - 2013-01-05 12:19 - 00000000 ____D () E:\Programme\MediaInfo
2014-11-03 10:44 - 2012-01-20 15:41 - 00001834 _____ () C:\Users\Public\Desktop\Machete.lnk
2014-11-03 10:44 - 2012-01-20 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Machete
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-30 09:35 - 2012-10-11 12:49 - 00000000 ____D () C:\Temp
2014-10-29 08:48 - 2013-01-28 09:37 - 00000000 ____D () C:\Users\Entwicklung\AppData\Roaming\PlaneShift
2014-10-29 07:39 - 2014-07-09 07:20 - 00000000 ____D () E:\Programme\Malwarebytes Anti-Malware
2014-10-28 16:19 - 2013-09-11 07:34 - 00000000 ____D () C:\Users\Entwicklung\AppData\Roaming\.minecraft
2014-10-28 14:28 - 2014-08-19 12:44 - 00001292 _____ () C:\Users\Public\Desktop\LibreOffice 4.3.lnk
2014-10-28 14:28 - 2014-08-19 12:43 - 00000000 ____D () E:\Programme\LibreOffice 4
2014-10-27 15:36 - 2014-07-09 07:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-27 15:36 - 2013-11-11 10:49 - 00000740 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-27 13:13 - 2011-02-24 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
2014-10-27 13:13 - 2009-09-30 14:35 - 00000000 ____D () E:\Programme\Xvid

Files to move or delete:
====================
C:\Users\Entwicklung\en_res.dll
C:\Users\Entwicklung\es_res.dll
C:\Users\Entwicklung\fr_res.dll
C:\Users\Entwicklung\grm_res.dll
C:\Users\Entwicklung\it_res.dll
C:\Users\Entwicklung\jp_res.dll
C:\Users\Entwicklung\mfc80u.dll
C:\Users\Entwicklung\msvcr80.dll
C:\Users\Entwicklung\pt_res.dll
C:\Users\Entwicklung\ResourceReader.dll
C:\Users\Entwicklung\ru_res.dll
C:\Users\Entwicklung\zh_res.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-25 00:27

