Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Probleme mit Firefox Add-On "Download Protect 2.2.0"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 01.04.2014, 19:54   #1
Michel D.
 
Probleme mit Firefox Add-On "Download Protect 2.2.0" - Standard

Probleme mit Firefox Add-On "Download Protect 2.2.0"



Hallo und vielen Dank schon einmal!

Ich habe seit ein paar Wochen ein Problem mit Firefox, beziehungsweise dem "Add-on" "Download Protect 2.2.0". Ich habe keine Ahnung wo ich es mir eingefangen habe, allerdings lässt es sich nicht löschen, sondern nur deaktivieren, auch in der Firefox-config bin ich nicht fündig geworden. Nach ein paar Neustarts(konnte bisher kein Muster erkennen) ist es dann aber wieder aktiv und gleichzeitig das Add-on "No Script" deinstalliert.

Ich habe selbst schon (vermutlich eher dilettantisch) einiges versucht, habe "dlprotect.exe" aus dem Autostart genommen, "dlprotectsvc.exe" aus dem Windows/system32-Ordner gelöscht, in sämtlichen Firefox-Verzeichnissen nach dem Programm gesucht, Firefox Neu installiert, Malwarebytes und Avira einen Scan machen lassen (letzterer Ergebnislos) und auch in der Registry (dilettantisch, wie gesagt ;-) ) zwei Einträge in denen "dlprotectsvc.exe" vorkam gelöscht. Ich habe evtl. noch mehr versucht, aber an mehr kann ich mich gerade nicht erinnern. Leider alles erfolglos, weswegen ich mich jetzt an Euch wende.

Ich habe defogger laufen lassen, es gab keine Fehlermeldung.

Hier die Logfiles von FRST, GMER (MBAM und Avira kann ich ggf. nachreichen, die haben nicht mehr in den Post gepasst):

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Michel (administrator) on MICHEL-PC on 31-03-2014 19:37:47
Running from C:\Users\Michel\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
() C:\Windows\system32\aspnet`counters.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
() C:\Program Files\2.4G Ergo Laser Device\TSR\xDaemon.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.82\opera.exe
() C:\Program Files (x86)\Opera\20.0.1387.82\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.82\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.82\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.82\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.82\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.82\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.82\opera.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\program files (x86)\avira\antivir desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [518784 2011-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [790688 2011-04-29] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657568 2011-04-29] (Atheros Commnucations)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [226672 2011-03-23] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Cm106Sound] - C:\Windows\Syswow64\cm106.dll [8126464 2009-05-11] (C-Media Corporation)
HKLM\...\Run: [2.4G Ergo Laser Device Main Program] - C:\Program Files\2.4G Ergo Laser Device\TSR\xDaemon.exe [515584 2011-04-25] ()
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-2257517358-2513234212-1466731007-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-2257517358-2513234212-1466731007-1000\...\MountPoints2: {9e879b04-c92b-11e2-b78f-78843cf81918} - G:\AutoRun.exe
HKU\S-1-5-21-2257517358-2513234212-1466731007-1000\...\MountPoints2: {bae07a93-33bb-11e1-830e-78843cf81918} - F:\Autorun.exe
HKU\S-1-5-21-2257517358-2513234212-1466731007-1000\...\MountPoints2: {ed148876-c126-11e2-94a7-78843cf81918} - H:\AutoRun.exe
HKU\S-1-5-21-2257517358-2513234212-1466731007-1000\...\MountPoints2: {ed148890-c126-11e2-94a7-78843cf81918} - H:\AutoRun.exe
HKU\S-1-5-21-2257517358-2513234212-1466731007-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-2257517358-2513234212-1466731007-1001\...\MountPoints2: {57b5004f-3347-11e1-bb76-806e6f6e6963} - E:\Autorun.exe
HKU\S-1-5-21-2257517358-2513234212-1466731007-1001\...\MountPoints2: {bae07a93-33bb-11e1-830e-78843cf81918} - F:\autorun.exe
AppInit_DLLs-x32: c:\progra~4\browse~1\23796~1.11\{16cdf~1\browse~1.dll => "c:\progra~4\browse~1\23796~1.11\{16cdf~1\browse~1.dll" File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE3D12CFF78A1CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1377766448810&tguid=66920-6787-1377766448810-28C02AC9A6CBE7076E848DA2B35C7E0D&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1377766448810&tguid=66920-6787-1377766448810-28C02AC9A6CBE7076E848DA2B35C7E0D&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=116912&tt=4612_2&babsrc=SP_ss&mntrId=6a6c5b1a0000000000009439e5b5512d
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 09 D:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [24280] (National Instruments Corporation)
Winsock: Catalog5-x64 09 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26328] (National Instruments Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.0.3824406\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Michel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Michel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Michel\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2010win32.dll (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2011win32.dll (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\searchplugins\googletranslate.xml
FF SearchPlugin: C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\searchplugins\startpage-ssl.xml
FF SearchPlugin: C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\searchplugins\wolframalpha.xml
FF SearchPlugin: C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\searchplugins\youtube.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FoxyProxy Standard - C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\Extensions\foxyproxy@eric.h.jung [2014-03-28]
FF Extension: Flashblock - C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-03-28]
FF Extension: All-in-One Gestures - C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2014-03-28]
FF Extension: NoScript - C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-31]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-02-15]
FF HKLM-x32\...\Firefox\Extensions: [{CE2E54AC-B123-497A-8CB9-46A098F416B3}] - C:\Windows\Installer\{D86E16BA-3FF7-4D63-ADC5-49891A504E1C}\{CE2E54AC-B123-497A-8CB9-46A098F416B3}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{D86E16BA-3FF7-4D63-ADC5-49891A504E1C}\{CE2E54AC-B123-497A-8CB9-46A098F416B3}.xpi [2014-03-31]

Chrome: 
=======
CHR HomePage: 
CHR Extension: (YouTube) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-20]
CHR Extension: (Google Search) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-20]
CHR Extension: (Download Protect) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbonpmilncgdemeljgfkdcenidmmacm [2014-01-29]
CHR Extension: (Download Protect) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkkojlgbmboapbefmilfbeakgakbgedc [2014-01-23]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-04-20]
CHR Extension: (Gmail) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-20]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Michel\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx [2012-11-08]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM-x32\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.crx [2011-12-12]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-04-29] (Atheros)
R2 fc64; C:\Windows\system32\aspnet`counters.exe [118784 2014-01-17] ()
S4 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.)
S4 lkClassAds; C:\Windows\SysWOW64\lkads.exe [46192 2011-06-14] (National Instruments Corporation)
S4 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [56952 2011-06-14] (National Instruments Corporation)
S4 mxssvr; D:\Program Files (x86)\National Instruments\MAX\nimxs.exe [12696 2011-06-14] (National Instruments Corporation)
S4 NIApplicationWebServer; D:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [50336 2011-11-17] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [68256 2011-11-17] (National Instruments Corporation)
S4 NIDomainService; D:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [362104 2011-06-14] (National Instruments Corporation)
S3 NILM License Manager; D:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
S4 nimDNSResponder; D:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [194224 2011-06-01] (National Instruments Corporation)
S4 NINetworkDiscovery; D:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [121032 2011-11-30] (National Instruments Corporation)
S4 NiRioRpc; C:\Windows\SysWOW64\NiRioRpc.exe [30344 2012-01-07] (National Instruments Corporation)
S4 niSvcLoc; D:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [50328 2011-11-17] (National Instruments Corporation)
S4 NITaggerService; D:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [676528 2011-10-24] (National Instruments Corporation)
S4 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-08-29] (soft Xpansion)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2011-12-31] (DT Soft Ltd)
S3 ni1006k; C:\Windows\system32\drivers\ni1006k.sys [30800 2011-04-08] (National Instruments Corporation)
S3 ni1045k; C:\Windows\system32\drivers\ni1045kl.sys [11856 2011-04-08] (National Instruments Corporation)
S3 ni1065k; C:\Windows\system32\drivers\ni1065k.sys [26704 2011-04-08] (National Instruments Corporation)
S2 nicanpk; C:\Windows\System32\DRIVERS\nicanpkl.sys [11920 2011-06-01] (National Instruments Corporation)
R0 nipxibaf; C:\Windows\System32\drivers\nipxibaf.sys [82568 2011-04-08] (National Instruments Corporation)
R0 nipxibrc; C:\Windows\System32\drivers\nipxibrc.sys [54424 2011-04-08] (National Instruments Corporation)
S3 niswdk; C:\Windows\system32\drivers\niswdkl.sys [12936 2011-03-23] (National Instruments Corporation)
S3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1306624 2009-05-14] (C-Media Electronics Inc)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-31 19:37 - 2014-03-31 19:39 - 00021346 _____ () C:\Users\Michel\Downloads\FRST.txt
2014-03-31 19:37 - 2014-03-31 19:37 - 00000474 _____ () C:\Users\Michel\Downloads\defogger_disable.log
2014-03-31 19:37 - 2014-03-31 19:37 - 00000000 ____D () C:\FRST
2014-03-31 19:37 - 2014-03-31 19:37 - 00000000 _____ () C:\Users\Michel\defogger_reenable
2014-03-31 19:36 - 2014-03-31 19:36 - 00000000 ____D () C:\Users\Michel\Desktop\help
2014-03-31 19:34 - 2014-03-31 19:34 - 02157056 _____ (Farbar) C:\Users\Michel\Downloads\FRST64.exe
2014-03-31 19:34 - 2014-03-31 19:34 - 00380416 _____ () C:\Users\Michel\Downloads\Gmer-19357.exe
2014-03-31 19:33 - 2014-03-31 19:33 - 00050477 _____ () C:\Users\Michel\Downloads\Defogger.exe
2014-03-31 18:38 - 2014-03-31 18:38 - 00000000 ___RD () C:\Users\Michel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-03-30 23:32 - 2014-03-30 23:32 - 00000000 ____D () C:\Windows\system32\IO
2014-03-30 21:44 - 2014-03-31 19:35 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-30 21:44 - 2014-03-30 21:46 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-03-30 21:44 - 2014-03-30 21:44 - 04095448 _____ (BrightFort LLC ) C:\Users\Michel\Downloads\spywareblastersetup50.exe
2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\ProgramData\Licenses
2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-30 21:44 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-30 21:44 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-30 21:44 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-30 21:44 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2014-03-30 21:43 - 2014-03-30 21:43 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Michel\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-29 21:13 - 2014-03-29 21:13 - 00000000 ____D () C:\Users\Michel\Desktop\Musik
2014-03-28 13:10 - 2014-03-28 13:11 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Mozilla
2014-03-28 13:07 - 2014-03-28 13:07 - 00283192 _____ (Mozilla) C:\Users\Michel\Downloads\Firefox Setup Stub 28.0.exe
2014-03-26 18:33 - 2014-03-31 18:39 - 00000728 __RSH () C:\ProgramData\ntuser.pol
2014-03-26 18:31 - 2014-03-26 18:31 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-03-25 13:13 - 2014-03-25 13:13 - 10575008 _____ () C:\Users\Michel\Downloads\FreeFileSync_6.3_Windows_Setup.exe
2014-03-22 11:43 - 2014-03-22 11:44 - 00000890 _____ () C:\Users\Michel\Desktop\Thesis.lnk
2014-03-21 14:19 - 2014-03-21 14:19 - 00550371 _____ () C:\Users\Michel\Downloads\Autoruns.zip
2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files\iTunes
2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files\iPod
2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-21 14:04 - 2014-03-21 14:04 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-21 01:26 - 2014-03-21 01:26 - 00000000 ____D () C:\Users\Michel\Documents\geschenke
2014-03-20 17:24 - 2014-03-20 17:24 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-20 17:24 - 2014-03-20 17:24 - 00000000 ____D () C:\Users\Michel\AppData\Local\Skype
2014-03-19 14:00 - 2014-03-20 13:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-18 14:42 - 2014-03-18 14:42 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-18 12:19 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-18 12:19 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-18 12:19 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-18 12:19 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-18 12:19 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-18 12:19 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-18 12:19 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-18 12:19 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-18 12:19 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-18 12:19 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-18 12:19 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-18 12:19 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-18 12:19 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-18 12:19 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-18 12:19 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-18 12:19 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-18 12:19 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-18 12:19 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-18 12:19 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-18 12:18 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-18 12:18 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-18 12:18 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-18 12:18 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-18 12:18 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-18 12:18 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-18 12:18 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-18 12:18 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-18 12:18 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-18 12:18 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-18 12:18 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-18 12:18 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-18 12:18 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-18 12:18 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-18 12:18 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-18 12:18 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-18 12:18 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-18 12:18 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-18 12:18 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-18 12:18 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-18 12:18 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-18 12:18 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-18 12:18 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-18 12:18 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-18 12:18 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-18 12:18 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-18 12:18 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-18 12:18 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-18 12:18 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-18 12:15 - 2014-03-18 12:15 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Avira
2014-03-18 12:11 - 2014-03-18 12:11 - 00000000 ____D () C:\Users\Gast\AppData\Local\Macromedia
2014-03-18 12:10 - 2014-03-18 12:10 - 00000000 ____D () C:\Users\Gast\Documents\PDF Files
2014-03-05 11:29 - 2014-03-05 11:30 - 00012547 _____ () C:\Users\Michel\Documents\kündigung szl.odt

