Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 03.09.2014, 09:44   #1
Thomas08
 
Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe - Standard

Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe



Hallo,

ich habe seit August das Problem, dass mein Norton 360 bei fast jedem Windows-Start ntdllinst.exe und ntcrxinst.exe findet und blockiert. Entfernen kann ich diese aber nicht bzw. beim nächsten Mal sind sie wieder da.

Was kann ich hier machen?
Vielen Dank schon mal für die Hilfe!

Thomas


Logfile Norton:

Code:
ATTFilter
Kategorie:Behobene Sicherheitsrisiken
Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Pfad - Dateiname
03.09.2014 09:38:47,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
02.09.2014 17:56:07,Hoch,ntxpiinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
02.09.2014 17:56:07,Hoch,ntcrxinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
02.09.2014 17:56:07,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
02.09.2014 17:49:16,Hoch,frst.exe (Suspicious.Cloud.7.EP) erkannt von Download-Insight,Isoliert,Behoben - Keine 

Aktion erforderlich,c:\users\thomas\desktop\frst.exe
02.09.2014 13:06:11,Hoch,frst1.exe (frst1.exe) erkannt von SONAR,Isoliert,Behoben - Keine Aktion 

erforderlich,c:\users\thomas\desktop\frst1.exe
02.09.2014 13:04:02,Hoch,frst2.exe (Suspicious.Cloud.7.EP) erkannt von Download-Insight,Isoliert,Behoben - Keine 

Aktion erforderlich,c:\users\thomas\desktop\frst2.exe
02.09.2014 13:00:48,Hoch,frst.exe (Suspicious.Cloud.7.EP) erkannt von Download-Insight,Isoliert,Behoben - Keine 

Aktion erforderlich,c:\users\thomas\desktop\frst.exe
02.09.2014 13:00:00,Hoch,frst.exe (Suspicious.Cloud.7.EP) erkannt von Download-Insight,Isoliert,Behoben - Keine 

Aktion erforderlich,c:\users\thomas\desktop\frst.exe
02.09.2014 09:40:31,Hoch,ntcrxinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
02.09.2014 09:40:31,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
02.09.2014 09:40:31,Hoch,ntxpiinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
01.09.2014 09:52:37,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
31.08.2014 21:06:59,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
31.08.2014 21:06:59,Hoch,ntcrxinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
31.08.2014 21:06:59,Hoch,ntxpiinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
30.08.2014 21:11:58,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
29.08.2014 19:43:34,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
29.08.2014 17:44:19,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
29.08.2014 17:44:19,Hoch,ntcrxinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
29.08.2014 17:44:19,Hoch,ntxpiinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
29.08.2014 09:07:27,Hoch,ntxpiinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
29.08.2014 09:07:27,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
28.08.2014 19:59:18,Hoch,ntcrxinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
28.08.2014 19:59:18,Hoch,ntxpiinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
28.08.2014 19:59:18,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
28.08.2014 17:02:30,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
28.08.2014 17:02:30,Hoch,ntxpiinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
28.08.2014 17:02:30,Hoch,ntcrxinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
28.08.2014 11:30:56,Hoch,start.exe (Trojan.Gen.2) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion 

erforderlich,c:\program files\aquasoft\diashow xp5\data\start.exe
28.08.2014 09:47:52,Mittel,SecurityRisk.OrphanInf erkannt von Virenscanner,Isoliert,Behoben - Keine Aktion 

erforderlich,
28.08.2014 09:14:02,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
27.08.2014 19:53:27,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
27.08.2014 19:53:27,Hoch,ntxpiinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
26.08.2014 23:06:35,Hoch,upd_i.exe (upd_i.exe) erkannt von SONAR,Isoliert,Behoben - Keine Aktion 