==================== End Of Log ============================
Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014
Ran by Entwicklung at 2014-11-26 16:17:02
Running from C:\FRST
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3472902020-759341144-1792876247-1002\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.34 (HKLM-x32\...\{23170F69-40C1-2701-0934-000001000000}) (Version: 9.34.00.0 - Igor Pavlov)
7-Zip 9.34 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0934-000001000000}) (Version: 9.34.00.0 - Igor Pavlov)
abrMate version 1.1 (HKLM-x32\...\abrMate_is1) (Version: 1.1 - )
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.4 - Adobe Systems)
Adobe Audition 3.0 (HKLM-x32\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AIDA64 Extreme Edition v2.70 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 2.70 - FinalWire Ltd.)
Alien Skin Eye Candy 5 Impact (HKLM-x32\...\EyeCandy5Impact) (Version:  - )
Alien Skin Eye Candy 5 Nature (HKLM-x32\...\EyeCandy5Nature) (Version:  - )
Alien Skin Eye Candy 5 Textures (HKLM-x32\...\EyeCandy5Textures) (Version:  - )
Alien Skin Xenofex 2.0 (HKLM-x32\...\Xenofex2) (Version:  - )
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Verifier x64 External Package (Version: 8.59.29722 - Microsoft) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.10.0 - Asmedia Technology)
ATI Catalyst Install Manager (HKLM\...\{62140B07-129A-2BD0-81D2-2A1A7408ADC8}) (Version: 3.0.762.0 - ATI Technologies, Inc.)
Avidemux 2.6 - 64bits (HKLM-x32\...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.6.8941 - )
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.6.8941 - )
AviSynth+ 0.1 (r1576) (HKLM-x32\...\{AC78780F-BACA-4805-8D4F-AE1B52B7E7D3}_is1) (Version: 2.6.0.5 - The Public)
BenVista PhotoZoom Pro 5.0.8 (HKU\S-1-5-21-3472902020-759341144-1792876247-1002\...\PhotoZoom Pro 5) (Version: 5.0.8 - BenVista Ltd.)
BenVista PhotoZoom Pro 5.1 (HKLM-x32\...\PhotoZoom Pro 5) (Version: 5.1 - BenVista Ltd.)
Beyond Compare 3.3.8 (HKLM-x32\...\BeyondCompare3_is1) (Version: 3.3.8.16340 - Scooter Software)
Bitrate Viewer 2.3 (HKLM-x32\...\Bitrate Viewer) (Version: 2.3 - EDV & Astro Service)
Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation)
BOINC (HKLM\...\{CFA4E1F2-090A-4335-A60B-98D8EC69E841}) (Version: 7.4.27 - Space Sciences Laboratory, U.C. Berkeley)
Bridge Constructor (HKLM-x32\...\Steam App 250460) (Version:  - )
ByteScout BarCode Generator 3.30.667 (FREEWARE) (HKLM-x32\...\ByteScout BarCode Generator_is1) (Version:  - Bytescout Software)
ByteScout BarCode Reader 7.00.1109 (FREEWARE) (HKLM-x32\...\ByteScout BarCode Reader_is1) (Version: 7.00.1109 - Bytescout Software)
cadwork (x32 Version: 19.280.0 - Cadwork Informatik) Hidden
Canon iX4000 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iX4000) (Version:  - )
CMake 2.8, a cross-platform, open-source build system (HKLM-x32\...\CMake 2.8.12.2) (Version: 2.8.12.2 - Kitware)
CMake 3.0.2, a cross-platform, open-source build system (HKLM-x32\...\CMake 3.0.2) (Version: 3.0.2 - Kitware)
CMake 3.1.0-rc1, a cross-platform, open-source build system (HKLM-x32\...\CMake 3.1.0-rc1) (Version: 3.1.0-rc1 - Kitware)
CodecVisa (HKLM-x32\...\CodecVisa_is1) (Version:  - Codecian Co. Ltd.)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Cool & Quiet (HKLM-x32\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version:  - )
Corel DESIGNER Technical Suite X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
Corel DESIGNER Technical Suite X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
Corel DESIGNER Technical Suite X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
Corel DESIGNER Technical Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation)
Corel DESIGNER Technical Suite X5 (x32 Version: 15.3 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension (HKLM\...\_{EBDC2D0D-1E26-4EF2-BB48-C7E18F7800C6}) (Version: 16.0.0.707 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.0.707 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.0.707 - Corel Corporation) Hidden
Corel Graphics Suite 11 (x32 Version: 11 - Corel Corporation) Hidden