==================== One Month Modified Files and Folders =======

2014-03-31 19:39 - 2014-03-31 19:37 - 00021346 _____ () C:\Users\Michel\Downloads\FRST.txt
2014-03-31 19:37 - 2014-03-31 19:37 - 00000474 _____ () C:\Users\Michel\Downloads\defogger_disable.log
2014-03-31 19:37 - 2014-03-31 19:37 - 00000000 ____D () C:\FRST
2014-03-31 19:37 - 2014-03-31 19:37 - 00000000 _____ () C:\Users\Michel\defogger_reenable
2014-03-31 19:37 - 2011-12-31 02:09 - 00000000 ____D () C:\Users\Michel
2014-03-31 19:36 - 2014-03-31 19:36 - 00000000 ____D () C:\Users\Michel\Desktop\help
2014-03-31 19:35 - 2014-03-30 21:44 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-31 19:34 - 2014-03-31 19:34 - 02157056 _____ (Farbar) C:\Users\Michel\Downloads\FRST64.exe
2014-03-31 19:34 - 2014-03-31 19:34 - 00380416 _____ () C:\Users\Michel\Downloads\Gmer-19357.exe
2014-03-31 19:33 - 2014-03-31 19:33 - 00050477 _____ () C:\Users\Michel\Downloads\Defogger.exe
2014-03-31 18:54 - 2013-01-13 11:06 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-31 18:45 - 2009-07-14 06:45 - 00022032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-31 18:45 - 2009-07-14 06:45 - 00022032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-31 18:41 - 2011-12-31 02:00 - 01365017 _____ () C:\Windows\WindowsUpdate.log
2014-03-31 18:41 - 2011-04-12 09:43 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-03-31 18:41 - 2011-04-12 09:43 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-03-31 18:41 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-31 18:39 - 2014-03-26 18:33 - 00000728 __RSH () C:\ProgramData\ntuser.pol
2014-03-31 18:38 - 2014-03-31 18:38 - 00000000 ___RD () C:\Users\Michel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-03-31 18:37 - 2011-12-31 12:17 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-31 18:37 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-31 18:37 - 2009-07-14 06:51 - 00167976 _____ () C:\Windows\setupact.log
2014-03-31 15:41 - 2012-12-06 02:01 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Dropbox
2014-03-30 23:34 - 2010-11-21 05:47 - 00351584 _____ () C:\Windows\PFRO.log
2014-03-30 23:32 - 2014-03-30 23:32 - 00000000 ____D () C:\Windows\system32\IO
2014-03-30 23:29 - 2013-08-29 10:57 - 00000000 ____D () C:\ProgramData\Freemium
2014-03-30 23:28 - 2012-10-19 19:56 - 00000000 ____D () C:\ProgramData\Corel
2014-03-30 23:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-30 23:24 - 2012-06-08 12:22 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\DesktopIconForAmazon
2014-03-30 23:01 - 2014-02-15 13:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-30 22:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Speech
2014-03-30 21:46 - 2014-03-30 21:44 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-03-30 21:44 - 2014-03-30 21:44 - 04095448 _____ (BrightFort LLC ) C:\Users\Michel\Downloads\spywareblastersetup50.exe
2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\ProgramData\Licenses
2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-30 21:43 - 2014-03-30 21:43 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Michel\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-30 19:28 - 2011-12-31 02:41 - 00000000 ____D () C:\Users\Michel\Documents\Bluetooth Folder
2014-03-29 21:13 - 2014-03-29 21:13 - 00000000 ____D () C:\Users\Michel\Desktop\Musik
2014-03-28 17:47 - 2012-05-05 14:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-28 13:11 - 2014-03-28 13:10 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Mozilla
2014-03-28 13:07 - 2014-03-28 13:07 - 00283192 _____ (Mozilla) C:\Users\Michel\Downloads\Firefox Setup Stub 28.0.exe
2014-03-28 13:00 - 2012-03-03 11:34 - 00000000 ____D () C:\Users\Michel\AppData\Local\Paint.NET
2014-03-28 12:58 - 2013-05-22 16:53 - 00000000 ____D () C:\Users\Michel\Documents\Rezepte
2014-03-28 00:30 - 2012-01-02 16:14 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Skype
2014-03-26 18:32 - 2012-12-01 20:45 - 00102624 _____ () C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-26 18:32 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-03-26 18:31 - 2014-03-26 18:31 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-03-26 18:30 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-25 17:02 - 2011-12-31 16:43 - 00000000 ____D () C:\Users\Michel\Desktop\Uni
2014-03-25 17:00 - 2013-02-13 23:42 - 00001766 _____ () C:\Users\Michel\Desktop\unidropbox.ffs_batch
2014-03-25 13:39 - 2013-04-23 18:20 - 00004828 _____ () C:\Users\Michel\Desktop\SyncJob.ffs_gui
2014-03-25 13:15 - 2012-05-10 17:25 - 00000000 ____D () C:\Users\Michel\Documents\Kontoauszüge
2014-03-25 13:13 - 2014-03-25 13:13 - 10575008 _____ () C:\Users\Michel\Downloads\FreeFileSync_6.3_Windows_Setup.exe
2014-03-25 12:54 - 2013-04-23 13:28 - 00000000 ____D () C:\Users\Michel\MP3s
2014-03-24 14:13 - 2013-08-29 11:04 - 00000000 ____D () C:\Users\Michel\Documents\WG Ludwigstr
2014-03-24 01:51 - 2011-12-31 18:39 - 00000000 ____D () C:\Users\Michel\AppData\Local\CrashDumps
2014-03-23 17:00 - 2013-10-06 23:14 - 00000000 ____D () C:\Users\Michel\Desktop\Misc
2014-03-22 11:44 - 2014-03-22 11:43 - 00000890 _____ () C:\Users\Michel\Desktop\Thesis.lnk
2014-03-21 14:35 - 2012-04-11 15:56 - 02732392 _____ () C:\Users\Michel\Documents\AutoRuns.arn
2014-03-21 14:22 - 2011-12-31 02:10 - 00000000 ___RD () C:\Users\Michel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-21 14:19 - 2014-03-21 14:19 - 00550371 _____ () C:\Users\Michel\Downloads\Autoruns.zip
2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files\iTunes
2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files\iPod
2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-21 14:05 - 2011-12-31 16:42 - 00000000 ____D () C:\ProgramData\Apple
2014-03-21 14:04 - 2014-03-21 14:04 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-21 01:26 - 2014-03-21 01:26 - 00000000 ____D () C:\Users\Michel\Documents\geschenke
2014-03-21 01:09 - 2013-07-17 09:45 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-03-20 17:24 - 2014-03-20 17:24 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-20 17:24 - 2014-03-20 17:24 - 00000000 ____D () C:\Users\Michel\AppData\Local\Skype
2014-03-20 17:24 - 2012-01-02 16:14 - 00000000 ____D () C:\ProgramData\Skype
2014-03-20 13:55 - 2014-03-19 14:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-19 02:09 - 2009-07-14 06:45 - 00424552 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-18 21:05 - 2013-08-10 19:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 21:04 - 2011-12-31 02:57 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 14:42 - 2014-03-18 14:42 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-18 14:42 - 2013-01-13 11:06 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-18 14:42 - 2012-04-15 08:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-18 14:42 - 2012-01-02 01:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-18 12:15 - 2014-03-18 12:15 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Avira
2014-03-18 12:11 - 2014-03-18 12:11 - 00000000 ____D () C:\Users\Gast\AppData\Local\Macromedia
2014-03-18 12:10 - 2014-03-18 12:10 - 00000000 ____D () C:\Users\Gast\Documents\PDF Files
2014-03-18 12:10 - 2013-07-10 16:30 - 00000000 ____D () C:\Users\Gast\AppData\Local\Mozilla
2014-03-18 12:09 - 2012-12-01 20:44 - 00001421 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-18 12:09 - 2012-12-01 20:44 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-18 12:09 - 2012-12-01 20:44 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-18 12:09 - 2012-12-01 20:44 - 00000000 ____D () C:\Users\Gast\Documents\Bluetooth Folder
2014-03-08 23:32 - 2012-03-17 17:25 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\vlc
2014-03-05 11:30 - 2014-03-05 11:29 - 00012547 _____ () C:\Users\Michel\Documents\kündigung szl.odt
2014-03-05 09:26 - 2014-03-30 21:44 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-30 21:44 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-30 21:44 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-01 08:05 - 2014-03-18 12:18 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 07:17 - 2014-03-18 12:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 07:16 - 2014-03-18 12:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 06:58 - 2014-03-18 12:19 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 06:52 - 2014-03-18 12:18 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 06:51 - 2014-03-18 12:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 06:42 - 2014-03-18 12:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 06:40 - 2014-03-18 12:19 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 06:37 - 2014-03-18 12:18 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 06:33 - 2014-03-18 12:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 06:33 - 2014-03-18 12:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 06:32 - 2014-03-18 12:18 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 06:30 - 2014-03-18 12:19 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 06:23 - 2014-03-18 12:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 06:17 - 2014-03-18 12:18 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 06:11 - 2014-03-18 12:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 06:02 - 2014-03-18 12:18 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 05:54 - 2014-03-18 12:18 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 05:52 - 2014-03-18 12:19 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 05:51 - 2014-03-18 12:19 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 05:47 - 2014-03-18 12:19 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 05:43 - 2014-03-18 12:19 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 05:43 - 2014-03-18 12:19 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 05:42 - 2014-03-18 12:18 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 05:40 - 2014-03-18 12:18 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 05:38 - 2014-03-18 12:18 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 05:37 - 2014-03-18 12:19 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 05:35 - 2014-03-18 12:18 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 05:18 - 2014-03-18 12:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 05:16 - 2014-03-18 12:18 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 05:14 - 2014-03-18 12:18 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 05:10 - 2014-03-18 12:18 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 05:03 - 2014-03-18 12:19 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 05:00 - 2014-03-18 12:19 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 04:57 - 2014-03-18 12:18 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 04:38 - 2014-03-18 12:19 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 04:32 - 2014-03-18 12:18 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 04:27 - 2014-03-18 12:19 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 04:25 - 2014-03-18 12:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 04:25 - 2014-03-18 12:18 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\avgnt.exe
C:\Users\Michel\AppData\Local\Temp\avgnt.exe
C:\Users\Michel\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Michel\AppData\Local\Temp\expertpdf_v5.exe
C:\Users\Michel\AppData\Local\Temp\ResetDevice.exe
C:\Users\Michel\AppData\Local\Temp\SpotifyUninstall.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-31 11:27