erforderlich,c:\users\thomas\appdata\local\temp\nsq7fab.tmp\upd_i.exe
26.08.2014 22:54:57,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
26.08.2014 09:13:46,Hoch,ntxpiinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
26.08.2014 09:13:46,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
25.08.2014 14:37:48,Hoch,ntcrxinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
25.08.2014 14:37:48,Hoch,ntxpiinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
25.08.2014 14:37:45,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
25.08.2014 09:55:23,Hoch,ntxpiinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
25.08.2014 09:55:22,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
24.08.2014 14:39:13,Hoch,upd_i.exe (upd_i.exe) erkannt von SONAR,Isoliert,Behoben - Keine Aktion 

erforderlich,c:\users\thomas\appdata\local\temp\nsgf98b.tmp\upd_i.exe
24.08.2014 14:27:38,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
24.08.2014 11:32:34,Hoch,ntcrxinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
24.08.2014 11:32:34,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
24.08.2014 11:32:34,Hoch,ntxpiinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
24.08.2014 10:57:10,Hoch,ntcrxinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
24.08.2014 10:57:10,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
24.08.2014 10:57:10,Hoch,ntxpiinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
24.08.2014 07:14:21,Hoch,ntcrxinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
24.08.2014 07:14:20,Hoch,ntxpiinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
24.08.2014 07:14:17,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
23.08.2014 18:22:59,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
23.08.2014 18:22:59,Hoch,ntxpiinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
23.08.2014 09:48:06,Hoch,ntxpiinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
23.08.2014 09:48:06,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
23.08.2014 09:48:06,Hoch,ntcrxinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
22.08.2014 19:42:49,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
21.08.2014 22:31:47,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
20.08.2014 22:03:13,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
20.08.2014 18:03:27,Hoch,ntxpiinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
20.08.2014 18:03:27,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
20.08.2014 18:03:27,Hoch,ntcrxinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
15.08.2014 08:05:18,Hoch,ntxpiinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
15.08.2014 08:05:18,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
15.08.2014 03:09:42,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion 

erforderlich,
14.08.2014 19:25:29,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
14.08.2014 11:41:11,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
14.08.2014 10:21:42,Hoch,ntcrxinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
14.08.2014 10:21:42,Hoch,ntxpiinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
14.08.2014 10:21:41,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
13.08.2014 17:50:29,Hoch,ntxpiinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
13.08.2014 17:50:29,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
12.08.2014 16:09:03,Hoch,ntxpiinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
12.08.2014 16:09:03,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
11.08.2014 16:41:16,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
10.08.2014 19:54:23,Hoch,ntcrxinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
10.08.2014 19:54:23,Hoch,ntxpiinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
10.08.2014 19:54:23,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
10.08.2014 09:09:03,Hoch,ntxpiinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
10.08.2014 09:09:03,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
10.08.2014 09:09:03,Hoch,ntcrxinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
09.08.2014 10:13:01,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
08.08.2014 17:26:42,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Virenscanner und Auto-

Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\thomas\appdata\roaming\scheck\ntdllinst.exe
08.08.2014 13:08:45,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion 

erforderlich,
08.08.2014 12:52:05,Hoch,ntcrxinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
08.08.2014 12:52:05,Hoch,ntxpiinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
08.08.2014 12:52:05,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
07.08.2014 19:58:14,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
07.08.2014 19:58:14,Hoch,ntcrxinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
07.08.2014 19:58:14,Hoch,ntxpiinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
07.08.2014 17:04:58,Hoch,ntcrxinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
07.08.2014 17:04:58,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
07.08.2014 17:04:58,Hoch,ntxpiinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
07.08.2014 10:40:59,Gering,ntdllinst.exe (SecurityRisk.BL) erkannt von Auto-Protect,Blockiert,Behoben - Keine 

Aktion erforderlich,
06.08.2014 10:21:34,Hoch,ntxpiinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
05.08.2014 22:52:00,Hoch,ntxpiinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
05.08.2014 22:52:00,Hoch,ntcrxinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
05.08.2014 10:17:22,Hoch,ntxpiinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
04.08.2014 23:34:55,Hoch,ntxpiinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
04.08.2014 23:34:49,Hoch,ntcrxinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
04.08.2014 23:34:49,Hoch,ntxpiinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
04.08.2014 23:34:46,Hoch,ntcrxinst.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion 

erforderlich,
         
Defogger:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:39 on 02/09/2014 (Thomas)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
         