Corel Paint Shop Pro Photo X2 (HKLM-x32\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.010.0000 - Corel Corporation)
CorelDRAW 11 - SVG Filter Update (x32 Version: 11.714 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 11 (HKLM-x32\...\InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}) (Version: 11 - Corel Corporation)
CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Designer (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - EN (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.0 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.0.0.707 - Corel Corporation)
CorelDRAW Graphics Suite X6 (x64) (Version: 16.0 - Corel Corporation) Hidden
Curse Client (HKU\S-1-5-21-3472902020-759341144-1792876247-1002\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Das Telefonbuch Gelbe Seiten Map & Route (HKLM-x32\...\DasTelefonbuch Gelbe Seiten Map & Route) (Version:  - TVG Telefonbuch- und Verzeichnisverlag GmbH & Co. KG)
Deep Exploration 6 CE (HKLM-x32\...\{E903CEC4-6822-47A4-9F6C-4A93C02119A3}) (Version: 6.3 - Right Hemisphere)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Doomsday Engine 1.10.3 (HKLM-x32\...\Doomsday Engine_is1) (Version:  - deng Team)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
Dynamic Auto-Painter x64 PRO version 3.2 (HKLM\...\{30994599-9734-455F-B51D-7E5E987AFA2A}_is1) (Version: 3.2 - Mediachance.com)
EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
English Country Tune version 1.9 (HKLM-x32\...\{9F59B1EF-4094-4C6C-87C3-17F15E6063C8}_is1) (Version: 1.9 - increpare games ltd.)
Eye Candy 4000 (HKLM-x32\...\Eye Candy 4000) (Version:  - )
Far Manager 3 x64 (HKLM\...\{54AAF47E-41D8-4294-B6B8-214D7374ACFD}) (Version: 3.0.4040 - Eugene Roshal & Far Group)
ffdshow v1.3.4527 [2013-12-03] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4527.0 - )
FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
Flash Drive Tester v1.14 (HKLM-x32\...\{272C8DEE-F54F-406C-9AA6-B4DE2985A47C}) (Version: 1.14 - Virtual Console)
Focus Magic 4.01 (HKLM-x32\...\Focus Magic_is1) (Version: 4.01 - Acclaim Software Ltd)
foobar2000 v1.3.2 (HKLM-x32\...\foobar2000) (Version: 1.3.2 - Peter Pawlowski)
Free Download Manager 3.9.3 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
G-Mapper (HKLM-x32\...\{08D2435E-DC4E-464D-8C2F-606B9BC0A465}) (Version: 3.1.60 - db net solutions)
GnuWin32: sed-4.2.1 (HKLM-x32\...\sed-4.2.1_is1) (Version: 4.2.1 - GnuWin)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
GPAC (remove only) (HKLM-x32\...\GPAC) (Version:  - )
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
GPU Caps Viewer 1.17.2 (HKLM-x32\...\{F6E04BE8-2FA4-44C4-9BD3-142CE3EB15B4}_is1) (Version:  - Geeks3D.com)
GSview 5.0 (HKLM\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Huffyuv AVI lossless video codec - MultiThread (Remove Only) (HKLM\...\HuffyuvcodecMT) (Version:  - )
HWiNFO32 Version 4.46 (HKLM-x32\...\HWiNFO32_is1) (Version: 4.46 - Martin Malík - REALiX)
HWiNFO64 Version 4.46 (HKLM\...\HWiNFO64_is1) (Version: 4.46 - Martin Malík - REALiX)
Hybrid (remove only) (HKLM-x32\...\Hybrid) (Version: 2014.2.14.1 - Selur´s Hybrid)
Image Trends' ShineOff Plug-In 2.1.5 (HKLM-x32\...\{BEB1097E-3A87-4406-AD9D-E8E569D3FADE}) (Version: 2.1.5 - Image Trends, Inc. )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Inpaint (HKLM-x32\...\{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}) (Version: 1.0.0 - Teorex)
Inpaint 6.0 (HKLM\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version:  - Teorex)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Jasc Paint Shop Pro 9 (HKLM-x32\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc)
Jasc Paint Shop Pro 9.01 Patch (HKLM-x32\...\Jasc Paint Shop Pro 9.01 Patch) (Version:  - )
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
Lame ACM MP3 Codec (HKLM-x32\...\LameACM) (Version:  - )
LameXP v4.09 (HKLM-x32\...\{FBD7A67D-D700-4043-B54F-DD106D00F308}) (Version: 4.09 Alpha-8 [Build #1474] - LoRd_MuldeR <mulder2@gmx.de>)
LAV Filters 0.63.0 (HKLM-x32\...\lavfilters_is1) (Version: 0.63.0 - Hendrik Leppkes)
Lazarus 1.0.8 (HKLM\...\Lazarus_is1) (Version: 1.0.8 - Lazarus Team)