==================== End Of Log ============================
         

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Michel at 2014-03-31 19:40:33
Running from C:\Users\Michel\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.2.0.399 - Amazon Services LLC)
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoStudio Darkroom 2 (HKLM-x32\...\{40DA94AF-34B7-4BA7-A37F-26F899C031FF}) (Version: 2.0.0.174 - ArcSoft)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{7B937101-FD85-4CA9-9176-ADA6492314AF}) (Version: 3.0.0.117 - ArcSoft)
Ashampoo Burning Studio 6 FREE v.6.80 (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.8.0 - ashampoo GmbH & Co. KG)
Ashampoo Burning Studio Elements 10.0.9 (HKLM-x32\...\Ashampoo Burning Studio Elements_is1) (Version: 3.1.1 - Ashampoo GmbH & Co. KG)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Audiograbber MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
Autostart-Manager (HKLM-x32\...\{0C6DA7D3-EA2A-428B-8F8A-28EB811F57B2}) (Version: 6.01.0000 - Wirth IT Design )
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.3.0.100 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
calibre (HKLM-x32\...\{1733BD75-088D-40E1-96B4-BAE75F559961}) (Version: 0.9.27 - Kovid Goyal)
Command & Conquer The First Decade (HKLM-x32\...\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}) (Version: 1.00.0000 - Electronic Arts)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.0.53 - Conexant)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - )
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.5 - DivX, LLC)
DjVuLibre+DjView (HKLM-x32\...\DjVuLibre+DjView) (Version: 3.5.25.3+4.9 - DjVuZone)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Easy2Convert GIF to PNG 1.4 (HKLM-x32\...\{90AFB3B8-13CD-44F1-BB0E-A22ADC5566F7}_is1) (Version: 1.4 - Easy2Convert Software)
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
Erweiterte DSC-Deployment-Unterstützung für LabVIEW 2011 SP1 (x32 Version: 11.0.412.0 - National Instruments) Hidden
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
eXPert PDF 5 (HKLM-x32\...\{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}) (Version: 5.1.170.0 - Visage Software)
Foxit Advanced PDF Editor 3 (HKLM-x32\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.0.5.0 - Foxit Corporation)
Free Pascal 2.4.4 (HKLM-x32\...\FreePascal_is1) (Version:  - Free Pascal Team)
Free YouTube Download version 3.2.18.1128 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.18.1128 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
FreeFileSync 6.3 (HKLM-x32\...\FreeFileSync) (Version: 6.3 - Zenju)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 18.0.1025.168 - Google Inc.)
Gwyddion (HKLM\...\Gwyddion) (Version: 2.34.win64 - Gwyddion developers)
HFSExplorer 0.21 (HKLM-x32\...\HFSExplorer) (Version: 0.21 - Catacombae Software)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
ICQ 7.7 Build #6547 Banner Remover 1.0 (HKLM-x32\...\{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1) (Version:  - murb.com)
ICQ7.7 (HKLM-x32\...\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}) (Version: 7.7 - ICQ)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
IVI Shared Component 64-bit (Version: 2.21.49152 - IVI Foundation Inc.) Hidden
IVI Shared Components 2.2.1 (HKLM-x32\...\IviSharedComponent) (Version: 2.21.49152 - IVI Foundation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 33 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)
JPG to PDF Converter 1.0 (HKLM-x32\...\JPG to PDF Converter) (Version: 1.0 - )
LibreOffice 4.0.4.2 (HKLM-x32\...\{FE88323B-9F0E-4596-8F56-37757C6918E9}) (Version: 4.0.4.2 - The Document Foundation)
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Mathematica Extras 9.0 (3824406) (HKLM\...\A-WIN-Extras 9.0.0 3824406_is1) (Version: 9.0.0 - Wolfram Research, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (HKLM-x32\...\{76DAEC83-AF7B-333C-8A53-83D7C7D39199}) (Version: 9.0.30729 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
National Instruments - Software (HKLM-x32\...\NI Uninstaller) (Version:  - National Instruments)
NI AFW UI Assemblies (x32 Version: 7.2.8.0 - National Instruments) Hidden
NI Assistant Framework (x32 Version: 7.5.126.0 - National Instruments) Hidden
NI Assistant Framework 64-bit (Version: 7.5.127.0 - National Instruments) Hidden
NI Assistant Framework LabVIEW 2011 Support (x32 Version: 7.5.69.0 - National Instruments) Hidden
NI Assistant Framework LabVIEW Code Generator 2009 (64-bit) (Version: 7.5.35.0 - National Instruments) Hidden
NI Assistant Framework LabVIEW Code Generator 2009 (x32 Version: 7.5.35.0 - National Instruments) Hidden
NI Assistant Framework LabVIEW Code Generator 2010 (64-bit) (Version: 7.5.40.0 - National Instruments) Hidden
NI Assistant Framework LabVIEW Code Generator 2010 (x32 Version: 7.5.39.0 - National Instruments) Hidden
NI Assistant Framework LabVIEW Code Generator 2011 (64-bit) (Version: 7.5.59.0 - National Instruments) Hidden
NI Assistant Framework LabVIEW Code Generator 2011 (x32 Version: 7.5.69.0 - National Instruments) Hidden
NI Assistant Framework LabVIEW Code Generator 8.6 (x32 Version: 7.5.35.0 - National Instruments) Hidden
NI Authentication 2011 SP1 (64-bit) (Version: 2.0.296.0 - National Instruments) Hidden
NI Authentication 2011 SP1 (x32 Version: 2.0.296.0 - National Instruments) Hidden
NI BIOS Updater (x32 Version: 8.0.390.0 - National Instruments) Hidden
NI Calibration Provider for MAX 5.0.0 (x32 Version: 5.00.49152 - National Instruments) Hidden
NI Calibration Provider Help for 64 Bit Windows (Version: 5.00.49152 - National Instruments) Hidden
NI Certificates Deployment Support (x32 Version: 1.02.49152 - National Instruments) Hidden
NI CodeSignAPI (x32 Version: 2.70.346 - National Instruments) Hidden
NI CompactRIO 4.1 (x32 Version: 4.10.49156 - National Instruments) Hidden
NI CompactRIO 4.1 for LabVIEW Real-Time (x32 Version: 4.10.49154 - National Instruments) Hidden
NI CompactRIO LabVIEW 2009 Module Support (x32 Version: 3.5.10004 - National Instruments) Hidden
NI CompactRIO LabVIEW 8.6 Module Support (x32 Version: 3.3.00089 - National Instruments) Hidden
NI CompactRIO MAX Provider 4.1 (x32 Version: 4.10.49156 - National Instruments) Hidden
NI CompactRIO Module Config API Runtime 4.1 (x32 Version: 4.10.49156 - National Instruments) Hidden
NI CompactRIO Module Support for LabVIEW 2010 SP1 (x32 Version: 3.6.1020.0 - National Instruments) Hidden
NI Curl 1.5 (64-bit) (Version: 1.1.290.0 - National Instruments) Hidden
NI Curl 11.5 (x32 Version: 1.1.290.0 - National Instruments) Hidden
NI CVS-1450 Series Remote Provider (x32 Version: 9.1.5.0 - National Instruments) Hidden
NI DAQ Assistant 2.0.0 (x32 Version: 2.00.49152 - National Instruments) Hidden
NI DAQ Assistant 64-bit 2.0.0 (Version: 2.00.49152 - National Instruments) Hidden
NI DataSocket 4.9.1 (64 Bit) (Version: 4.9.218.0 - National Instruments) Hidden
NI DataSocket 4.9.1 (x32 Version: 4.9.230.0 - National Instruments) Hidden
NI DECoM 4.0 Driver for Real-Time Embedded Targets (x32 Version: 4.00.49153 - National Instruments) Hidden
NI DN 2.0 SP1 installer (x32 Version: 2.11.49152 - National Instruments) Hidden
NI Error Reporting 2011 SP1 (x32 Version: 11.0.191.0 - National Instruments) Hidden
NI EulaDepot (x32 Version: 3.0.408 - National Instruments) Hidden
NI EVS-1460 Series Remote Provider (x32 Version: 9.2.5.0 - National Instruments) Hidden
NI Example Finder 11.0 (x32 Version: 11.0.309.0 - National Instruments) Hidden
NI FieldPoint Host 6.0.10 (x32 Version: 6.0.10025.0 - National Instruments) Hidden
NI FieldPoint MAX Provider 6.0.10 (x32 Version: 6.0.10025.0 - National Instruments) Hidden
NI FlexRIO 2.2 (x32 Version: 2.20.49154 - National Instruments) Hidden
NI FlexRIO 2.2 for LabVIEW Real-Time (x32 Version: 2.20.49152 - National Instruments) Hidden
NI FlexRIO Adapter Module Support 2.2.1 (x32 Version: 2.2.57.0 - National Instruments) Hidden
NI FlexRIO Adapter Module Support for NI-RIO 2009 (x32 Version: 2.2.56.0 - National Instruments) Hidden
NI FlexRIO Adapter Module Support for NI-RIO 8.6 (x32 Version: 2.2.56.0 - National Instruments) Hidden
NI FlexRIO Adapter Module Support LabVIEW 2009 Analog Examples (x32 Version: 2.2.53.0 - National Instruments) Hidden
NI FlexRIO Adapter Module Support LabVIEW 2009 Digital Examples (x32 Version: 2.2.55.0 - National Instruments) Hidden
NI FlexRIO Adapter Module Support LabVIEW 2009 Support (x32 Version: 2.2.57.0 - National Instruments) Hidden
NI FlexRIO Adapter Module Support LabVIEW 2010 Analog Examples (x32 Version: 2.2.55.0 - National Instruments) Hidden
NI FlexRIO Adapter Module Support LabVIEW 2010 Digital Examples (x32 Version: 2.2.56.0 - National Instruments) Hidden
NI FlexRIO Adapter Module Support LabVIEW 2010 Support (x32 Version: 2.2.56.0 - National Instruments) Hidden
NI FlexRIO Adapter Module Support LabVIEW 2011 Analog Examples (x32 Version: 2.2.40.0 - National Instruments) Hidden
NI FlexRIO Adapter Module Support LabVIEW 2011 Digital Examples (x32 Version: 2.2.40.0 - National Instruments) Hidden
NI FlexRIO Adapter Module Support LabVIEW 2011 Support (x32 Version: 2.2.40.0 - National Instruments) Hidden
NI FlexRIO Adapter Module Support LabVIEW 8.6 Analog Examples (x32 Version: 2.2.55.0 - National Instruments) Hidden
NI FlexRIO Adapter Module Support LabVIEW 8.6 Digital Examples (x32 Version: 2.2.56.0 - National Instruments) Hidden
NI FlexRIO Adapter Module Support LabVIEW 8.6 Support (x32 Version: 2.2.57.0 - National Instruments) Hidden
NI FlexRIO LabVIEW 2009 Support (x32 Version: 1.5.00235 - National Instruments) Hidden
NI FlexRIO LabVIEW 2010 Support (x32 Version: 1.6.00211 - National Instruments) Hidden
NI FlexRIO LabVIEW 2011 Support (x32 Version: 2.20.49154 - National Instruments) Hidden
NI FlexRIO LabVIEW 8.6 Support (x32 Version: 1.3.00089 - National Instruments) Hidden
NI FPGA Wizard for LabVIEW FPGA 2009 (x32 Version: 3.3.00089 - National Instruments) Hidden
NI FPGA Wizard for LabVIEW FPGA 2010 SP1 (x32 Version: 3.6.00211 - National Instruments) Hidden
NI FPGA Wizard for LabVIEW FPGA 2011 (x32 Version: 4.10.49153 - National Instruments) Hidden
NI FPGA Wizard for LabVIEW FPGA 8.6 (x32 Version: 3.1.00102 - National Instruments) Hidden
NI GMP Windows 32-bit Installer 11.0.0 (x32 Version: 11.0.22.0 - National Instruments) Hidden
NI GMP Windows 64-bit Installer 11.0.0 (Version: 11.0.22.0 - National Instruments) Hidden
NI Help Assistant (64bit) (Version: 1.0.11 - National Instruments) Hidden
NI Help Assistant (x32 Version: 1.0.11 - National Instruments) Hidden
NI I/O Trace API LV2010 (x32 Version: 3.0.36.0 - National Instruments) Hidden
NI I/O Trace API LV201064 (Version: 3.0.36.0 - National Instruments) Hidden
NI I/O Trace API LV2011 (x32 Version: 3.0.36.0 - National Instruments) Hidden
NI I/O Trace API LV201164 (Version: 3.0.36.0 - National Instruments) Hidden
NI I/O Trace API LV86 (x32 Version: 3.0.36.0 - National Instruments) Hidden
NI I/O Trace API LV90 (x32 Version: 3.0.36.0 - National Instruments) Hidden
NI I/O Trace API LV9064 (Version: 3.0.36.0 - National Instruments) Hidden
NI Instrument IO Assistant for LabVIEW 2011 32-bit (x32 Version: 1.0.13.0 - National Instruments) Hidden
NI IVI Class Driver CVI Support (x32 Version: 4.40.49155 - National Instruments) Hidden
NI IVI Class Driver LabVIEW 2009 64-bit Support (Version: 4.40.49155 - National Instruments) Hidden
NI IVI Class Driver LabVIEW 2009 Support (x32 Version: 4.40.49155 - National Instruments) Hidden
NI IVI Class Driver LabVIEW 2010 64-bit Support (Version: 4.40.49155 - National Instruments) Hidden
NI IVI Class Driver LabVIEW 2010 Support (x32 Version: 4.40.49155 - National Instruments) Hidden
NI IVI Class Driver LabVIEW 2011 64-bit Support (Version: 4.40.49155 - National Instruments) Hidden
NI IVI Class Driver LabVIEW 2011 Support (x32 Version: 4.40.49155 - National Instruments) Hidden
NI IVI Class Driver LabVIEW 8.6 Support (x32 Version: 4.40.49155 - National Instruments) Hidden
NI IVI Class Drivers (64-bit) (Version: 6.40.49155 - National Instruments) Hidden
NI IVI Class Drivers (x32 Version: 6.40.49155 - National Instruments) Hidden
NI IVI Class Simulation Drivers (64-bit) (Version: 4.40.49155 - National Instruments) Hidden
NI IVI Class Simulation Drivers (x32 Version: 4.40.49155 - National Instruments) Hidden
NI IVI COM Adapters (x32 Version: 4.40.49155 - National Instruments) Hidden
NI IVI Compliance Package 4.4 (64-bit) (Version: 4.40.49155 - National Instruments) Hidden
NI IVI Compliance Package 4.4 (x32 Version: 4.40.49155 - National Instruments) Hidden
NI IVI Engine (64-bit) (Version: 134.40.49155 - National Instruments) Hidden
NI IVI Engine (x32 Version: 134.40.49155 - National Instruments) Hidden
NI IVI Online Help (x32 Version: 4.40.49155 - National Instruments) Hidden
NI IVI Provider for MAX (x32 Version: 5.50.49155 - National Instruments) Hidden
NI LabVIEW 2009 Integer Math and Analysis (x32 Version: 9.0.137.0 - National Instruments) Hidden
NI LabVIEW 2009 Real-Time MSVS71 Support (x32 Version: 9.0.188.0 - National Instruments) Hidden
NI LabVIEW 2009 SP1 FPGA Elemental IO Common (x32 Version: 9.0.144.0 - National Instruments) Hidden
NI LabVIEW 2009 SP1 FPGA Support for Host Communication (x32 Version: 9.0.143.0 - National Instruments) Hidden
NI LabVIEW 2009 SP1 Run-Time Engine Web Services (x32 Version: 9.0.234.0 - National Instruments) Hidden
NI LabVIEW 2010 Real-Time NBFifo (x32 Version: 10.0.214.0 - National Instruments) Hidden
NI LabVIEW 2010 SP1 FPGA Elemental IO Common (x32 Version: 10.0.205.0 - National Instruments) Hidden
NI LabVIEW 2010 SP1 FPGA Support for Host Analysis (x32 Version: 10.0.132.0 - National Instruments) Hidden
NI LabVIEW 2010 SP1 FPGA Support for Host Communication (x32 Version: 10.0.213.0 - National Instruments) Hidden
NI LabVIEW 2010 SP1 Integer Math and Analysis (x32 Version: 10.0.207.0 - National Instruments) Hidden
NI LabVIEW 2011 Deployment Framework (x32 Version: 11.0.64.0 - National Instruments) Hidden
NI LabVIEW 2011 FPGA Realtime Support (x32 Version: 11.0.225.0 - National Instruments) Hidden
NI LabVIEW 2011 MeasAppChm File (x32 Version: 11.0.303.0 - National Instruments) Hidden
NI LabVIEW 2011 Real-Time Error Dialog (x32 Version: 11.0.296.0 - National Instruments) Hidden
NI LabVIEW 2011 Real-Time LabVIEW (x32 Version: 11.0.249.0 - National Instruments) Hidden
NI LabVIEW 2011 Real-Time NBFifo (x32 Version: 11.0.250.0 - National Instruments) Hidden
NI LabVIEW 2011 Real-Time Pharlap Base (x32 Version: 11.0.250.0 - National Instruments) Hidden
NI LabVIEW 2011 Real-Time VxWorks Base (x32 Version: 11.0.250.0 - National Instruments) Hidden
NI LabVIEW 2011 Real-Time VxWorks LabVIEW (x32 Version: 11.0.205.0 - National Instruments) Hidden
NI LabVIEW 2011 Search (x32 Version: 11.0.36.0 - National Instruments) Hidden
NI LabVIEW 2011 SP1 (x32 Version: 11.0.113.0 - National Instruments) Hidden
NI LabVIEW 2011 SP1 (x32 Version: 11.0.411.0 - National Instruments) Hidden
NI LabVIEW 2011 SP1 Deployable License (x32 Version: 11.0.399.0 - National Instruments) Hidden
NI LabVIEW 2011 SP1 FPGA Elemental IO Common (x32 Version: 11.0.154.0 - National Instruments) Hidden
NI LabVIEW 2011 SP1 FPGA Elemental IO Common (x32 Version: 11.0.318.0 - National Instruments) Hidden
NI LabVIEW 2011 SP1 FPGA Support for Host Analysis (x32 Version: 11.0.153.0 - National Instruments) Hidden
NI LabVIEW 2011 SP1 FPGA Support for Host Analysis (x32 Version: 11.0.311.0 - National Instruments) Hidden
NI LabVIEW 2011 SP1 FPGA Support for Host Communication (x32 Version: 11.0.156.0 - National Instruments) Hidden
NI LabVIEW 2011 SP1 FPGA Support for Host Communication (x32 Version: 11.0.311.0 - National Instruments) Hidden
NI LabVIEW 2011 SP1 Help (x32 Version: 11.0.141.0 - National Instruments) Hidden
NI LabVIEW 2011 SP1 Help File (x32 Version: 11.0.388.0 - National Instruments) Hidden
NI LabVIEW 2011 SP1 Integer Math and Analysis (x32 Version: 11.0.154.0 - National Instruments) Hidden
NI LabVIEW 2011 SP1 Integer Math and Analysis (x32 Version: 11.0.311.0 - National Instruments) Hidden
NI LabVIEW 2011 SP1 License (x32 Version: 11.0.396.0 - National Instruments) Hidden
NI LabVIEW 2011 SP1 Manuals (x32 Version: 11.0.139.0 - National Instruments) Hidden
NI LabVIEW 2011 SP1 Real-Time Pharlap Base (x32 Version: 11.1.79.0 - National Instruments) Hidden
NI LabVIEW 2011 SP1 Real-Time Support for cRIO (x32 Version: 11.1.80.0 - National Instruments) Hidden
NI LabVIEW 2011 SP1 Real-Time Support for Desktop (x32 Version: 11.1.80.0 - National Instruments) Hidden
NI LabVIEW 2011 SP1 Real-Time Support for FieldPoint (x32 Version: 11.1.80.0 - National Instruments) Hidden
NI LabVIEW 2011 SP1 Real-Time Support for IMAQ (x32 Version: 11.1.80.0 - National Instruments) Hidden
NI LabVIEW 2011 SP1 Real-Time Support for PXI (x32 Version: 11.1.80.0 - National Instruments) Hidden
NI LabVIEW 2011 SP1 Real-Time VxWorks Base (x32 Version: 11.1.80.0 - National Instruments) Hidden
NI LabVIEW 2011 SP1 Simulation (x32 Version: 11.0.397.0 - National Instruments) Hidden
NI LabVIEW 2011 SP1 Web Server (x32 Version: 11.0.375.0 - National Instruments) Hidden
NI LabVIEW 2011 SP1 Web Services Runtime (x32 Version: 11.0.381.0 - National Instruments) Hidden
NI LabVIEW 2011 VIPM Helper (x32 Version: 11.0.114.0 - National Instruments) Hidden
NI LabVIEW 7.1.1 Real-Time Update (x32 Version: 7.1.2 - National Instruments) Hidden
NI LabVIEW 8.6 FPGA Elemental I_O Common (x32 Version: 8.6.159.0 - National Instruments) Hidden
NI LabVIEW 8.6 Real-Time LabVIEW (x32 Version: 8.6.80.0 - National Instruments) Hidden
NI LabVIEW 8.6 Real-Time Pharlap Base (x32 Version: 8.6.73.0 - National Instruments) Hidden
NI LabVIEW 8.6.1 FPGA Support for Host Communication (x32 Version: 8.6.197.0 - National Instruments) Hidden
NI LabVIEW 8.6.1 Integer Math and Analysis (x32 Version: 8.6.199.0 - National Instruments) Hidden
NI LabVIEW 8.6.1 Real-Time Support for Industrial Controllers (x32 Version: 8.6.3.0 - National Instruments) Hidden
NI LabVIEW 8.6.1f1 Real-Time Pharlap LabVIEW (x32 Version: 8.6.94.0 - National Instruments) Hidden
NI LabVIEW Broker (64 bit) (Version: 6.8.10.0 - National Instruments) Hidden
NI LabVIEW Broker (x32 Version: 6.8.10.0 - National Instruments) Hidden
NI LabVIEW C Interface (x32 Version: 1.0.1 - National Instruments) Hidden
NI LabVIEW Compare Utility 11.0.0 (x32 Version: 11.0.54.0 - National Instruments) Hidden
NI LabVIEW MAX XML (x32 Version: 9.0.6.0 - National Instruments) Hidden
NI LabVIEW Merge Utility 11.0.0 (x32 Version: 11.0.359.0 - National Instruments) Hidden
NI LabVIEW Real-Time FIFO for Runtime (x32 Version: 8.2.74.0 - National Instruments) Hidden
NI LabVIEW Real-Time FIFO for Runtime (x32 Version: 8.5.264.0 - National Instruments) Hidden
NI LabVIEW Real-Time NBFifo (x32 Version: 9.0.319.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 2009 (x32 Version: 9.0.1089.0 - National Instruments) Hidden