GMER:

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-02 17:45:12
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST925041 rev.0004 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\Thomas\AppData\Local\Temp\pgtiipow.sys


---- System - GMER 2.1 ----

SSDT            8972EC98                                                                                                                                 ZwAlertResumeThread
SSDT            8972ED30                                                                                                                                 ZwAlertThread
SSDT            8972A400                                                                                                                                 ZwAllocateVirtualMemory
SSDT            868F7980                                                                                                                                 ZwAlpcConnectPort
SSDT            8972D268                                                                                                                                 ZwAssignProcessToJobObject
SSDT            8972D5F8                                                                                                                                 ZwCreateMutant
SSDT            89731578                                                                                                                                 ZwCreateSymbolicLinkObject
SSDT            8972F648                                                                                                                                 ZwCreateThread
SSDT            8972D108                                                                                                                                 ZwCreateThreadEx
SSDT            8972D300                                                                                                                                 ZwDebugActiveProcess
SSDT            8972F4B0                                                                                                                                 ZwDuplicateObject
SSDT            8972A290                                                                                                                                 ZwFreeVirtualMemory
SSDT            8972EB68                                                                                                                                 ZwImpersonateAnonymousToken
SSDT            8972EC00                                                                                                                                 ZwImpersonateThread
SSDT            88A70A58                                                                                                                                 ZwLoadDriver
SSDT            8972A1D8                                                                                                                                 ZwMapViewOfSection
SSDT            8972D580                                                                                                                                 ZwOpenEvent
SSDT            8972F5C0                                                                                                                                 ZwOpenProcess
SSDT            8972A488                                                                                                                                 ZwOpenProcessToken
SSDT            8972D450                                                                                                                                 ZwOpenSection
SSDT            8972F538                                                                                                                                 ZwOpenThread
SSDT            8972D1C0                                                                                                                                 ZwProtectVirtualMemory
SSDT            897314D0                                                                                                                                 ZwQueueApcThread
SSDT            89731428                                                                                                                                 ZwQueueApcThreadEx
SSDT            8972EDC8                                                                                                                                 ZwResumeThread
SSDT            8972EF90                                                                                                                                 ZwSetContextThread
SSDT            8972A098                                                                                                                                 ZwSetInformationProcess
SSDT            8972D398                                                                                                                                 ZwSetSystemInformation
SSDT            8972D4E8                                                                                                                                 ZwSuspendProcess
SSDT            8972EE60                                                                                                                                 ZwSuspendThread
SSDT            8972E0D0                                                                                                                                 ZwTerminateProcess
SSDT            8972EEF8                                                                                                                                 ZwTerminateThread
SSDT            8972A140                                                                                                                                 ZwUnmapViewOfSection
SSDT            8972A338                                                                                                                                 ZwWriteVirtualMemory

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                                                                 83C79A15 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                   83CB3212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10DB                                                                                                      83CBA470 8 Bytes  [98, EC, 72, 89, 30, ED, 72, ...] {CWDE ; IN AL, DX; JB 0xffffff8d; XOR CH, CH; JB 0xffffff91}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10F3                                                                                                      83CBA488 4 Bytes  [00, A4, 72, 89]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10FF                                                                                                      83CBA494 4 Bytes  [80, 79, 8F, 86] {CMP BYTE [ECX-0x71], 0x86}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                                                                      83CBA4E8 4 Bytes  [68, D2, 72, 89]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11CF                                                                                                      83CBA564 4 Bytes  [F8, D5, 72, 89]
.text           ...                                                                                                                                      
.vmp2           C:\Windows\system32\drivers\acedrv11.sys                                                                                                 entry point in ".vmp2" section [0xA422769D]