LibreOffice 4.3 Help Pack (German) (HKLM-x32\...\{4E972CC6-84A0-4A25-B5C0-5B84229A208B}) (Version: 4.3.2.2 - The Document Foundation)
LibreOffice 4.3.2.2 (HKLM-x32\...\{9C13F99C-6E1A-4126-AE91-EAA2DADE08D6}) (Version: 4.3.2.2 - The Document Foundation)
Luminance HDR 2.3.1 (HKLM\...\{7020FC34-6E04-4858-924D-354B28CB2402}_is1) (Version:  - Luminance HDR Dev Team)
Luxuria Superbia version 1 (HKLM-x32\...\{00BB5CA5-20CD-48D2-9E90-2E2A5BB551D8}_is1) (Version: 1 - Tale of Tales)
Machete 4.2 (HKLM-x32\...\{1799612D-556F-4D26-ABB3-3ED6BB98ECE1}) (Version: 4.2.11 - MacheteSoft)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MediaInfo 0.7.61 (HKLM\...\MediaInfo) (Version: 0.7.61 - MediaArea.net)
Microangelo Toolset 6 (x64) (HKLM\...\{CE63DE9D-2CBA-4B01-B3CF-FF06497403AD}) (Version: 6.10.70 - Impact Software)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{A2E24035-9B11-4E1D-9FBC-FA7F20C16832}) (Version: 16.4.1970.0624 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM-x32\...\{91170407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Works 7.0  (HKLM-x32\...\{EDDDC607-91D9-4758-9F57-265FDCD8A772}) (Version: 07.02.0702 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
MKVToolNix 7.0.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 7.0.0 - Moritz Bunkus)
Mozilla Firefox 33.1.1 (x86 de) (HKU\S-1-5-21-3472902020-759341144-1792876247-1002\...\Mozilla Firefox 33.1.1 (x86 de)) (Version: 33.1.1 - Mozilla)
MPC-HC 1.6.7.7114 (9eb64ec) (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.6.7.7114 - MPC-HC Team)
MPC-HC 1.6.7.7114 (9eb64ec) (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.7.7114 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Game Long Name (HKLM\...\UDK-fd982452-341a-4982-b728-14be89eb5d76) (Version:  - Epic Games, Inc.)
NEF Codec (HKLM-x32\...\{D6506521-0959-4FA3-875F-E2E28830B0D2}) (Version: 1.00.0000 - Nikon)
Nero 6 Ultra Edition (HKLM-x32\...\Nero - Burning Rom!UninstallKey) (Version:  - )
Nero CoverDesigner (HKLM-x32\...\{35F59E66-CAA0-4585-8DC4-037A04717FCF}) (Version: 12.0.01100 - Nero AG)
NetStress 2.0.9686.0 (HKLM-x32\...\NetStress_is1) (Version:  - Nuts About Nets, LLC)
Nettalk 6.7 (HKLM-x32\...\Nettalk_is1) (Version:  - Nicolas Kruse)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA DDS Utilities (HKLM-x32\...\{64963F0E-03F2-4B59-8D1B-1806545E7092}) (Version: 1.0 - )
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Texture Tools 2 - 64 bit (HKLM-x32\...\{65C967FA-29D8-4A5F-99C5-BC9AF1F8F9D2}) (Version: 2.0 - )
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
O&O Defrag Professional (HKLM\...\{A5168EBB-F8E1-4B62-8805-C25684DB9E86}) (Version: 17.5.559 - O&O Software GmbH)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Oracle VM VirtualBox 4.3.14 (HKLM\...\{8DD94059-60C6-42E3-AB59-8F37445ACC79}) (Version: 4.3.14 - Oracle Corporation)
Osmo4/GPAC (remove only) (HKLM-x32\...\Osmo4) (Version:  - )
Osmo4/GPAC (remove only) (HKU\S-1-5-21-3472902020-759341144-1792876247-1002\...\Osmo4) (Version:  - )
Pale Moon 25.1.0 (x86 en-US) (HKU\S-1-5-21-3472902020-759341144-1792876247-1002\...\Pale Moon 25.1.0 (x86 en-US)) (Version: 25.1.0 - Moonchild Productions)
Paragon Partition Manager 9.0 Professional (HKLM-x32\...\{C887C75D-2636-41F6-BB7B-FD4B0314C1E1}) (Version:  - Paragon Software Group)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF/X-3 Inspector (Freeware) (HKLM-x32\...\PDF/X-3 Inspector (Freeware)) (Version:  - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
PDF-XChange Editor (HKLM-x32\...\{A261A521-AFDF-48BE-BD5D-88E71489077F}) (Version: 3.0.306.1 - Tracker Software Products (Canada) Ltd.)
PlaneShift (HKLM-x32\...\PlaneShift 0.5.9.11) (Version: 0.5.9.11 - Atomic Blue)
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
Preispiraten (HKLM-x32\...\{5384EA8A-FECA-4D6E-B7B4-3D4D9D47E5DF}) (Version: 6 - metaspinner net GmbH)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
pstoedit and importps 3.62 (HKLM\...\pstoedit and importps_is1) (Version: 3.62 - H&W Glunz)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Really Slick Screensavers 0.2 (HKLM-x32\...\ReallySlickScreensavers) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.006 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