NI LabVIEW Runtime Engine 2010 SP1 (x32 Version: 10.1.114.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 2011 SP1 (x32 Version: 11.0.442.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine Interop 2009 (x32 Version: 9.0.160.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine Interop 2010 (x32 Version: 10.1.115.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine Interop 2011 (x32 Version: 11.0.443.0 - National Instruments) Hidden
NI LabVIEW Web Server for Run-Time Engine (x32 Version: 10.0.235.0 - National Instruments) Hidden
NI LabVIEW Web Server for Run-Time Engine (x32 Version: 11.0.375.0 - National Instruments) Hidden
NI LabVIEW Web Server for Run-Time Engine (x32 Version: 9.0.185.0 - National Instruments) Hidden
NI LabWindows/CVI 2010 Code Generator (x32 Version: 10.0.0360 - National Instruments) Hidden
NI LabWindows/CVI 2010 LabVIEW DLL Builder (x32 Version: 10.0.0360 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Analysis Library (64-bit) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Analysis Library (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original) (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated) (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Network Variable Library (64-bit) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Network Variable Library (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Run-Time Engine (64-bit) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 TDM Streaming Library (64-bit) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 TDM Streaming Library (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI Run-Time Engine 2010 SP1 (Updated) (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI Run-Time Engine 2010 SP1 (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LibiConv 2011 (x32 Version: 11.0.173.0 - National Instruments) Hidden
NI LibiConv 2011 SP1 (x32 Version: 11.1.56.0 - National Instruments) Hidden
NI License Manager (x32 Version: 3.6.85 - National Instruments) Hidden
NI Logos 5.3.0 (x32 Version: 5.3.223.0 - National Instruments) Hidden
NI Logos LabVIEW 2011 SP1 Support (x32 Version: 11.0.139.0 - National Instruments) Hidden
NI Logos XT Support (x32 Version: 5.3.222.0 - National Instruments) Hidden
NI Logos64 5.3.0 (Version: 5.3.223.0 - National Instruments) Hidden
NI Logos64 XT Support (Version: 5.3.222.0 - National Instruments) Hidden
NI LVBrokerAux 8.2.1 (x32 Version: 8.2.303.0 - National Instruments) Hidden
NI Math Kernel Libraries (64-bit) (Version: 1.0.10.0 - National Instruments) Hidden
NI Math Kernel Libraries (64-bit) (Version: 1.0.14.0 - National Instruments) Hidden
NI Math Kernel Libraries (64-bit) (Version: 1.0.15.0 - National Instruments) Hidden
NI Math Kernel Libraries (x32 Version: 1.0.10.0 - National Instruments) Hidden
NI Math Kernel Libraries (x32 Version: 1.0.25.0 - National Instruments) Hidden
NI Math Kernel Libraries (x32 Version: 1.0.28.0 - National Instruments) Hidden
NI MAX CVI Support 5.1.0 (x32 Version: 5.10.49152 - National Instruments) Hidden
NI MAX CVI Support Help for 64 Bit Windows (Version: 5.10.49152 - National Instruments) Hidden
NI MAX Remote Configuration 64-bit Installer 5.1 (Version: 5.10.49152 - National Instruments) Hidden
NI MAX Remote Configuration Installer 5.1 (x32 Version: 5.10.49152 - National Instruments) Hidden
NI MAX Support for 64 Bit Windows (Version: 5.10.49152 - National Instruments) Hidden
NI MDF Support (x32 Version: 3.0.408 - National Instruments) Hidden
NI mDNS Responder 1.6 for Windows 64-bit (Version: 1.60.49155 - National Instruments) Hidden
NI mDNS Responder 1.6.0 (x32 Version: 1.60.49155 - National Instruments) Hidden
NI Measurement & Automation Explorer 5.1.0 (x32 Version: 5.10.49152 - National Instruments) Hidden
NI Measurement Studio 8.6 Enterprise RunTime for VS2005 (x32 Version: 8.6.10466 - National Instruments) Hidden
NI Measurement Studio Common .NET Assemblies (x64) for .NET 3.5 (Version: 9.1.00159 - National Instruments) Hidden
NI Measurement Studio Common .NET Assemblies for .NET 2.0 (x32 Version: 9.1.00159 - National Instruments) Hidden
NI Measurement Studio Common .NET Assemblies for .NET 3.5 (x32 Version: 9.1.00159 - National Instruments) Hidden
NI Measurement Studio Common .NET Language Assemblies for the .NET Framework 1.1 (x32 Version: 8.1.20417 - National Instruments) Hidden
NI Measurement Studio GPIB Support for VS2005 (x32 Version: 9.0.00157 - National Instruments) Hidden
NI Measurement Studio GPIB Support for VS2008 (x32 Version: 9.0.00157 - National Instruments) Hidden
NI Measurement Studio MAX Configuration Support for VS2003 (x32 Version: 8.9.00111 - National Instruments) Hidden
NI Measurement Studio MAX Configuration Support for VS2005 (x32 Version: 8.9.00111 - National Instruments) Hidden
NI Measurement Studio MAX Configuration Support for VS2008 (x32 Version: 8.9.00111 - National Instruments) Hidden
NI Measurement Studio Recipe Processor (x32 Version: 8.0.0101 - National Instruments) Hidden
NI MetaSuite Installer (x32 Version: 3.0.408 - National Instruments) Hidden
NI Microsoft Silverlight Wrapper (x32 Version: 4.0.307 - National Instruments) Hidden
NI MXS 5.0.0 (x32 Version: 5.00.49153 - National Instruments) Hidden
NI MXS 5.0.0 for 64 Bit Windows (Version: 5.00.49153 - National Instruments) Hidden
NI Network Discovery 5.1 (x32 Version: 5.10.49152 - National Instruments) Hidden
NI Network Discovery 5.1 for LabVIEW Real-Time (x32 Version: 5.10.49152 - National Instruments) Hidden
NI Network Discovery 5.1 for Windows 64-bit (Version: 5.10.49152 - National Instruments) Hidden
NI Network Variable Engine for LabVIEW Real-Time (x32 Version: 8.6.21.0 - National Instruments) Hidden
NI OPC Support (x32 Version: 11.0.294.0 - National Instruments) Hidden
NI Portable Configuration 5.0.0 (x32 Version: 5.00.49152 - National Instruments) Hidden
NI Portable Configuration for 64 Bit Windows 5.0.0 (Version: 5.00.49152 - National Instruments) Hidden
NI PXI Hardware 64-bit Support 2.6.2 (Version: 2.62.49152 - National Instruments) Hidden
NI PXI Platform Services 2.6.2 (x32 Version: 2.62.49152 - National Instruments) Hidden
NI PXI Platform Services 2.6.2 Configuration Support (x32 Version: 2.62.49152 - National Instruments) Hidden
NI PXI Platform Services 2.6.2 Expert (x32 Version: 2.62.49152 - National Instruments) Hidden
NI PXI Platform Services 2.6.2 Expert for LabVIEW Real-Time (x32 Version: 2.62.49152 - National Instruments) Hidden
NI PXI Platform Services 2.6.2 for LabVIEW Real-Time (x32 Version: 2.62.49152 - National Instruments) Hidden
NI PXI SystemAPI Expert 2.6.2 (x32 Version: 2.62.49152 - National Instruments) Hidden
NI PXI SystemAPI Expert 64-bit 2.6.2 (Version: 2.62.49152 - National Instruments) Hidden
NI R Series 4.1 (x32 Version: 4.10.49154 - National Instruments) Hidden
NI R Series 4.1 for LabVIEW Real-Time (x32 Version: 4.10.49153 - National Instruments) Hidden
NI R Series LabVIEW 2009 Support (x32 Version: 3.3.00089 - National Instruments) Hidden
NI R Series LabVIEW 2010 Support (x32 Version: 3.6.01031 - National Instruments) Hidden
NI R Series LabVIEW 2011 Support (x32 Version: 4.10.49154 - National Instruments) Hidden
NI R Series LabVIEW 8.6 Support (x32 Version: 3.1.00102 - National Instruments) Hidden
NI Registration Wizard (x32 Version: 1.3.87.0 - National Instruments) Hidden
NI Remote Provider for MAX 5.1.0 (x32 Version: 5.10.49152 - National Instruments) Hidden
NI Remote PXI Provider for MAX 5.1.0 (x32 Version: 5.10.49152 - National Instruments) Hidden
NI Search Shared (x32 Version: 11.0.28.0 - National Instruments) Hidden
NI Severra Smart Camera support for LV2010 (x32 Version: 11.10.8.0 - National Instruments) Hidden
NI Software Provider for MAX 5.0.0 (x32 Version: 5.00.49152 - National Instruments) Hidden
NI SSL LabVIEW 2011 SP1 Support (x32 Version: 11.0.351.0 - National Instruments) Hidden
NI SSL Support (64-bit) (Version: 11.0.75.0 - National Instruments) Hidden
NI SSL Support (x32 Version: 11.0.295.0 - National Instruments) Hidden
NI System API Client for WIF 5.1.0 (x32 Version: 5.10.25.0 - National Instruments) Hidden
NI System API Web-Servce 32-bit 5.0.0 (x32 Version: 5.0.310.0 - National Instruments) Hidden
NI System API Windows 32-bit 5.1.0 (x32 Version: 5.10.24.0 - National Instruments) Hidden
NI System API Windows 64-bit 5.1.0 (Version: 5.10.24.0 - National Instruments) Hidden
NI System Configuration Runtime 5.1.0 for Windows 64-bit (Version: 5.10.35.0 - National Instruments) Hidden
NI System State Publisher (64-bit) (Version: 11.0.306.0 - National Instruments) Hidden
NI System State Publisher (x32 Version: 11.0.306.0 - National Instruments) Hidden
NI System Web Server 11.5 (x32 Version: 11.0.288.0 - National Instruments) Hidden
NI System Web Server Base 11.5 (64-bit) (Version: 2.0.291.0 - National Instruments) Hidden
NI System Web Server Base 11.5 (x32 Version: 2.0.291.0 - National Instruments) Hidden
NI TDM Excel Add-In 3.3 (x32 Version: 3.3.35.0 - National Instruments) Hidden
NI TDM Excel Add-In 3.3 64-bit (Version: 3.3.28.0 - National Instruments) Hidden
NI TDMS (64-bit) (Version: 2.3.175.0 - National Instruments) Hidden
NI TDMS (x32 Version: 2.3.175.0 - National Instruments) Hidden
NI Trace Engine (64-bit) (Version: 11.0.213.0 - National Instruments) Hidden
NI Trace Engine (x32 Version: 11.0.213.0 - National Instruments) Hidden
NI Uninstaller (x32 Version: 3.0.408 - National Instruments) Hidden
NI Unterstützung für nicht englische Versionen der Runtime-Engine von LabVIEW 2011 SP1 (x32 Version: 11.0.299.0 - National Instruments) Hidden
NI USI 1.9.1 (x32 Version: 1.9.14681 - National Instruments) Hidden
NI USI 1.9.1 64-Bit (Version: 1.9.14681 - National Instruments) Hidden
NI Variable Engine (64-bit) (Version: 2.5.291.0 - National Instruments) Hidden
NI Variable Engine 2.5.1 (x32 Version: 2.5.296.0 - National Instruments) Hidden
NI Variable Engine LabVIEW 2011 SP1 Support (x32 Version: 11.0.139.0 - National Instruments) Hidden
NI VC2005MSMs x64 (Version: 8.04.0 - National Instruments) Hidden
NI VC2005MSMs x86 (x32 Version: 8.04.0 - National Instruments) Hidden
NI VC2008MSMs x64 (Version: 9.0.301 - National Instruments) Hidden
NI VC2008MSMs x86 (x32 Version: 9.0.301 - National Instruments) Hidden
NI Web Application Server 11.5 (64-bit) (Version: 1.1.343.0 - National Instruments) Hidden
NI Web Application Server 11.5 (x32 Version: 2.0.286.0 - National Instruments) Hidden
NI Web Interface Framework 11.5 (x32 Version: 2.0.288.0 - National Instruments) Hidden
NI Web Pipeline 2.0.1 (x32 Version: 2.0.128.0 - National Instruments) Hidden
NI Web Pipeline 2.0.1 64-bit support (Version: 2.0.122.0 - National Instruments) Hidden
NI Xalan Delay Load 1.10.2 (x32 Version: 1.10.72.0 - National Instruments) Hidden
NI Xalan Delay Load 1.10.2 64-bit (Version: 1.10.73.0 - National Instruments) Hidden
NI Xerces Delay Load 2.7.3 (x32 Version: 2.7.180.0 - National Instruments) Hidden
NI Xerces Delay Load 2.7.3 64-bit (Version: 2.7.190.0 - National Instruments) Hidden
NI-1588 Configuration 1.1.2 (x32 Version: 1.12.18.0 - National Instruments) Hidden
NI-1588 Configuration 1.1.2 LabVIEW 2009 (64-bit) Support (Version: 1.12.17.0 - National Instruments) Hidden
NI-1588 Configuration 1.1.2 LabVIEW 2009 Support (x32 Version: 1.12.17.0 - National Instruments) Hidden
NI-1588 Configuration 1.1.2 LabVIEW 2010 (64-bit) Support (Version: 1.12.16.0 - National Instruments) Hidden
NI-1588 Configuration 1.1.2 LabVIEW 2010 Support (x32 Version: 1.12.17.0 - National Instruments) Hidden
NI-1588 Configuration 1.1.2 LabVIEW 2011 (64-bit) Support (Version: 1.12.16.0 - National Instruments) Hidden
NI-1588 Configuration 1.1.2 LabVIEW 2011 Support (x32 Version: 1.12.16.0 - National Instruments) Hidden
NI-1588 Configuration 1.1.2 LabVIEW 8.6 Support (x32 Version: 1.12.17.0 - National Instruments) Hidden
NI-1588 Configuration 1.1.2 LabVIEW API Core (x32 Version: 1.12.17.0 - National Instruments) Hidden
NI-1588 Configuration 1.1.2 LabVIEW Real-Time Support (x32 Version: 1.12.16.0 - National Instruments) Hidden
NI-CAN Driver Files (x32 Version: 2.7.15360 - National Instruments) Hidden
NI-CAN Driver Files 64-bit (Version: 2.7.15360 - National Instruments) Hidden
NI-DAQmx Switch Core 2.2.0 (x32 Version: 2.20.49152 - National Instruments) Hidden
NI-DAQmx Switch Core for 64 Bit Windows 2.2.0 (Version: 2.20.49152 - National Instruments) Hidden
NI-DAQmx/LabVIEW shared documentation 1.9.5 (x32 Version: 1.95.49152 - National Instruments) Hidden
NI-DAQmx/LabVIEW shared documentation for 64 Bit Windows 1.9.5 (Version: 1.95.49152 - National Instruments) Hidden
NI-DNET 1.6.6 (x32 Version: 1.6.27649 - National Instruments) Hidden
NI-DSM 2011 SP1 (x32 Version: 11.0.344.0 - National Instruments) Hidden
NI-Mesa (Version: 11.0.11.0 - National Instruments) Hidden
NI-Mesa (x32 Version: 11.0.11.0 - National Instruments) Hidden
NI-RIO 4.1 (x32 Version: 4.10.49153 - National Instruments) Hidden
NI-RIO 4.1 for LabVIEW Real-Time (x32 Version: 4.10.49153 - National Instruments) Hidden
NI-RIO 4.1 FPGA Driver (64-bit) (Version: 4.10.49153 - National Instruments) Hidden
NI-RIO 951x 2.0 for LabVIEW Real-Time (x32 Version: 2.00.49153 - National Instruments) Hidden
NI-RIO Chinch 4.1 (64-bit) (Version: 4.10.49153 - National Instruments) Hidden
NI-RIO Chinch 4.1 (x32 Version: 4.10.49153 - National Instruments) Hidden
NI-RIO Chinch 4.1 for LabVIEW Real-Time (x32 Version: 4.10.49153 - National Instruments) Hidden
NI-RIO Common Files for LabVIEW 2009 (x32 Version: 3.5.00235 - National Instruments) Hidden
NI-RIO Common Files for LabVIEW 2010 (x32 Version: 3.6.01029 - National Instruments) Hidden
NI-RIO Common Files for LabVIEW 2011 (x32 Version: 4.10.49153 - National Instruments) Hidden
NI-RIO Common Files for LabVIEW 8.6 (x32 Version: 3.1.00214 - National Instruments) Hidden
NI-RIO I/O Control for LabVIEW 2009 (x32 Version: 3.3.00089 - National Instruments) Hidden
NI-RIO I/O Control for LabVIEW 2010 (x32 Version: 3.6.00213 - National Instruments) Hidden
NI-RIO I/O Control for LabVIEW 2011 (x32 Version: 4.10.49153 - National Instruments) Hidden
NI-RIO I/O Control for LabVIEW 8.5 (x32 Version: 2.4.00126 - National Instruments) Hidden
NI-RIO I/O Control for LabVIEW 8.6 (x32 Version: 3.1.00214 - National Instruments) Hidden
NI-RIO Mite 4.1 (64-bit) (Version: 4.10.49153 - National Instruments) Hidden
NI-RIO Mite 4.1 (x32 Version: 4.10.49153 - National Instruments) Hidden
NI-RIO Mite 4.1 for LabVIEW Real-Time (x32 Version: 4.10.49153 - National Instruments) Hidden
NI-RIO Scan Interface 1.1.4 for Real-Time Embedded Targets (x32 Version: 1.14.49153 - National Instruments) Hidden
NI-RIO Scan Interface 1.4.2 for Real-Time Embedded Targets (x32 Version: 1.42.49153 - National Instruments) Hidden
NI-RIO Scan Interface 1.6.1.1 for Real-Time Embedded Targets (x32 Version: 1.61.49253 - National Instruments) Hidden
NI-RIO Scan Interface 2.0.1 for Real-Time Embedded Targets (x32 Version: 2.00.53000 - National Instruments) Hidden
NI-RIO Utilities 4.1 (x32 Version: 4.10.49153 - National Instruments) Hidden
NI-RPC 4.2.2f0 (x32 Version: 4.22.49152 - National Instruments) Hidden
NI-RPC 4.2.2f0 for 64 Bit Windows (Version: 4.22.49152 - National Instruments) Hidden
NI-RPC 4.2.2f0 for Phar Lap ETS (x32 Version: 4.22.49152 - National Instruments) Hidden
NI-Serial 3.8.1 (x32 Version: 3.81.49153 - National Instruments) Hidden
NI-Serial 3.8.1 64-bit driver (Version: 3.81.49153 - National Instruments) Hidden
NI-Update-Dienst 2.0 (x32 Version: 2.1.30.0 - National Instruments) Hidden
NI-VISA 5.1.0 for LabVIEW Real-Time (x32 Version: 5.10.49152 - National Instruments) Hidden
NVIDIA 3D Vision Treiber 285.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 285.62 - NVIDIA Corporation)
NVIDIA Grafiktreiber 285.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 285.62 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.24.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.24.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.46.235 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.11.0621 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.11.0621 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.0621 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.8562 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 285.62 (Version: 285.62 - NVIDIA Corporation) Hidden
NVIDIA Update 1.5.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.5.20 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.5.20 - NVIDIA Corporation) Hidden
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Opera Stable 20.0.1387.82 (HKLM-x32\...\Opera 20.0.1387.82) (Version: 20.0.1387.82 - Opera Software ASA)
Origin86 (HKLM-x32\...\{96700F76-C4C8-4D76-9A1C-0065F8CF36BA}) (Version: 8.60.00 - OriginLab Corporation)
Origin86 (x32 Version: 8.60.00 - OriginLab) Hidden
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
PDF24 Creator 5.0.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rampant Logic Postscript Viewer version 1.2 (HKLM-x32\...\{39C4C6DE-641B-483F-B875-2AEDF0FB85CA}_is1) (Version: 1.2 - Rampant Logic, LLC)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Reset NI Config 5.0.0 (x32 Version: 5.0.146.0 - National Instruments) Hidden
Runtime für den NI-Systemkonfigurator 5.1.0 (x32 Version: 5.10.35.0 - National Instruments) Hidden
SecureW2 Personal Client - Distribution Edition 2.0.6 for Windows (HKLM-x32\...\SecureW2 Personal Client - Distribution Edition) (Version:  - )
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Star Wars Jedi Knight Jedi Academy (HKLM-x32\...\{0D994CC5-819F-4657-84DD-397B8FE1EA80}) (Version:  - )
Star Wars JK II Jedi Outcast (HKLM-x32\...\{8681B1E6-CD96-46EF-9065-CE0D1085ED99}) (Version:  - )
Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version:  - BioWare)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steuer 2012 (HKCU\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{EFE3D683-903C-4B58-AB8F-C68C69F33758}) (Version: 4.5.3.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.10 - TeamSpeak Systems GmbH)
TeXnicCenter Version 1.0 Stable RC1 (HKLM-x32\...\TeXnicCenter_is1) (Version: Version 1.0 Stable RC1 - TeXnicCenter.org)
TeXstudio 2.3 (HKLM-x32\...\TeXstudio_is1) (Version: 2.3.0 - Benito van der Zander)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Trust USB Audio (HKLM\...\C-Media CM106 Like Sound Driver) (Version:  - )
Unknown Device Identifier 7.00 (HKLM-x32\...\Unknown Device Identifier_is1) (Version:  - Huntersoft)
VAIO Quick Web Access (HKLM-x32\...\splashtop) (Version: 1.4.5.3 - Sony Corporation)
VAIO Quick Web Access (x32 Version: 1.4.5.3 - Sony Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
WIF Core Dependencies Windows 5.1.0 (x32 Version: 5.10.14.0 - National Instruments) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Utils (HKLM-x32\...\Windows Utils) (Version:  - )
WinHTTrack Website Copier 3.47-27 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.47.27 - HTTrack)
Wolfram Mathematica 8 for Students (M-WIN-G 8.0.1 2063988) (HKLM\...\M-WIN-G 8.0.1 2063988_is1) (Version: 8.0.1 - Wolfram Research, Inc.)
Wolfram Mathematica 9 (M-WIN-L 9.0.0 3868239) (HKLM\...\M-WIN-L 9.0.0 3868239_is1) (Version: 9.0.0 - Wolfram Research, Inc.)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)