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[384] ntdll.dll!NtTerminateProcess                                               77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[384] ntdll.dll!NtTerminateProcess + 4                                           77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[384] kernel32.dll!LoadLibraryExW                                                76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[384] kernel32.dll!Process32Next                                                 76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe[404] ntdll.dll!NtTerminateProcess                               77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe[404] ntdll.dll!NtTerminateProcess + 4                           77CC690C 2 Bytes  [11, 5F]
.text           C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe[404] kernel32.dll!LoadLibraryExW                                76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe[404] kernel32.dll!Process32Next                                 76CB636D 6 Bytes  JMP 5F0D0F5A 
.text           C:\Windows\system32\wininit.exe[496] ntdll.dll!NtTerminateProcess                                                                        77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\wininit.exe[496] ntdll.dll!NtTerminateProcess + 4                                                                    77CC690C 2 Bytes  [0B, 5F]
.text           C:\Windows\system32\wininit.exe[496] kernel32.dll!LoadLibraryExW                                                                         76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\system32\wininit.exe[496] kernel32.dll!Process32Next                                                                          76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\Hotspot Shield\bin\hsswd.exe[532] ntdll.dll!NtTerminateProcess                                                          77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Hotspot Shield\bin\hsswd.exe[532] ntdll.dll!NtTerminateProcess + 4                                                      77CC690C 2 Bytes  [0E, 5F] {PUSH CS; POP EDI}
.text           C:\Program Files\Hotspot Shield\bin\hsswd.exe[532] kernel32.dll!LoadLibraryExW                                                           76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Hotspot Shield\bin\hsswd.exe[532] kernel32.dll!Process32Next                                                            76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\Hotspot Shield\bin\hsswd.exe[532] PSAPI.DLL!EnumProcesses                                                               77DC1544 6 Bytes  JMP 5F0A0F5A 
.text           C:\Windows\system32\services.exe[556] ntdll.dll!NtTerminateProcess                                                                       77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\services.exe[556] ntdll.dll!NtTerminateProcess + 4                                                                   77CC690C 2 Bytes  [0B, 5F]
.text           C:\Windows\system32\services.exe[556] kernel32.dll!LoadLibraryExW                                                                        76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\system32\services.exe[556] kernel32.dll!Process32Next                                                                         76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\system32\winlogon.exe[580] ntdll.dll!NtTerminateProcess                                                                       77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\winlogon.exe[580] ntdll.dll!NtTerminateProcess + 4                                                                   77CC690C 2 Bytes  [0B, 5F]
.text           C:\Windows\system32\winlogon.exe[580] kernel32.dll!LoadLibraryExW                                                                        76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\system32\winlogon.exe[580] kernel32.dll!Process32Next                                                                         76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\system32\lsass.exe[592] ntdll.dll!NtTerminateProcess                                                                          77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\lsass.exe[592] ntdll.dll!NtTerminateProcess + 4                                                                      77CC690C 2 Bytes  [0B, 5F]
.text           C:\Windows\system32\lsass.exe[592] kernel32.dll!LoadLibraryExW                                                                           76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\system32\lsass.exe[592] kernel32.dll!Process32Next                                                                            76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\system32\lsm.exe[600] ntdll.dll!NtTerminateProcess                                                                            77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\lsm.exe[600] ntdll.dll!NtTerminateProcess + 4                                                                        77CC690C 2 Bytes  [0B, 5F]
.text           C:\Windows\system32\lsm.exe[600] kernel32.dll!LoadLibraryExW                                                                             76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\system32\lsm.exe[600] kernel32.dll!Process32Next                                                                              76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[680] ntdll.dll!NtTerminateProcess                                                 77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[680] ntdll.dll!NtTerminateProcess + 4                                             77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[680] kernel32.dll!LoadLibraryExW                                                  76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[680] kernel32.dll!Process32Next                                                   76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\system32\svchost.exe[736] ntdll.dll!NtTerminateProcess                                                                        77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\svchost.exe[736] ntdll.dll!NtTerminateProcess + 4                                                                    77CC690C 2 Bytes  [0B, 5F]