RIFT (HKU\S-1-5-21-3472902020-759341144-1792876247-1002\...\RIFT) (Version:  - Trion Worlds, Inc.)
Risen3D version 2.2.25 (HKLM-x32\...\Risen3D_is1) (Version:  - )
Ruby 1.9.3-p545 (HKU\S-1-5-21-3472902020-759341144-1792876247-1002\...\{17E73B15-62D2-43FD-B851-ACF86A8C9D25}_is1) (Version: 1.9.3-p545 - RubyInstaller Team)
SARDU 2.0.6.5 (HKLM-x32\...\SARDU) (Version: 2.0.6.5 - Davide Costa)
Sauerbraten (HKLM-x32\...\Sauerbraten) (Version:  - )
SDK Debuggers (x32 Version: 8.59.29746 - Microsoft Corporation) Hidden
SeaMonkey 2.30 (x86 de) (HKLM-x32\...\SeaMonkey 2.30 (x86 de)) (Version: 2.30 - Mozilla)
SIF1 v.1.20 (HKLM-x32\...\SIF1_is1) (Version:  - Neiromaster)
SiteMap Generator 0.975 (beta) (HKLM-x32\...\SiteMap Generator_is1) (Version:  - wonderwebware.com)
Sitemap Generator 1.0.0.0 (HKLM-x32\...\Sitemap Generator) (Version: 1.0.0.0 - DevIntelligence.com)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SolidWorks eDrawings 2013 (HKLM-x32\...\{23AF214D-3360-4979-9132-5586D6E11FC5}) (Version: 13.4.107 - Dassault Systèmes SolidWorks Corp)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
SRWare Iron Version SRWare Iron 38.2050.0 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 38.2050.0 - SRWare)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.25942 - TeamViewer)
TEncoder Video Converter version 3.1 (HKLM-x32\...\{36B6CC84-FFEE-4EFE-BB9F-F23356D7F9EF}_is1) (Version: 3.1 - ozok)
The Compressonator 1.50 (HKLM\...\{5C46703D-92EE-40d9-BCF8-DEADBEEFAAAA}) (Version: 1.50 - AMD)
The Dude (HKLM-x32\...\Dude) (Version:  - )
Topaz InFocus (HKLM-x32\...\Topaz InFocus) (Version: 1.0.0 - Topaz Labs, LLC)
TortoiseHg 3.2.0 (x64) (HKLM\...\{92A5D824-F420-43DA-8956-B8A59C799066}) (Version: 3.2.0 - Steve Borho and others)
TortoiseSVN 1.8.6.25419 (64 bit) (HKLM\...\{0DD7C466-163D-4901-AD4B-E78EEFD7FE01}) (Version: 1.8.25419 - TortoiseSVN)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
TV-Browser 3.4 (HKLM-x32\...\tvbrowser) (Version: 3.4 - TV-Browser Team)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Ut Video Codec Suite (HKLM\...\utvideo_is1) (Version: 13.3.0 - UMEZAWA Takeshi)
Viewer V7 (HKLM-x32\...\Viewer V7) (Version:  - )
VisualSubSync (remove only) (HKLM-x32\...\VisualSubSync) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version:  - )
VueScan x64 (HKLM\...\VueScan x64) (Version:  - )
WebP Codec for Windows 0.19 (HKLM\...\{9D2F4EB8-98AD-4C8B-A0C5-4C114B3F1287}) (Version: 0.19.9 - Google Inc)
WhackEd2 (HKLM-x32\...\{13798206-C1C4-11D7-8CCB-CE81DE993523}}_is1) (Version:  - )
WhackEd3 (HKLM-x32\...\WhackEd3_is1) (Version: 0.9.10 beta - )
Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZip 12.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}) (Version: 12.0.8252 - WinZip Computing, S.L. )
Wireshark 1.8.7 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.8.7 - The Wireshark developer community, hxxp://www.wireshark.org)
WPT Redistributables (x32 Version: 8.59.29750 - Microsoft) Hidden
WPTx64 (x32 Version: 8.59.29722 - Microsoft) Hidden
XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)
XnConvert 1.55 (HKLM\...\XnConvert_is1) (Version: 1.55 - Gougelet Pierre-e)
XnView 2.24 (HKLM-x32\...\XnView_is1) (Version: 2.24 - Gougelet Pierre-e)
XnViewMP 0.69 (HKLM\...\XnViewMP_is1) (Version: 0.69 - Gougelet Pierre-e)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.0) (Version: 1.3.3 - )
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
ZBar Bar Code Reader (HKLM-x32\...\ZBar) (Version: 0.10 - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3472902020-759341144-1792876247-1002_Classes\CLSID\{36EE8C1C-80F5-C22F-E88C-66DFB61B5466}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3472902020-759341144-1792876247-1002_Classes\CLSID\{869C14C8-1830-491F-B575-5F9AB40D2B42}\InprocServer32 -> E:\Programme\MediaInfo\MediaInfo_InfoTip.dll (hxxp://MediaArea.net/MediaInfo)
CustomCLSID: HKU\S-1-5-21-3472902020-759341144-1792876247-1002_Classes\CLSID\{9ca2b884-f754-4e46-aa17-f4c9667d8087}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3472902020-759341144-1792876247-1002_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()