==================== Restore Points  =========================

18-03-2014 13:21:08 Geplanter Prüfpunkt
18-03-2014 19:02:55 Windows Update
28-03-2014 10:09:59 Geplanter Prüfpunkt
30-03-2014 21:12:55 Free Pdf Perfect Prereq
30-03-2014 21:31:23 Removed Quake Live Mozilla Plugin

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {237FEE4F-16D5-40E0-9FC1-D750F91BCBB3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2257517358-2513234212-1466731007-1000Core => C:\Users\Michel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-20] (Google Inc.)
Task: {2A001984-B12D-4EFD-BFF9-C94B5815176A} - System32\Tasks\{8C5CCD90-B44D-4F03-B92F-2A1C7D543B4F} => D:\Program Files (x86)\Steam\SteamApps\common\swkotor\swconfig.exe [2012-02-01] ()
Task: {7BB1BF6F-DF82-400D-8855-0467EAECFD7C} - System32\Tasks\{E85643FE-48D1-4793-9109-C8A776618E1A} => D:\Program Files (x86)\Steam\SteamApps\common\swkotor\swconfig.exe [2012-02-01] ()
Task: {86788C98-03BA-4F30-8507-B3E84C281991} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-18] (Adobe Systems Incorporated)
Task: {99542CCB-F90C-402C-9446-B98843D10F49} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BC589345-7497-46B4-839F-06C854FE3B75} - System32\Tasks\{C671A1F0-FA55-4276-A1FC-1DB27A88BF4B} => C:\Users\Michel\Desktop\Installer\SecureW2_Personal_Client_206_UniGi_20091021.exe
Task: {C37D8FCD-8B56-4842-9130-3DEC2319D0DB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2257517358-2513234212-1466731007-1000UA => C:\Users\Michel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-20] (Google Inc.)
Task: {C3FCCED8-653C-4A46-AC64-F0B65BD27F8B} - System32\Tasks\{D72130C0-DF13-48FE-94C4-9B7CD362FB36} => D:\Program Files (x86)\Steam\Steam.exe [2012-08-25] (Valve Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2257517358-2513234212-1466731007-1000Core.job => C:\Users\Michel\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2257517358-2513234212-1466731007-1000UA.job => C:\Users\Michel\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-17 18:19 - 2014-01-17 18:19 - 00118784 _____ () C:\Windows\system32\aspnet`counters.exe
2012-11-19 19:49 - 2011-04-25 21:16 - 00515584 ____N () C:\Program Files\2.4G Ergo Laser Device\TSR\xDaemon.exe
2012-11-19 19:49 - 2011-05-05 22:15 - 00553472 ____N () C:\Program Files\2.4G Ergo Laser Device\UI\xManager\xTools.dll
2014-03-21 01:09 - 2014-03-19 12:00 - 01380704 _____ () C:\Program Files (x86)\Opera\20.0.1387.82\opera_crashreporter.exe
2012-12-17 18:07 - 2012-09-19 19:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-13 15:54 - 2014-02-13 15:54 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\aa739380ca2b2fc7366d464d2f2301ac\IsdiInterop.ni.dll
2011-12-31 02:27 - 2010-09-13 19:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-03-21 01:09 - 2014-03-19 12:00 - 00908640 _____ () C:\Program Files (x86)\Opera\20.0.1387.82\libglesv2.dll
2014-03-21 01:09 - 2014-03-19 12:00 - 00108896 _____ () C:\Program Files (x86)\Opera\20.0.1387.82\libegl.dll
2014-03-21 01:09 - 2014-03-19 12:00 - 00895328 _____ () C:\Program Files (x86)\Opera\20.0.1387.82\ffmpegsumo.dll
2014-03-18 14:42 - 2014-03-18 14:42 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
2014-03-28 13:10 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-10-15 01:54 - 2011-10-15 01:54 - 00265536 _____ () C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/31/2014 06:39:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/31/2014 01:16:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/31/2014 09:26:44 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2014 11:36:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2014 11:31:23 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-2257517358-2513234212-1466731007-1001.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {69c0c1cd-e986-4479-8446-c2721cb0c88c}

Error: (03/30/2014 11:12:55 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-2257517358-2513234212-1466731007-1001.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {891ec023-d96d-4ab3-a006-dc4aaf4dabe3}

Error: (03/30/2014 10:54:45 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Michel-PC)
Description: Sie konnten nicht angemeldet werden, da das lokal gespeicherte Profil nicht geladen werden konnte. Überprüfen Sie, ob eine Netzwerkverbindung besteht und das Netzwerk ordnungsgemäß funktioniert. 

 Details - Nur ein Teil der ReadProcessMemory- oder WriteProcessMemory-Anforderung wurde abgeschlossen.

Error: (03/30/2014 10:54:45 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Michel-PC)
Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren.

Error: (03/30/2014 10:54:45 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Michel-PC)
Description: Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden.

Error: (03/30/2014 10:54:45 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Michel-PC)
Description: Das lokal gespeicherte Profil kann nicht geladen werden. Mögliche Fehlerursachen sind nicht ausreichende Sicherheitsrechte oder ein beschädigtes lokales Profil. 

 Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.


System errors:
=============
Error: (03/31/2014 06:38:54 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/31/2014 06:37:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nicanpk" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/31/2014 01:16:17 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/31/2014 01:15:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nicanpk" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/31/2014 09:26:26 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/31/2014 09:25:10 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nicanpk" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/30/2014 11:36:18 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/30/2014 11:35:15 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nicanpk" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/30/2014 10:54:45 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "LoadUserProfile" ist aufgrund folgenden Fehlers fehlgeschlagen: 
%%299

Error: (03/30/2014 10:53:22 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (03/31/2014 06:39:10 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/31/2014 01:16:47 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/31/2014 09:26:44 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2014 11:36:48 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2014 11:31:23 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-2257517358-2513234212-1466731007-1001.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {69c0c1cd-e986-4479-8446-c2721cb0c88c}

Error: (03/30/2014 11:12:55 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-2257517358-2513234212-1466731007-1001.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {891ec023-d96d-4ab3-a006-dc4aaf4dabe3}

Error: (03/30/2014 10:54:45 PM) (Source: Microsoft-Windows-User Profiles Service)(User: Michel-PC)
Description: Nur ein Teil der ReadProcessMemory- oder WriteProcessMemory-Anforderung wurde abgeschlossen.

Error: (03/30/2014 10:54:45 PM) (Source: Microsoft-Windows-User Profiles Service)(User: Michel-PC)
Description: 

Error: (03/30/2014 10:54:45 PM) (Source: Microsoft-Windows-User Profiles Service)(User: Michel-PC)
Description: 

Error: (03/30/2014 10:54:45 PM) (Source: Microsoft-Windows-User Profiles Service)(User: Michel-PC)
Description: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.


CodeIntegrity Errors:
===================================
  Date: 2011-12-31 17:40:02.993
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Michel\Downloads\PCIUtil.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-12-31 17:40:02.993
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Michel\Downloads\PCIUtil.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-12-31 17:40:02.913
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Michel\AppData\Local\Temp\PCIUtil.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-12-31 17:40:02.913
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Michel\AppData\Local\Temp\PCIUtil.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-12-31 17:39:39.419
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Michel\Downloads\PCIUtil.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-12-31 17:39:39.409
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Michel\Downloads\PCIUtil.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-12-31 17:39:39.289
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Michel\AppData\Local\Temp\PCIUtil.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-12-31 17:39:39.279
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Michel\AppData\Local\Temp\PCIUtil.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-12-31 17:39:28.577
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Michel\Downloads\PCIUtil.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-12-31 17:39:28.567
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Michel\Downloads\PCIUtil.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 60%
Total physical RAM: 4077.86 MB
Available physical RAM: 1618.39 MB
Total Pagefile: 8153.9 MB
Available Pagefile: 5260.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.31 GB) (Free:71.67 GB) NTFS
Drive d: () (Fixed) (Total:256.34 GB) (Free:53.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 8C2078A1)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=256 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-01 20:28:45
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0006 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Michel\AppData\Local\Temp\uwdiypow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 666                                                                   fffff800033af08a 7 bytes [00, 00, 00, 00, 00, 00, 03]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 674                                                                   fffff800033af092 4 bytes [00, 00, 00, 00]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000768a1465 2 bytes [8A, 76]
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000768a14bb 2 bytes [8A, 76]
.text     ...                                                                                                                                  * 2

---- Threads - GMER 2.1 ----

Thread    C:\Windows\SysWOW64\ntdll.dll [1736:1740]                                                                                            000000000108d1f6
Thread    C:\Windows\SysWOW64\ntdll.dll [1736:1780]                                                                                            00000000721f8c90
Thread    C:\Windows\SysWOW64\ntdll.dll [1736:2496]                                                                                            000000006fc78960
Thread    C:\Windows\SysWOW64\ntdll.dll [1736:2436]                                                                                            000000006fc78960
Thread    C:\Windows\SysWOW64\ntdll.dll [1736:2228]                                                                                            000000006fc78960
Thread    C:\Windows\SysWOW64\ntdll.dll [1736:2224]                                                                                            000000006fc74090
Thread    C:\Windows\SysWOW64\ntdll.dll [1736:692]                                                                                             000000007261e2cb
Thread    C:\Windows\SysWOW64\ntdll.dll [580:2680]                                                                                             00000000011553d3
Thread    C:\Windows\SysWOW64\ntdll.dll [580:3596]                                                                                             00000000732fb89c
Thread    C:\Windows\SysWOW64\ntdll.dll [580:3600]                                                                                             00000000732fbaf3
Thread    C:\Windows\SysWOW64\ntdll.dll [580:3604]                                                                                             00000000732fb3c2

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e5b5512e                                                          
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e5b5512e@40a6d90ba5af                                             0x10 0x32 0x98 0x57 ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e5b5512e (not active ControlSet)                                      
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e5b5512e@40a6d90ba5af                                                 0x10 0x32 0x98 0x57 ...

---- EOF - GMER 2.1 ----
         

Alt 02.04.2014, 07:10   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Probleme mit Firefox Add-On "Download Protect 2.2.0" - Standard

Probleme mit Firefox Add-On "Download Protect 2.2.0"



hi,

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________

__________________

Alt 02.04.2014, 15:33   #3
Michel D.
 
Probleme mit Firefox Add-On "Download Protect 2.2.0" - Standard

Probleme mit Firefox Add-On "Download Protect 2.2.0"



Hi, vielen Dank für deine Hilfe, hier die Logfiles:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Michel at 2014-04-02 15:37:27 Run:1
Running from C:\Users\Michel\Desktop\help
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.


The system needed a reboot. 