.text           C:\Windows\system32\svchost.exe[736] kernel32.dll!LoadLibraryExW                                                                         76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\system32\svchost.exe[736] kernel32.dll!Process32Next                                                                          76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\system32\svchost.exe[808] ntdll.dll!NtTerminateProcess                                                                        77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\svchost.exe[808] ntdll.dll!NtTerminateProcess + 4                                                                    77CC690C 2 Bytes  [0B, 5F]
.text           C:\Windows\system32\svchost.exe[808] kernel32.dll!LoadLibraryExW                                                                         76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\system32\svchost.exe[808] kernel32.dll!Process32Next                                                                          76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\System32\svchost.exe[892] ntdll.dll!NtTerminateProcess                                                                        77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\System32\svchost.exe[892] ntdll.dll!NtTerminateProcess + 4                                                                    77CC690C 2 Bytes  [0B, 5F]
.text           C:\Windows\System32\svchost.exe[892] kernel32.dll!LoadLibraryExW                                                                         76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\System32\svchost.exe[892] kernel32.dll!Process32Next                                                                          76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe[944] ntdll.dll!NtTerminateProcess                                   77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe[944] ntdll.dll!NtTerminateProcess + 4                               77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe[944] kernel32.dll!LoadLibraryExW                                    76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe[944] kernel32.dll!Process32Next                                     76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\System32\svchost.exe[956] ntdll.dll!NtTerminateProcess                                                                        77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\System32\svchost.exe[956] ntdll.dll!NtTerminateProcess + 4                                                                    77CC690C 2 Bytes  [0B, 5F]
.text           C:\Windows\System32\svchost.exe[956] kernel32.dll!LoadLibraryExW                                                                         76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\System32\svchost.exe[956] kernel32.dll!Process32Next                                                                          76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[964] ntdll.dll!NtTerminateProcess                                       77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[964] ntdll.dll!NtTerminateProcess + 4                                   77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[964] kernel32.dll!LoadLibraryExW                                        76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[964] kernel32.dll!Process32Next                                         76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\system32\svchost.exe[988] ntdll.dll!NtTerminateProcess                                                                        77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\svchost.exe[988] ntdll.dll!NtTerminateProcess + 4                                                                    77CC690C 2 Bytes  [0B, 5F]
.text           C:\Windows\system32\svchost.exe[988] kernel32.dll!LoadLibraryExW                                                                         76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\system32\svchost.exe[988] kernel32.dll!Process32Next                                                                          76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\system32\svchost.exe[1012] ntdll.dll!NtTerminateProcess                                                                       77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\svchost.exe[1012] ntdll.dll!NtTerminateProcess + 4                                                                   77CC690C 2 Bytes  [23, 5F]
.text           C:\Windows\system32\svchost.exe[1012] kernel32.dll!LoadLibraryExW                                                                        76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\system32\svchost.exe[1012] kernel32.dll!Process32Next                                                                         76CB636D 6 Bytes  JMP 5F1F0F5A 
.text           C:\Windows\system32\svchost.exe[1012] psapi.dll!EnumProcesses                                                                            77DC1544 6 Bytes  JMP 5F250F5A 
.text           C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\STacSV.exe[1080] ntdll.dll!NtTerminateProcess      77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\STacSV.exe[1080] ntdll.dll!NtTerminateProcess + 4  77CC690C 2 Bytes  [0B, 5F]
.text           C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\STacSV.exe[1080] kernel32.dll!LoadLibraryExW       76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\STacSV.exe[1080] kernel32.dll!Process32Next        76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe[1116] ntdll.dll!NtTerminateProcess                                         77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe[1116] ntdll.dll!NtTerminateProcess + 4                                     77CC690C 2 Bytes  [0E, 5F] {PUSH CS; POP EDI}