==================== Restore Points  =========================

26-11-2014 11:56:03 Installed BOINC.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-11-19 08:03 - 00453562 ____R C:\Windows\system32\Drivers\etc\hosts
192.168.0.237        fritz.box
127.0.0.1        localhost
127.0.0.1        www.carportneuheit.de
127.0.0.1        www.carportneuheiten.de
127.0.0.1        www.carport-neuheit.de
127.0.0.1        www.carport-neuheiten.de
127.0.0.1        www.holzon-carport.com
127.0.0.1        www.holzon.de
127.0.0.1        www.holzon.eu
127.0.0.1        www.holzon.com
127.0.0.1        www.holzon.net
127.0.0.1        www.holzon.biz
127.0.0.1        www.holzon.info
127.0.0.1        www.holzon.at
127.0.0.1        www.holzon.be
127.0.0.1        www.holzon.ch
127.0.0.1        www.holzon.dk
127.0.0.1        www.holzon.nl
127.0.0.1        www.ligh.de
127.0.0.1        www.terrassenueberdachung.nl
127.0.0.1        www.terrassenueberdachungen.eu
127.0.0.1        www.terrassenueberdachung-terrassenueberdachungen.de
127.0.0.1        partner.holzon.de
127.0.0.1        www.holzon-partner.de
127.0.0.1        www.holzon-katalog.de
127.0.0.1        www.produktbilder24.de
127.0.0.1        www.meisterbalkon.de
127.0.0.1        www.meister-balkon.de
127.0.0.1        www.carportbausatz24.de