==== End of Fixlog ====
         
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 02.04.2014
Suchlauf-Zeit: 16:14:40
Logdatei: mbamlog.txt
Administrator: Ja

Version: 2.00.0.1000
Malware Datenbank: v2014.04.02.05
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Michel

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 342826
Verstrichene Zeit: 29 Min, 47 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
         
Code:
ATTFilter
# AdwCleaner v3.023 - Bericht erstellt am 02/04/2014 um 16:19:35
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Michel - MICHEL-PC
# Gestartet von : C:\Users\Michel\Desktop\help\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\SoftwareUpdater
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Michel\AppData\Local\TempDir
Ordner Gelöscht : C:\Users\Michel\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Michel\AppData\LocalLow\SimplyTech
Ordner Gelöscht : C:\Users\Michel\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Michel\AppData\Roaming\OCS
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\SimplyTech
Ordner Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\fqdayykf.default\Extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}
Datei Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\fqdayykf.default\user.js
Datei Gelöscht : C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKCU\Software\5d57d88ab16eed10
Schlüssel Gelöscht : HKLM\SOFTWARE\5d57d88ab16eed10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\PIP
Schlüssel Gelöscht : HKCU\Software\powerpack
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Show-Password
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\simplytech
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DeviceVM
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DeviceVM

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)]

-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\prefs.js ]


[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\fqdayykf.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultengine", "Web Search");
Zeile gelöscht : user_pref("browser.search.order.1", "Web Search");

-\\ Google Chrome v

[ Datei : C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : homepage

*************************

AdwCleaner[R0].txt - [13997 octets] - [02/04/2014 16:17:12]
AdwCleaner[S0].txt - [12594 octets] - [02/04/2014 16:19:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12655 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Professional x64
Ran by Michel on 02.04.2014 at 16:23:57,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2257517358-2513234212-1466731007-1000\Software\sweetim



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Michel\AppData\Roaming\mozilla\firefox\profiles\m50yugco.default\minidumps [5 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.04.2014 at 16:28:19,58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Michel (administrator) on MICHEL-PC on 02-04-2014 16:29:25
Running from C:\Users\Michel\Desktop\help
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
() C:\Windows\system32\aspnet`counters.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
() C:\Program Files\2.4G Ergo Laser Device\TSR\xDaemon.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [518784 2011-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [790688 2011-04-29] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657568 2011-04-29] (Atheros Commnucations)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [226672 2011-03-23] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Cm106Sound] - C:\Windows\Syswow64\cm106.dll [8126464 2009-05-11] (C-Media Corporation)
HKLM\...\Run: [2.4G Ergo Laser Device Main Program] - C:\Program Files\2.4G Ergo Laser Device\TSR\xDaemon.exe [515584 2011-04-25] ()
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-2257517358-2513234212-1466731007-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-2257517358-2513234212-1466731007-1000\...\MountPoints2: {9e879b04-c92b-11e2-b78f-78843cf81918} - G:\AutoRun.exe
HKU\S-1-5-21-2257517358-2513234212-1466731007-1000\...\MountPoints2: {bae07a93-33bb-11e1-830e-78843cf81918} - F:\Autorun.exe
HKU\S-1-5-21-2257517358-2513234212-1466731007-1000\...\MountPoints2: {ed148876-c126-11e2-94a7-78843cf81918} - H:\AutoRun.exe
HKU\S-1-5-21-2257517358-2513234212-1466731007-1000\...\MountPoints2: {ed148890-c126-11e2-94a7-78843cf81918} - H:\AutoRun.exe
HKU\S-1-5-21-2257517358-2513234212-1466731007-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-2257517358-2513234212-1466731007-1001\...\MountPoints2: {57b5004f-3347-11e1-bb76-806e6f6e6963} - E:\Autorun.exe
HKU\S-1-5-21-2257517358-2513234212-1466731007-1001\...\MountPoints2: {bae07a93-33bb-11e1-830e-78843cf81918} - F:\autorun.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE3D12CFF78A1CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 09 D:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [24280] (National Instruments Corporation)
Winsock: Catalog5-x64 09 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26328] (National Instruments Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.0.3824406\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Michel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Michel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Michel\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2010win32.dll (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2011win32.dll (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\searchplugins\googletranslate.xml
FF SearchPlugin: C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\searchplugins\startpage-ssl.xml
FF SearchPlugin: C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\searchplugins\wolframalpha.xml
FF SearchPlugin: C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\searchplugins\youtube.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FoxyProxy Standard - C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\Extensions\foxyproxy@eric.h.jung [2014-03-28]
FF Extension: Flashblock - C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-03-28]
FF Extension: All-in-One Gestures - C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2014-03-28]
FF Extension: NoScript - C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-02]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-02-15]
FF HKLM-x32\...\Firefox\Extensions: [{9942E1EE-D102-4E37-812F-1AF320DCE933}] - C:\Windows\Installer\{6EE70575-8D13-49B9-A1E4-69AC565AFEAB}\{9942E1EE-D102-4E37-812F-1AF320DCE933}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{6EE70575-8D13-49B9-A1E4-69AC565AFEAB}\{9942E1EE-D102-4E37-812F-1AF320DCE933}.xpi [2014-04-02]

Chrome: 
=======
CHR HomePage: 
CHR Extension: (YouTube) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-20]
CHR Extension: (Google Search) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-20]
CHR Extension: (Download Protect) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbonpmilncgdemeljgfkdcenidmmacm [2014-01-29]
CHR Extension: (Download Protect) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkkojlgbmboapbefmilfbeakgakbgedc [2014-01-23]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-04-20]
CHR Extension: (Gmail) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-20]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Michel\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx [2012-11-08]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-04-29] (Atheros)
R2 fc64; C:\Windows\system32\aspnet`counters.exe [118784 2014-01-17] ()
S4 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.)
S4 lkClassAds; C:\Windows\SysWOW64\lkads.exe [46192 2011-06-14] (National Instruments Corporation)
S4 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [56952 2011-06-14] (National Instruments Corporation)
S4 mxssvr; D:\Program Files (x86)\National Instruments\MAX\nimxs.exe [12696 2011-06-14] (National Instruments Corporation)
S4 NIApplicationWebServer; D:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [50336 2011-11-17] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [68256 2011-11-17] (National Instruments Corporation)
S4 NIDomainService; D:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [362104 2011-06-14] (National Instruments Corporation)
S3 NILM License Manager; D:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
S4 nimDNSResponder; D:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [194224 2011-06-01] (National Instruments Corporation)
S4 NINetworkDiscovery; D:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [121032 2011-11-30] (National Instruments Corporation)
S4 NiRioRpc; C:\Windows\SysWOW64\NiRioRpc.exe [30344 2012-01-07] (National Instruments Corporation)
S4 niSvcLoc; D:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [50328 2011-11-17] (National Instruments Corporation)
S4 NITaggerService; D:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [676528 2011-10-24] (National Instruments Corporation)
S4 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-08-29] (soft Xpansion)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2011-12-31] (DT Soft Ltd)
S3 ni1006k; C:\Windows\system32\drivers\ni1006k.sys [30800 2011-04-08] (National Instruments Corporation)
S3 ni1045k; C:\Windows\system32\drivers\ni1045kl.sys [11856 2011-04-08] (National Instruments Corporation)
S3 ni1065k; C:\Windows\system32\drivers\ni1065k.sys [26704 2011-04-08] (National Instruments Corporation)
S2 nicanpk; C:\Windows\System32\DRIVERS\nicanpkl.sys [11920 2011-06-01] (National Instruments Corporation)
R0 nipxibaf; C:\Windows\System32\drivers\nipxibaf.sys [82568 2011-04-08] (National Instruments Corporation)
R0 nipxibrc; C:\Windows\System32\drivers\nipxibrc.sys [54424 2011-04-08] (National Instruments Corporation)
S3 niswdk; C:\Windows\system32\drivers\niswdkl.sys [12936 2011-03-23] (National Instruments Corporation)
S3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1306624 2009-05-14] (C-Media Electronics Inc)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-02 16:28 - 2014-04-02 16:28 - 00001077 _____ () C:\Users\Michel\Desktop\JRT.txt
2014-04-02 16:28 - 2014-04-02 16:28 - 00000000 ___RD () C:\Users\Michel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-04-02 16:23 - 2014-04-02 16:23 - 00000000 ____D () C:\Windows\ERUNT
2014-04-02 16:17 - 2014-04-02 16:19 - 00000000 ____D () C:\AdwCleaner
2014-04-01 20:28 - 2014-04-01 20:28 - 00003750 _____ () C:\Users\Michel\Documents\gmer.log
2014-03-31 19:37 - 2014-04-02 16:29 - 00000000 ____D () C:\FRST
2014-03-31 19:37 - 2014-03-31 19:37 - 00000000 _____ () C:\Users\Michel\defogger_reenable
2014-03-31 19:36 - 2014-04-02 16:29 - 00000000 ____D () C:\Users\Michel\Desktop\help
2014-03-30 23:32 - 2014-03-30 23:32 - 00000000 ____D () C:\Windows\system32\IO
2014-03-30 21:44 - 2014-04-02 15:44 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-30 21:44 - 2014-03-30 21:46 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-03-30 21:44 - 2014-03-30 21:44 - 04095448 _____ (BrightFort LLC ) C:\Users\Michel\Downloads\spywareblastersetup50.exe
2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\ProgramData\Licenses
2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-30 21:44 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-30 21:44 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-30 21:44 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-30 21:44 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2014-03-30 21:43 - 2014-03-30 21:43 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Michel\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-29 21:13 - 2014-03-29 21:13 - 00000000 ____D () C:\Users\Michel\Desktop\Musik
2014-03-28 13:10 - 2014-03-28 13:11 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Mozilla
2014-03-28 13:07 - 2014-03-28 13:07 - 00283192 _____ (Mozilla) C:\Users\Michel\Downloads\Firefox Setup Stub 28.0.exe
2014-03-26 18:33 - 2014-04-02 15:40 - 00000728 __RSH () C:\ProgramData\ntuser.pol
2014-03-26 18:31 - 2014-03-26 18:31 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-03-25 13:13 - 2014-03-25 13:13 - 10575008 _____ () C:\Users\Michel\Downloads\FreeFileSync_6.3_Windows_Setup.exe
2014-03-22 11:43 - 2014-03-22 11:44 - 00000890 _____ () C:\Users\Michel\Desktop\Thesis.lnk
2014-03-21 14:19 - 2014-03-21 14:19 - 00550371 _____ () C:\Users\Michel\Downloads\Autoruns.zip
2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files\iTunes
2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files\iPod
2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-21 14:04 - 2014-03-21 14:04 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-21 01:26 - 2014-03-21 01:26 - 00000000 ____D () C:\Users\Michel\Documents\geschenke
2014-03-20 17:24 - 2014-03-20 17:24 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-20 17:24 - 2014-03-20 17:24 - 00000000 ____D () C:\Users\Michel\AppData\Local\Skype
2014-03-19 14:00 - 2014-03-20 13:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-18 14:42 - 2014-03-18 14:42 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-18 12:19 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-18 12:19 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-18 12:19 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-18 12:19 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-18 12:19 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-18 12:19 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-18 12:19 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-18 12:19 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-18 12:19 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-18 12:19 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-18 12:19 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-18 12:19 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-18 12:19 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-18 12:19 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-18 12:19 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-18 12:19 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-18 12:19 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-18 12:19 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-18 12:19 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-18 12:18 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-18 12:18 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-18 12:18 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-18 12:18 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-18 12:18 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-18 12:18 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-18 12:18 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-18 12:18 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-18 12:18 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-18 12:18 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-18 12:18 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-18 12:18 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-18 12:18 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-18 12:18 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-18 12:18 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-18 12:18 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-18 12:18 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-18 12:18 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-18 12:18 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-18 12:18 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-18 12:18 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-18 12:18 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-18 12:18 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-18 12:18 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-18 12:18 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-18 12:18 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-18 12:18 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-18 12:18 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-18 12:18 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-18 12:15 - 2014-03-18 12:15 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Avira
2014-03-18 12:11 - 2014-03-18 12:11 - 00000000 ____D () C:\Users\Gast\AppData\Local\Macromedia
2014-03-18 12:10 - 2014-03-18 12:10 - 00000000 ____D () C:\Users\Gast\Documents\PDF Files
2014-03-05 11:29 - 2014-03-05 11:30 - 00012547 _____ () C:\Users\Michel\Documents\kündigung szl.odt

==================== One Month Modified Files and Folders =======

2014-04-02 16:29 - 2014-03-31 19:37 - 00000000 ____D () C:\FRST
2014-04-02 16:29 - 2014-03-31 19:36 - 00000000 ____D () C:\Users\Michel\Desktop\help
2014-04-02 16:28 - 2014-04-02 16:28 - 00001077 _____ () C:\Users\Michel\Desktop\JRT.txt
2014-04-02 16:28 - 2014-04-02 16:28 - 00000000 ___RD () C:\Users\Michel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-04-02 16:28 - 2011-12-31 02:41 - 00000000 ____D () C:\Users\Michel\Documents\Bluetooth Folder
2014-04-02 16:28 - 2011-04-12 09:43 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-04-02 16:28 - 2011-04-12 09:43 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-04-02 16:28 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-02 16:28 - 2009-07-14 06:45 - 00022032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-02 16:28 - 2009-07-14 06:45 - 00022032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-02 16:23 - 2014-04-02 16:23 - 00000000 ____D () C:\Windows\ERUNT
2014-04-02 16:20 - 2011-12-31 12:17 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-02 16:20 - 2011-12-31 02:00 - 01409740 _____ () C:\Windows\WindowsUpdate.log
2014-04-02 16:20 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-02 16:20 - 2009-07-14 06:51 - 00168424 _____ () C:\Windows\setupact.log
2014-04-02 16:19 - 2014-04-02 16:17 - 00000000 ____D () C:\AdwCleaner
2014-04-02 15:54 - 2013-01-13 11:06 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-02 15:44 - 2014-03-30 21:44 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-02 15:40 - 2014-03-26 18:33 - 00000728 __RSH () C:\ProgramData\ntuser.pol
2014-04-02 15:40 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-01 20:28 - 2014-04-01 20:28 - 00003750 _____ () C:\Users\Michel\Documents\gmer.log
2014-04-01 20:16 - 2012-01-02 16:14 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Skype
2014-04-01 15:42 - 2012-12-06 02:01 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Dropbox
2014-04-01 15:42 - 2011-12-31 16:43 - 00000000 ____D () C:\Users\Michel\Desktop\Uni
2014-03-31 19:59 - 2014-02-11 13:23 - 00001165 _____ () C:\Users\Michel\Desktop\Neues Textdokument.txt
2014-03-31 19:37 - 2014-03-31 19:37 - 00000000 _____ () C:\Users\Michel\defogger_reenable
2014-03-31 19:37 - 2011-12-31 02:09 - 00000000 ____D () C:\Users\Michel
2014-03-30 23:34 - 2010-11-21 05:47 - 00351584 _____ () C:\Windows\PFRO.log
2014-03-30 23:32 - 2014-03-30 23:32 - 00000000 ____D () C:\Windows\system32\IO
2014-03-30 23:29 - 2013-08-29 10:57 - 00000000 ____D () C:\ProgramData\Freemium
2014-03-30 23:28 - 2012-10-19 19:56 - 00000000 ____D () C:\ProgramData\Corel
2014-03-30 23:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-30 23:01 - 2014-02-15 13:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-30 22:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Speech
2014-03-30 21:46 - 2014-03-30 21:44 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-03-30 21:44 - 2014-03-30 21:44 - 04095448 _____ (BrightFort LLC ) C:\Users\Michel\Downloads\spywareblastersetup50.exe
2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\ProgramData\Licenses
2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-30 21:43 - 2014-03-30 21:43 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Michel\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-29 21:13 - 2014-03-29 21:13 - 00000000 ____D () C:\Users\Michel\Desktop\Musik
2014-03-28 17:47 - 2012-05-05 14:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-28 13:11 - 2014-03-28 13:10 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Mozilla
2014-03-28 13:07 - 2014-03-28 13:07 - 00283192 _____ (Mozilla) C:\Users\Michel\Downloads\Firefox Setup Stub 28.0.exe
2014-03-28 13:00 - 2012-03-03 11:34 - 00000000 ____D () C:\Users\Michel\AppData\Local\Paint.NET
2014-03-28 12:58 - 2013-05-22 16:53 - 00000000 ____D () C:\Users\Michel\Documents\Rezepte
2014-03-26 18:32 - 2012-12-01 20:45 - 00102624 _____ () C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-26 18:31 - 2014-03-26 18:31 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-03-26 18:30 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-25 17:00 - 2013-02-13 23:42 - 00001766 _____ () C:\Users\Michel\Desktop\unidropbox.ffs_batch
2014-03-25 13:39 - 2013-04-23 18:20 - 00004828 _____ () C:\Users\Michel\Desktop\SyncJob.ffs_gui
2014-03-25 13:15 - 2012-05-10 17:25 - 00000000 ____D () C:\Users\Michel\Documents\Kontoauszüge
2014-03-25 13:13 - 2014-03-25 13:13 - 10575008 _____ () C:\Users\Michel\Downloads\FreeFileSync_6.3_Windows_Setup.exe
2014-03-25 12:54 - 2013-04-23 13:28 - 00000000 ____D () C:\Users\Michel\MP3s
2014-03-24 14:13 - 2013-08-29 11:04 - 00000000 ____D () C:\Users\Michel\Documents\WG Ludwigstr
2014-03-24 01:51 - 2011-12-31 18:39 - 00000000 ____D () C:\Users\Michel\AppData\Local\CrashDumps
2014-03-23 17:00 - 2013-10-06 23:14 - 00000000 ____D () C:\Users\Michel\Desktop\Misc
2014-03-22 11:44 - 2014-03-22 11:43 - 00000890 _____ () C:\Users\Michel\Desktop\Thesis.lnk
2014-03-21 14:35 - 2012-04-11 15:56 - 02732392 _____ () C:\Users\Michel\Documents\AutoRuns.arn
2014-03-21 14:22 - 2011-12-31 02:10 - 00000000 ___RD () C:\Users\Michel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-21 14:19 - 2014-03-21 14:19 - 00550371 _____ () C:\Users\Michel\Downloads\Autoruns.zip
2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files\iTunes
2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files\iPod
2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-21 14:05 - 2011-12-31 16:42 - 00000000 ____D () C:\ProgramData\Apple
2014-03-21 14:04 - 2014-03-21 14:04 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-21 01:26 - 2014-03-21 01:26 - 00000000 ____D () C:\Users\Michel\Documents\geschenke
2014-03-21 01:09 - 2013-07-17 09:45 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-03-20 17:24 - 2014-03-20 17:24 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-20 17:24 - 2014-03-20 17:24 - 00000000 ____D () C:\Users\Michel\AppData\Local\Skype
2014-03-20 17:24 - 2012-01-02 16:14 - 00000000 ____D () C:\ProgramData\Skype
2014-03-20 13:55 - 2014-03-19 14:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-19 02:09 - 2009-07-14 06:45 - 00424552 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-18 21:05 - 2013-08-10 19:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 21:04 - 2011-12-31 02:57 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 14:42 - 2014-03-18 14:42 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-18 14:42 - 2013-01-13 11:06 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-18 14:42 - 2012-04-15 08:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-18 14:42 - 2012-01-02 01:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-18 12:15 - 2014-03-18 12:15 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Avira
2014-03-18 12:11 - 2014-03-18 12:11 - 00000000 ____D () C:\Users\Gast\AppData\Local\Macromedia
2014-03-18 12:10 - 2014-03-18 12:10 - 00000000 ____D () C:\Users\Gast\Documents\PDF Files
2014-03-18 12:10 - 2013-07-10 16:30 - 00000000 ____D () C:\Users\Gast\AppData\Local\Mozilla
2014-03-18 12:09 - 2012-12-01 20:44 - 00001421 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-18 12:09 - 2012-12-01 20:44 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-18 12:09 - 2012-12-01 20:44 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-18 12:09 - 2012-12-01 20:44 - 00000000 ____D () C:\Users\Gast\Documents\Bluetooth Folder
2014-03-08 23:32 - 2012-03-17 17:25 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\vlc
2014-03-05 11:30 - 2014-03-05 11:29 - 00012547 _____ () C:\Users\Michel\Documents\kündigung szl.odt
2014-03-05 09:26 - 2014-03-30 21:44 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-30 21:44 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-30 21:44 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\avgnt.exe
C:\Users\Michel\AppData\Local\Temp\avgnt.exe
C:\Users\Michel\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Michel\AppData\Local\Temp\expertpdf_v5.exe
C:\Users\Michel\AppData\Local\Temp\Quarantine.exe
C:\Users\Michel\AppData\Local\Temp\ResetDevice.exe
C:\Users\Michel\AppData\Local\Temp\SpotifyUninstall.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-31 11:27