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01DBD47C-A880-4BEB-9C54-1C8D1D193B11} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => E:\Programme\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {04190C21-EF80-4103-BA2D-524DD6E3E2B7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {14A5FCA3-5803-47A7-91FD-1E0A3AB7EA20} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => E:\Programme\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {1DC6115A-A7A5-4E7E-8B45-3DB92679EBA0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {1F518784-9782-4A90-B023-23C3A7F0E34B} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {2A827125-F7EB-436F-9D7F-3EC153768D33} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4D520E83-3805-42C4-83C7-90513ABCBA30} - System32\Tasks\{9E4E8DFC-8716-4D9F-A783-BC5B0F76DEF1} => e:\programme\pale moon\palemoon.exe [2014-11-17] (Moonchild Productions)
Task: {58E0319F-885D-4DA3-8B7B-5A7C27339A2E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {5D5EE36A-2A09-4CAC-8C74-A285C7F82C01} - System32\Tasks\{6EEBFCC4-7D18-4438-B494-9A6E2E8ED091} => e:\programme\pale moon\palemoon.exe [2014-11-17] (Moonchild Productions)
Task: {644BFEA7-0B60-4BC5-9802-BE49D58FEBE8} - System32\Tasks\{8D9A1E69-3705-494A-985E-B13E155CDFBB} => e:\programme\pale moon\palemoon.exe [2014-11-17] (Moonchild Productions)
Task: {6C47D240-BADA-4B95-A50A-C643451C0B01} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => E:\Programme\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {6CFFDA91-F9CC-4EB5-A2D1-70E244CA959E} - System32\Tasks\{AE7BF63D-F59E-487B-978A-9C32A21CE47F} => e:\programme\pale moon\palemoon.exe [2014-11-17] (Moonchild Productions)
Task: {A9115315-17E7-47DD-AC2B-CBC98D2B3739} - System32\Tasks\{50D2D0D6-8DAD-4EE6-92F1-6A102D36AE25} => E:\Programme\VFD\AMD64\vfdwin.exe [2008-02-06] (Ken Kato)
Task: {B5C22337-E677-4B93-BFE8-A40BC2BB808E} - System32\Tasks\{910CD6B7-1206-458E-86A0-814C683DC084} => e:\programme\pale moon\palemoon.exe [2014-11-17] (Moonchild Productions)
Task: {B5C69A7C-54FC-4F84-ADDD-D04BB7A20FED} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {D0550A90-674C-4D3D-856D-661D474080B5} - System32\Tasks\{162D122A-D93C-4F5F-AAD1-567E95D390C0} => e:\programme\pale moon\palemoon.exe [2014-11-17] (Moonchild Productions)
Task: {E876A5DF-F637-4FE7-978A-D76DEE655025} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-02-17 13:36 - 2013-10-17 16:32 - 00020472 _____ () C:\Windows\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2012-07-20 19:08 - 2012-07-20 19:08 - 08186368 _____ () E:\programme\xampp\mysql\bin\mysqld.exe
2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 _____ () C:\Windows\SysWOW64\PSIService.exe
2014-06-18 08:20 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-12 13:48 - 2014-04-12 13:48 - 00076016 _____ () E:\Programme\TortoiseSVN\bin\TortoiseStub.dll
2014-04-12 13:48 - 2014-04-12 13:48 - 00088816 _____ () E:\Programme\TortoiseSVN\bin\libsasl.dll
2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2014-11-05 16:11 - 2014-11-05 16:11 - 00100616 _____ () E:\Programme\TortoiseHg\TortoiseHgOverlayServer.exe
2012-10-27 08:28 - 2012-10-27 08:28 - 00128512 _____ () E:\Programme\TortoiseHg\win32api.pyd
2012-10-27 08:27 - 2012-10-27 08:27 - 00137728 _____ () E:\Programme\TortoiseHg\pywintypes27.dll
2012-10-27 08:28 - 2012-10-27 08:28 - 00223232 _____ () E:\Programme\TortoiseHg\win32gui.pyd
2012-10-27 08:27 - 2012-10-27 08:27 - 00027648 _____ () E:\Programme\TortoiseHg\win32pipe.pyd
2012-10-27 08:27 - 2012-10-27 08:27 - 00023040 _____ () E:\Programme\TortoiseHg\win32event.pyd
2012-10-27 08:27 - 2012-10-27 08:27 - 00149504 _____ () E:\Programme\TortoiseHg\win32file.pyd
2012-10-27 08:28 - 2012-10-27 08:28 - 00136192 _____ () E:\Programme\TortoiseHg\win32security.pyd
2013-11-10 19:24 - 2013-11-10 19:24 - 00111616 _____ () E:\Programme\TortoiseHg\_ctypes.pyd
2014-11-05 16:07 - 2014-11-05 16:07 - 00010752 _____ () E:\Programme\TortoiseHg\mercurial.osutil.pyd
2013-11-10 19:25 - 2013-11-10 19:25 - 00474624 _____ () E:\Programme\TortoiseHg\_hashlib.pyd
2012-10-27 08:27 - 2012-10-27 08:27 - 00044032 _____ () E:\Programme\TortoiseHg\win32process.pyd
2012-10-27 08:29 - 2012-10-27 08:29 - 00503808 _____ () E:\Programme\TortoiseHg\pythoncom27.dll
2012-10-27 08:31 - 2012-10-27 08:31 - 00438784 _____ () E:\Programme\TortoiseHg\win32com.shell.shell.pyd
2013-10-15 12:31 - 2013-10-15 12:31 - 00106496 _____ () C:\Program Files\BOINC\zlib1.dll
2014-06-02 08:33 - 2014-06-02 08:34 - 28693504 _____ () K:\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_3.52_windows_x86_64.exe
2012-04-04 17:47 - 2012-04-04 17:47 - 00108032 _____ () E:\programme\xampp\apache\bin\pcre.dll
2012-09-17 11:05 - 2012-09-17 11:05 - 00025088 _____ () E:\Programme\xampp\php\php5apache2_4.dll
2013-02-11 09:16 - 2012-11-13 14:06 - 00108960 _____ () E:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-02-11 09:16 - 2012-11-13 14:06 - 00416160 _____ () E:\Programme\Spybot - Search & Destroy 2\DEC150.bpl
2013-02-11 09:16 - 2012-11-13 14:06 - 00158624 _____ () E:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-02-11 09:16 - 2012-08-23 09:38 - 00574840 _____ () E:\Programme\Spybot - Search & Destroy 2\sqlite3.dll
2013-02-11 09:16 - 2012-11-13 14:06 - 00528288 _____ () E:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2013-02-11 09:16 - 2012-11-13 14:06 - 00554400 _____ () E:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2012-07-27 21:51 - 2012-07-27 21:51 - 00019968 _____ () E:\Programme\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\S-1-5-21-3472902020-759341144-1792876247-1002\Software\Classes\.exe:  =>  <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3472902020-759341144-1792876247-500 - Administrator - Disabled) => C:\Users\Administrator
Entwicklung (S-1-5-21-3472902020-759341144-1792876247-1002 - Administrator - Enabled) => C:\Users\Entwicklung
Gast (S-1-5-21-3472902020-759341144-1792876247-501 - Limited - Enabled)
PSTester (S-1-5-21-3472902020-759341144-1792876247-1003 - Administrator - Enabled) => C:\Users\PSTester
Test (S-1-5-21-3472902020-759341144-1792876247-1004 - Limited - Enabled) => C:\Users\Test
Verwaltung (S-1-5-21-3472902020-759341144-1792876247-1000 - Administrator - Enabled) => C:\Users\Verwaltung