==================== End Of Log ============================
         
--- --- ---

--- --- ---
__________________

Alt 03.04.2014, 10:42   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Probleme mit Firefox Add-On "Download Protect 2.2.0" - Standard

Probleme mit Firefox Add-On "Download Protect 2.2.0"




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.04.2014, 09:55   #5
Michel D.
 
Probleme mit Firefox Add-On "Download Protect 2.2.0" - Standard

Probleme mit Firefox Add-On "Download Protect 2.2.0"



Hey ein kleines Problem: Hab den ESET-Scanner beim ersten mal abbrechen müssen, weil mir die Zeit ausgegangen ist. Anscheinend hat er aber nur die Logdatei vom ersten run gespeichert. Ich habe mal das log zu den Dateien die er beim zweiten Mal gefunden hat gespeichert. Das waren allerdings allesamt Kopien(außer die Datei wurde irgendwie überschrieben) eines kleinen Pascal-Programms, dass testet ob die Zahlen von 1-2000 abundant, vollkommen oder defizient sind. Musste ich im Rahmen meines Studiums selbst schreiben.

Nun also die Frage, soll ich das Programm nochmal laufen lassen wegen des Logs?

Das Addon "Download Protect 2.2.0" wird immer noch in der Liste der Add-ons bei Firefox angezeigt, hat sich aber bisher noch nicht wieder selbst aktiviert. Müsste mal ein paar Tage abwarten, um definitiv sagen zu könne ob das Problem gelöst ist oder nicht, da das ganze ist wie gesagt immer in unregelmäßigen Abständen passiert.

ESET log
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=aa36766c210eee4b91728742d31debd7
# engine=17736
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-03 10:43:51
# local_time=2014-04-03 12:43:51 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 10589 261945121 3359 0
# compatibility_mode=5893 16776574 100 94 22985033 148151681 0 0
# scanned=66889
# found=0
# cleaned=0
# scan_time=1406
         
die gefundenen Dateien:
Code:
ATTFilter
C:\Users\Michel\Desktop\Uni\Sonstiges\Archiv\1. Semester WS 11-12\i386-win32\test.exe	probably unknown NewHeur_PE virus	deleted - quarantined
D:\Dropbox\Uni Physik\Sonstiges\Archiv\1. Semester WS 11-12\i386-win32\test.exe	probably unknown NewHeur_PE virus	deleted - quarantined
D:\Uni Physik\i386-win32\test.exe	probably unknown NewHeur_PE virus	deleted - quarantined
G:\Uni Physik\Sonstiges\Archiv\1. Semester WS 11-12\i386-win32\test.exe	probably unknown NewHeur_PE virus	deleted - quarantined
J:\$RECYCLE.BIN\S-1-5-21-2257517358-2513234212-1466731007-1000\$RFM9ETP\i386-win32\test.exe	probably unknown NewHeur_PE virus	deleted - quarantined
J:\Sync\Uni Physik\Archiv\WS 11-12\i386-win32\test.exe	probably unknown NewHeur_PE virus	deleted - quarantined
         
SecurityCheck

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.80  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 SpywareBlaster 5.0    
 Java(TM) 6 Update 33  
 Java 7 Update 51  
 Adobe Flash Player 12.0.0.77  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (28.0) 
 Mozilla Thunderbird (24.4.0) 
 Google Chrome 18.0.1025.162  
 Google Chrome 18.0.1025.168  
 Google Chrome wtsapi32.dll..  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Michel (administrator) on MICHEL-PC on 04-04-2014 10:43:52
Running from C:\Users\Michel\Desktop\help
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
() C:\Windows\system32\aspnet`counters.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
() C:\Program Files\2.4G Ergo Laser Device\TSR\xDaemon.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [518784 2011-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [790688 2011-04-29] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657568 2011-04-29] (Atheros Commnucations)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [226672 2011-03-23] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Cm106Sound] - C:\Windows\Syswow64\cm106.dll [8126464 2009-05-11] (C-Media Corporation)
HKLM\...\Run: [2.4G Ergo Laser Device Main Program] - C:\Program Files\2.4G Ergo Laser Device\TSR\xDaemon.exe [515584 2011-04-25] ()
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-2257517358-2513234212-1466731007-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-2257517358-2513234212-1466731007-1000\...\MountPoints2: {9e879b04-c92b-11e2-b78f-78843cf81918} - G:\AutoRun.exe
HKU\S-1-5-21-2257517358-2513234212-1466731007-1000\...\MountPoints2: {bae07a93-33bb-11e1-830e-78843cf81918} - F:\Autorun.exe
HKU\S-1-5-21-2257517358-2513234212-1466731007-1000\...\MountPoints2: {ed148876-c126-11e2-94a7-78843cf81918} - H:\AutoRun.exe
HKU\S-1-5-21-2257517358-2513234212-1466731007-1000\...\MountPoints2: {ed148890-c126-11e2-94a7-78843cf81918} - H:\AutoRun.exe
HKU\S-1-5-21-2257517358-2513234212-1466731007-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-2257517358-2513234212-1466731007-1001\...\MountPoints2: {57b5004f-3347-11e1-bb76-806e6f6e6963} - E:\Autorun.exe
HKU\S-1-5-21-2257517358-2513234212-1466731007-1001\...\MountPoints2: {bae07a93-33bb-11e1-830e-78843cf81918} - F:\autorun.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE3D12CFF78A1CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 09 D:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [24280] (National Instruments Corporation)
Winsock: Catalog5-x64 09 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26328] (National Instruments Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default
FF DefaultSearchEngine: dict.cc
FF SelectedSearchEngine: dict.cc
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.0.3824406\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Michel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Michel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Michel\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2010win32.dll (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2011win32.dll (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\searchplugins\dictcc.xml
FF SearchPlugin: C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\searchplugins\googletranslate.xml
FF SearchPlugin: C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\searchplugins\startpage-ssl.xml
FF SearchPlugin: C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\searchplugins\wolframalpha.xml
FF SearchPlugin: C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\searchplugins\youtube.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FoxyProxy Standard - C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\Extensions\foxyproxy@eric.h.jung [2014-03-28]
FF Extension: Flashblock - C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-03-28]
FF Extension: All-in-One Gestures - C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2014-03-28]
FF Extension: NoScript - C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-02]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-02-15]
FF HKLM-x32\...\Firefox\Extensions: [{9942E1EE-D102-4E37-812F-1AF320DCE933}] - C:\Windows\Installer\{6EE70575-8D13-49B9-A1E4-69AC565AFEAB}\{9942E1EE-D102-4E37-812F-1AF320DCE933}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{6EE70575-8D13-49B9-A1E4-69AC565AFEAB}\{9942E1EE-D102-4E37-812F-1AF320DCE933}.xpi [2014-04-02]

Chrome: 
=======
CHR HomePage: 
CHR Extension: (YouTube) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-20]
CHR Extension: (Google Search) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-20]
CHR Extension: (Download Protect) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbonpmilncgdemeljgfkdcenidmmacm [2014-01-29]
CHR Extension: (Download Protect) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkkojlgbmboapbefmilfbeakgakbgedc [2014-01-23]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-04-20]
CHR Extension: (Gmail) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-20]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Michel\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx [2012-11-08]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-04-29] (Atheros)
R2 fc64; C:\Windows\system32\aspnet`counters.exe [118784 2014-01-17] ()
S4 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.)
S4 lkClassAds; C:\Windows\SysWOW64\lkads.exe [46192 2011-06-14] (National Instruments Corporation)
S4 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [56952 2011-06-14] (National Instruments Corporation)
S4 mxssvr; D:\Program Files (x86)\National Instruments\MAX\nimxs.exe [12696 2011-06-14] (National Instruments Corporation)
S4 NIApplicationWebServer; D:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [50336 2011-11-17] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [68256 2011-11-17] (National Instruments Corporation)
S4 NIDomainService; D:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [362104 2011-06-14] (National Instruments Corporation)
S3 NILM License Manager; D:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
S4 nimDNSResponder; D:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [194224 2011-06-01] (National Instruments Corporation)
S4 NINetworkDiscovery; D:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [121032 2011-11-30] (National Instruments Corporation)
S4 NiRioRpc; C:\Windows\SysWOW64\NiRioRpc.exe [30344 2012-01-07] (National Instruments Corporation)
S4 niSvcLoc; D:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [50328 2011-11-17] (National Instruments Corporation)
S4 NITaggerService; D:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [676528 2011-10-24] (National Instruments Corporation)
S4 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-08-29] (soft Xpansion)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2011-12-31] (DT Soft Ltd)
S3 ni1006k; C:\Windows\system32\drivers\ni1006k.sys [30800 2011-04-08] (National Instruments Corporation)
S3 ni1045k; C:\Windows\system32\drivers\ni1045kl.sys [11856 2011-04-08] (National Instruments Corporation)
S3 ni1065k; C:\Windows\system32\drivers\ni1065k.sys [26704 2011-04-08] (National Instruments Corporation)
S2 nicanpk; C:\Windows\System32\DRIVERS\nicanpkl.sys [11920 2011-06-01] (National Instruments Corporation)
R0 nipxibaf; C:\Windows\System32\drivers\nipxibaf.sys [82568 2011-04-08] (National Instruments Corporation)
R0 nipxibrc; C:\Windows\System32\drivers\nipxibrc.sys [54424 2011-04-08] (National Instruments Corporation)
S3 niswdk; C:\Windows\system32\drivers\niswdkl.sys [12936 2011-03-23] (National Instruments Corporation)
S3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1306624 2009-05-14] (C-Media Electronics Inc)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-03 15:30 - 2014-04-03 15:30 - 00000000 ___RD () C:\Users\Michel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-04-03 11:56 - 2014-04-03 11:56 - 00987442 _____ () C:\Users\Michel\Desktop\SecurityCheck.exe
2014-04-03 11:55 - 2014-04-03 11:56 - 02347384 _____ (ESET) C:\Users\Michel\Downloads\esetsmartinstaller_enu.exe
2014-04-02 23:15 - 2014-04-02 23:15 - 00000000 ____H () C:\Users\Michel\Documents\Default.rdp
2014-04-02 22:18 - 2014-04-02 22:44 - 00000000 ____D () C:\Users\Michel\Desktop\blub
2014-04-02 16:23 - 2014-04-02 16:23 - 00000000 ____D () C:\Windows\ERUNT
2014-04-02 16:17 - 2014-04-02 16:19 - 00000000 ____D () C:\AdwCleaner
2014-04-01 20:28 - 2014-04-01 20:28 - 00003750 _____ () C:\Users\Michel\Documents\gmer.log
2014-03-31 19:37 - 2014-04-04 10:43 - 00000000 ____D () C:\FRST
2014-03-31 19:37 - 2014-03-31 19:37 - 00000000 _____ () C:\Users\Michel\defogger_reenable
2014-03-31 19:36 - 2014-04-04 10:43 - 00000000 ____D () C:\Users\Michel\Desktop\help
2014-03-30 23:32 - 2014-03-30 23:32 - 00000000 ____D () C:\Windows\system32\IO
2014-03-30 21:44 - 2014-04-02 15:44 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-30 21:44 - 2014-03-30 21:46 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-03-30 21:44 - 2014-03-30 21:44 - 04095448 _____ (BrightFort LLC ) C:\Users\Michel\Downloads\spywareblastersetup50.exe
2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\ProgramData\Licenses
2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-30 21:44 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-30 21:44 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-30 21:44 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-30 21:44 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2014-03-30 21:43 - 2014-03-30 21:43 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Michel\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-29 21:13 - 2014-03-29 21:13 - 00000000 ____D () C:\Users\Michel\Desktop\Musik
2014-03-28 13:10 - 2014-03-28 13:11 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Mozilla
2014-03-28 13:07 - 2014-03-28 13:07 - 00283192 _____ (Mozilla) C:\Users\Michel\Downloads\Firefox Setup Stub 28.0.exe
2014-03-26 18:33 - 2014-04-02 15:40 - 00000728 __RSH () C:\ProgramData\ntuser.pol
2014-03-26 18:31 - 2014-03-26 18:31 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-03-25 13:13 - 2014-03-25 13:13 - 10575008 _____ () C:\Users\Michel\Downloads\FreeFileSync_6.3_Windows_Setup.exe
2014-03-22 11:43 - 2014-03-22 11:44 - 00000890 _____ () C:\Users\Michel\Desktop\Thesis.lnk
2014-03-21 14:19 - 2014-03-21 14:19 - 00550371 _____ () C:\Users\Michel\Downloads\Autoruns.zip
2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files\iTunes
2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files\iPod
2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-21 14:04 - 2014-03-21 14:04 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-21 01:26 - 2014-03-21 01:26 - 00000000 ____D () C:\Users\Michel\Documents\geschenke
2014-03-20 17:24 - 2014-03-20 17:24 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-20 17:24 - 2014-03-20 17:24 - 00000000 ____D () C:\Users\Michel\AppData\Local\Skype
2014-03-19 14:00 - 2014-03-20 13:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-18 14:42 - 2014-03-18 14:42 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-18 12:19 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-18 12:19 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-18 12:19 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-18 12:19 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-18 12:19 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-18 12:19 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-18 12:19 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-18 12:19 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-18 12:19 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-18 12:19 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-18 12:19 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-18 12:19 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-18 12:19 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-18 12:19 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-18 12:19 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-18 12:19 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-18 12:19 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-18 12:19 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-18 12:19 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-18 12:18 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-18 12:18 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-18 12:18 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-18 12:18 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-18 12:18 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-18 12:18 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-18 12:18 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-18 12:18 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-18 12:18 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-18 12:18 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-18 12:18 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-18 12:18 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-18 12:18 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-18 12:18 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-18 12:18 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-18 12:18 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-18 12:18 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-18 12:18 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-18 12:18 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-18 12:18 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-18 12:18 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-18 12:18 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-18 12:18 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-18 12:18 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-18 12:18 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-18 12:18 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-18 12:18 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-18 12:18 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-18 12:18 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-18 12:15 - 2014-03-18 12:15 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Avira
2014-03-18 12:11 - 2014-03-18 12:11 - 00000000 ____D () C:\Users\Gast\AppData\Local\Macromedia
2014-03-18 12:10 - 2014-03-18 12:10 - 00000000 ____D () C:\Users\Gast\Documents\PDF Files
2014-03-05 11:29 - 2014-03-05 11:30 - 00012547 _____ () C:\Users\Michel\Documents\kündigung szl.odt

==================== One Month Modified Files and Folders =======

2014-04-04 10:43 - 2014-03-31 19:37 - 00000000 ____D () C:\FRST
2014-04-04 10:43 - 2014-03-31 19:36 - 00000000 ____D () C:\Users\Michel\Desktop\help
2014-04-04 09:54 - 2013-01-13 11:06 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-04 04:58 - 2011-12-31 02:00 - 01441429 _____ () C:\Windows\WindowsUpdate.log
2014-04-03 21:54 - 2011-04-12 09:43 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-04-03 21:54 - 2011-04-12 09:43 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-04-03 21:54 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-03 15:37 - 2009-07-14 06:45 - 00022032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-03 15:37 - 2009-07-14 06:45 - 00022032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-03 15:30 - 2014-04-03 15:30 - 00000000 ___RD () C:\Users\Michel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-04-03 15:30 - 2011-12-31 12:17 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-03 15:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-03 15:30 - 2009-07-14 06:51 - 00169445 _____ () C:\Windows\setupact.log
2014-04-03 11:56 - 2014-04-03 11:56 - 00987442 _____ () C:\Users\Michel\Desktop\SecurityCheck.exe
2014-04-03 11:56 - 2014-04-03 11:55 - 02347384 _____ (ESET) C:\Users\Michel\Downloads\esetsmartinstaller_enu.exe
2014-04-02 23:15 - 2014-04-02 23:15 - 00000000 ____H () C:\Users\Michel\Documents\Default.rdp
2014-04-02 23:14 - 2012-05-10 17:25 - 00000000 ____D () C:\Users\Michel\Documents\Kontoauszüge
2014-04-02 23:14 - 2011-12-31 16:43 - 00000000 ____D () C:\Users\Michel\Desktop\Uni
2014-04-02 22:44 - 2014-04-02 22:18 - 00000000 ____D () C:\Users\Michel\Desktop\blub
2014-04-02 22:21 - 2012-03-03 11:34 - 00000000 ____D () C:\Users\Michel\AppData\Local\Paint.NET
2014-04-02 20:50 - 2013-04-23 18:20 - 00005266 _____ () C:\Users\Michel\Desktop\SyncJob.ffs_gui
2014-04-02 18:58 - 2011-12-31 18:39 - 00000000 ____D () C:\Users\Michel\AppData\Local\CrashDumps
2014-04-02 16:28 - 2011-12-31 02:41 - 00000000 ____D () C:\Users\Michel\Documents\Bluetooth Folder
2014-04-02 16:23 - 2014-04-02 16:23 - 00000000 ____D () C:\Windows\ERUNT
2014-04-02 16:19 - 2014-04-02 16:17 - 00000000 ____D () C:\AdwCleaner
2014-04-02 15:44 - 2014-03-30 21:44 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-02 15:40 - 2014-03-26 18:33 - 00000728 __RSH () C:\ProgramData\ntuser.pol
2014-04-02 15:40 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-01 20:28 - 2014-04-01 20:28 - 00003750 _____ () C:\Users\Michel\Documents\gmer.log
2014-04-01 20:16 - 2012-01-02 16:14 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Skype
2014-04-01 15:42 - 2012-12-06 02:01 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Dropbox
2014-03-31 19:59 - 2014-02-11 13:23 - 00001165 _____ () C:\Users\Michel\Desktop\Neues Textdokument.txt
2014-03-31 19:37 - 2014-03-31 19:37 - 00000000 _____ () C:\Users\Michel\defogger_reenable
2014-03-31 19:37 - 2011-12-31 02:09 - 00000000 ____D () C:\Users\Michel
2014-03-30 23:34 - 2010-11-21 05:47 - 00351584 _____ () C:\Windows\PFRO.log
2014-03-30 23:32 - 2014-03-30 23:32 - 00000000 ____D () C:\Windows\system32\IO
2014-03-30 23:29 - 2013-08-29 10:57 - 00000000 ____D () C:\ProgramData\Freemium
2014-03-30 23:28 - 2012-10-19 19:56 - 00000000 ____D () C:\ProgramData\Corel
2014-03-30 23:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-30 23:01 - 2014-02-15 13:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-30 22:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Speech
2014-03-30 21:46 - 2014-03-30 21:44 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-03-30 21:44 - 2014-03-30 21:44 - 04095448 _____ (BrightFort LLC ) C:\Users\Michel\Downloads\spywareblastersetup50.exe
2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\ProgramData\Licenses
2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-30 21:43 - 2014-03-30 21:43 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Michel\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-29 21:13 - 2014-03-29 21:13 - 00000000 ____D () C:\Users\Michel\Desktop\Musik
2014-03-28 17:47 - 2012-05-05 14:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-28 13:11 - 2014-03-28 13:10 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Mozilla
2014-03-28 13:07 - 2014-03-28 13:07 - 00283192 _____ (Mozilla) C:\Users\Michel\Downloads\Firefox Setup Stub 28.0.exe
2014-03-28 12:58 - 2013-05-22 16:53 - 00000000 ____D () C:\Users\Michel\Documents\Rezepte
2014-03-26 18:32 - 2012-12-01 20:45 - 00102624 _____ () C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-26 18:31 - 2014-03-26 18:31 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-03-26 18:30 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-25 17:00 - 2013-02-13 23:42 - 00001766 _____ () C:\Users\Michel\Desktop\unidropbox.ffs_batch
2014-03-25 13:13 - 2014-03-25 13:13 - 10575008 _____ () C:\Users\Michel\Downloads\FreeFileSync_6.3_Windows_Setup.exe
2014-03-25 12:54 - 2013-04-23 13:28 - 00000000 ____D () C:\Users\Michel\MP3s
2014-03-24 14:13 - 2013-08-29 11:04 - 00000000 ____D () C:\Users\Michel\Documents\WG Ludwigstr
2014-03-23 17:00 - 2013-10-06 23:14 - 00000000 ____D () C:\Users\Michel\Desktop\Misc
2014-03-22 11:44 - 2014-03-22 11:43 - 00000890 _____ () C:\Users\Michel\Desktop\Thesis.lnk
2014-03-21 14:35 - 2012-04-11 15:56 - 02732392 _____ () C:\Users\Michel\Documents\AutoRuns.arn
2014-03-21 14:22 - 2011-12-31 02:10 - 00000000 ___RD () C:\Users\Michel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-21 14:19 - 2014-03-21 14:19 - 00550371 _____ () C:\Users\Michel\Downloads\Autoruns.zip
2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files\iTunes
2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files\iPod
2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-21 14:05 - 2011-12-31 16:42 - 00000000 ____D () C:\ProgramData\Apple
2014-03-21 14:04 - 2014-03-21 14:04 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-21 01:26 - 2014-03-21 01:26 - 00000000 ____D () C:\Users\Michel\Documents\geschenke
2014-03-21 01:09 - 2013-07-17 09:45 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-03-20 17:24 - 2014-03-20 17:24 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-20 17:24 - 2014-03-20 17:24 - 00000000 ____D () C:\Users\Michel\AppData\Local\Skype
2014-03-20 17:24 - 2012-01-02 16:14 - 00000000 ____D () C:\ProgramData\Skype
2014-03-20 13:55 - 2014-03-19 14:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-19 02:09 - 2009-07-14 06:45 - 00424552 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-18 21:05 - 2013-08-10 19:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 21:04 - 2011-12-31 02:57 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 14:42 - 2014-03-18 14:42 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-18 14:42 - 2013-01-13 11:06 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-18 14:42 - 2012-04-15 08:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-18 14:42 - 2012-01-02 01:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-18 12:15 - 2014-03-18 12:15 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Avira
2014-03-18 12:11 - 2014-03-18 12:11 - 00000000 ____D () C:\Users\Gast\AppData\Local\Macromedia
2014-03-18 12:10 - 2014-03-18 12:10 - 00000000 ____D () C:\Users\Gast\Documents\PDF Files
2014-03-18 12:10 - 2013-07-10 16:30 - 00000000 ____D () C:\Users\Gast\AppData\Local\Mozilla
2014-03-18 12:09 - 2012-12-01 20:44 - 00001421 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-18 12:09 - 2012-12-01 20:44 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-18 12:09 - 2012-12-01 20:44 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-18 12:09 - 2012-12-01 20:44 - 00000000 ____D () C:\Users\Gast\Documents\Bluetooth Folder
2014-03-08 23:32 - 2012-03-17 17:25 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\vlc
2014-03-05 11:30 - 2014-03-05 11:29 - 00012547 _____ () C:\Users\Michel\Documents\kündigung szl.odt
2014-03-05 09:26 - 2014-03-30 21:44 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-30 21:44 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-30 21:44 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\avgnt.exe
C:\Users\Michel\AppData\Local\Temp\avgnt.exe
C:\Users\Michel\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Michel\AppData\Local\Temp\expertpdf_v5.exe
C:\Users\Michel\AppData\Local\Temp\Quarantine.exe
C:\Users\Michel\AppData\Local\Temp\ResetDevice.exe
C:\Users\Michel\AppData\Local\Temp\SpotifyUninstall.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-31 11:27

==================== End Of Log ============================
         
--- --- ---


Alt 05.04.2014, 10:29   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Probleme mit Firefox Add-On "Download Protect 2.2.0" - Standard

Probleme mit Firefox Add-On "Download Protect 2.2.0"



Nee passt schon. Adobe updaten.

Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
--> Probleme mit Firefox Add-On "Download Protect 2.2.0"

Alt 05.04.2014, 14:24   #7
Michel D.
 
Probleme mit Firefox Add-On "Download Protect 2.2.0" - Standard

Probleme mit Firefox Add-On "Download Protect 2.2.0"



Hey, super 1000 Dank. Das Ding ist jetzt endgültig verschwunden Vielen Dank für deine Mühe und die Tips!

Hier noch das Log:


Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Michel at 2014-04-05 15:01:22 Run:2
Running from C:\Users\Michel\Desktop\help
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.


The system needed a reboot. 

==== End of Fixlog ====
         

Alt 06.04.2014, 12:16   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Probleme mit Firefox Add-On "Download Protect 2.2.0" - Standard

Probleme mit Firefox Add-On "Download Protect 2.2.0"



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Probleme mit Firefox Add-On "Download Protect 2.2.0"
antivir, antivirus, avira, browser, converter, defender, desktop, download protect, dvdvideosoft ltd., error, excel, firefox, firefox 28.0, flash player, helper, homepage, mozilla, national, ntdll.dll, officejet, problem, programm, protect 2.2.0, prozess, realtek, registry, scan, security, services.exe, software, svchost.exe, wlan, wrapper



Ähnliche Themen: Probleme mit Firefox Add-On "Download Protect 2.2.0"


  1. "Download Protect 2.2.12" in Chrome unter Windows 10
    Log-Analyse und Auswertung - 28.09.2015 (9)
  2. Ist ein Download von "http://au.v4.download.windowsupdate.com..." sicher? Avast meldet eine Bedrohung
    Plagegeister aller Art und deren Bekämpfung - 12.09.2015 (1)
  3. Add-On "Download Protect 2.2.6" in Firefox entfernen / Windows 8.1 Pro N 64-Bit
    Plagegeister aller Art und deren Bekämpfung - 03.06.2015 (12)
  4. WIN 8: PC installiert automatisch neue Programme/Apps: z.B. "Game Hug Acarde" oder "Any Protect"
    Log-Analyse und Auswertung - 19.02.2015 (10)
  5. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  6. Win7: Firefox: Startseite "mystartsearch.com" unentfernbar, Windows-manger-protect setup, Browservirus?
    Plagegeister aller Art und deren Bekämpfung - 01.12.2014 (20)
  7. Rechner stark "verpestet". Nach Erstbehandlung noch Download Protect in Chrome drauf
    Log-Analyse und Auswertung - 18.11.2014 (9)
  8. Chrome Erweiterung "Download Protect 2.2.5" lässt sich nicht entfernen
    Log-Analyse und Auswertung - 03.09.2014 (14)
  9. Download Protect 2.2.4 Firefox
    Log-Analyse und Auswertung - 21.07.2014 (13)
  10. Windows 8: Add-on "Download protect 2.2.1." lässt sich nicht entfernen
    Log-Analyse und Auswertung - 07.07.2014 (22)
  11. Win7 FF Add on "download protect 2.2.0" lässt sich nicht entfernen
    Log-Analyse und Auswertung - 18.04.2014 (5)
  12. Erweiterung "Download Protect 2.2.0" im Firefox läßt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 13.04.2014 (7)
  13. Firefox...Nach Download ständig Popp-Up mit Werbung und "Warnung vor einem Virus,Update des Players"
    Plagegeister aller Art und deren Bekämpfung - 26.03.2014 (27)
  14. Windows 8: potentieller Virus/Trojaner nach Download von "Free m4a to mp3 converter" von chip.de - Einblendungen in Firefox und am Desktop
    Log-Analyse und Auswertung - 30.10.2013 (9)
  15. "AppsHat", "DeltaToolbar" und div. andere Software nach Download von mcpatcher
    Plagegeister aller Art und deren Bekämpfung - 02.10.2013 (23)
  16. Browser/Werbe popup, "AppsHat", MBAM Funde, nach "Schrift-Download"
    Plagegeister aller Art und deren Bekämpfung - 26.08.2013 (31)
  17. "Lexmark" sperrt Zugriff auf Webseiten über Firefox /OTL Download und Ausführung nach Anweisung
    Log-Analyse und Auswertung - 12.03.2012 (5)

Zum Thema Probleme mit Firefox Add-On "Download Protect 2.2.0" - Hallo und vielen Dank schon einmal! Ich habe seit ein paar Wochen ein Problem mit Firefox, beziehungsweise dem "Add-on" "Download Protect 2.2.0". Ich habe keine Ahnung wo ich es mir - Probleme mit Firefox Add-On "Download Protect 2.2.0"...
Archiv
Du betrachtest: Probleme mit Firefox Add-On "Download Protect 2.2.0" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.