==================== Faulty Device Manager Devices =============

Name: J:\CR\xD7\
Description: USB  HS-xD/SM 
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Y-E DATA
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: J:\CR\CF7\
Description: USB  HS-CF Card
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Y-E DATA
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: J:\CR\MS7\
Description: USB  HS-MS Card
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Y-E DATA
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 945 Processor
Percentage of memory in use: 36%
Total physical RAM: 8190.12 MB
Available physical RAM: 5223.59 MB
Total Pagefile: 16380.3 MB
Available Pagefile: 13363.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (SYSTEM2) (Fixed) (Total:63.99 GB) (Free:4.22 GB) NTFS
Drive d: (SYSTEM1) (Fixed) (Total:63.99 GB) (Free:15.15 GB) NTFS
Drive e: (PROGRAMME) (Fixed) (Total:170.09 GB) (Free:18.95 GB) NTFS
Drive f: (DATEN) (Fixed) (Total:63.99 GB) (Free:4.04 GB) NTFS
Drive g: (GAMES) (Fixed) (Total:63.99 GB) (Free:13 GB) NTFS
Drive h: (PROJEKTE) (Fixed) (Total:63.99 GB) (Free:8.14 GB) NTFS
Drive i: (INTRAWEB) (Fixed) (Total:63.99 GB) (Free:4.7 GB) NTFS
Drive j: (SWAP+TEMP) (Fixed) (Total:42.1 GB) (Free:7.59 GB) NTFS
Drive k: (RESERVE) (Fixed) (Total:256 GB) (Free:25.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 9DC202B2)
Partition 1: (Active) - (Size=64 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=234.1 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 298.1 GB) (Disk ID: 9DC202B1)
Partition 1: (Active) - (Size=64 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=234.1 GB) - (Type=OF Extended)

========================================================
Disk: 2 (Size: 298.1 GB) (Disk ID: 52F896B9)
Partition 1: (Active) - (Size=256 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=42.1 GB) - (Type=05)

==================== End Of Log ============================
Die lange hosts-Datei ist Absicht: Ich habe im Netzwerk einen transparenten 3proxy, um über das Aktivieren oder Deaktivieren der Proxy-Nutzung eines Webbrowsers auf eine Domain entweder über den hosts-Eintrag auf lokalem XAMPP (Test-Inhalt) oder über Proxy im Internet (Live-Server) zuzugreifen; der Rest stammt von der Immunisierung von SB S&D.

schrauber 27.11.2014 10:38

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

LigH 05.12.2014 16:44
Weder ESET noch SecurityCheck haben etwas gefunden. Nach all den getesteten Programmen also nichts, das mit Firefox-Add-ons in Verbindung steht.

Also habe ich mal die {7d69841a-591f-4888-9150-69194354e3f7}.xpi in ein Archiv verschoben (gepackt und Original gelöscht). Seitdem habe ich bei keinem Firefox-Start noch einen Update-Versuch eines unbekannten Plugins bemerkt.

Bei virustotal.com ist so ein Add-on auch eher unbekannt; lediglich DrWeb meldet einen Verdacht auf "Adware.Shopper.504".

Mal schauen, ob ich Anti-Malware-Herstellern diese Datei als verdächtig zustellen kann.

schrauber 06.12.2014 15:59
Du hast die ZIP bei VT geprüft`? Dann ist sie schon bei den Herstellern.


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:43 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19