.text           C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe[1116] kernel32.dll!LoadLibraryExW                                          76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe[1116] kernel32.dll!Process32Next                                           76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe[1116] PSAPI.DLL!EnumProcesses                                              77DC1544 6 Bytes  JMP 5F0A0F5A 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1152] ntdll.dll!NtTerminateProcess                                                77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1152] ntdll.dll!NtTerminateProcess + 4                                            77CC690C 2 Bytes  [11, 5F]
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1152] kernel32.dll!LoadLibraryExW                                                 76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1152] kernel32.dll!Process32Next                                                  76CB636D 6 Bytes  JMP 5F0D0F5A 
.text           C:\Windows\system32\svchost.exe[1220] ntdll.dll!NtTerminateProcess                                                                       77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\svchost.exe[1220] ntdll.dll!NtTerminateProcess + 4                                                                   77CC690C 2 Bytes  [0B, 5F]
.text           C:\Windows\system32\svchost.exe[1220] kernel32.dll!LoadLibraryExW                                                                        76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\system32\svchost.exe[1220] kernel32.dll!Process32Next                                                                         76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\Sony Ericsson\Sony Ericsson MD400 Wireless Modem\wwanSvc.exe[1348] ntdll.dll!NtTerminateProcess                         77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Sony Ericsson\Sony Ericsson MD400 Wireless Modem\wwanSvc.exe[1348] ntdll.dll!NtTerminateProcess + 4                     77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\Sony Ericsson\Sony Ericsson MD400 Wireless Modem\wwanSvc.exe[1348] kernel32.dll!LoadLibraryExW                          76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Sony Ericsson\Sony Ericsson MD400 Wireless Modem\wwanSvc.exe[1348] kernel32.dll!Process32Next                           76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\system32\svchost.exe[1380] ntdll.dll!NtTerminateProcess                                                                       77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\svchost.exe[1380] ntdll.dll!NtTerminateProcess + 4                                                                   77CC690C 2 Bytes  [0B, 5F]
.text           C:\Windows\system32\svchost.exe[1380] kernel32.dll!LoadLibraryExW                                                                        76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\system32\svchost.exe[1380] kernel32.dll!Process32Next                                                                         76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\system32\svchost.exe[1380] psapi.dll!EnumProcesses                                                                            77DC1544 6 Bytes  JMP 5F0D0F5A 
.text           C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE[1484] ntdll.dll!NtTerminateProcess                                                       77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE[1484] ntdll.dll!NtTerminateProcess + 4                                                   77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE[1484] kernel32.dll!LoadLibraryExW                                                        76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE[1484] kernel32.dll!Process32Next                                                         76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\system32\WLANExt.exe[1492] ntdll.dll!NtTerminateProcess                                                                       77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\WLANExt.exe[1492] ntdll.dll!NtTerminateProcess + 4                                                                   77CC690C 2 Bytes  [0B, 5F]
.text           C:\Windows\system32\WLANExt.exe[1492] kernel32.dll!LoadLibraryExW                                                                        76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\system32\WLANExt.exe[1492] kernel32.dll!Process32Next                                                                         76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\DellTPad\HidFind.exe[1524] ntdll.dll!NtTerminateProcess                                                                 77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\DellTPad\HidFind.exe[1524] ntdll.dll!NtTerminateProcess + 4                                                             77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\DellTPad\HidFind.exe[1524] kernel32.dll!LoadLibraryExW                                                                  76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\DellTPad\HidFind.exe[1524] kernel32.dll!Process32Next                                                                   76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe[1544] ntdll.dll!NtTerminateProcess                                                       77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe[1544] ntdll.dll!NtTerminateProcess + 4                                                   77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe[1544] KERNEL32.dll!LoadLibraryExW                                                        76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe[1544] KERNEL32.dll!Process32Next                                                         76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\System32\spoolsv.exe[1656] ntdll.dll!NtTerminateProcess                                                                       77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\System32\spoolsv.exe[1656] ntdll.dll!NtTerminateProcess + 4                                                                   77CC690C 2 Bytes  [0E, 5F] {PUSH CS; POP EDI}
.text           C:\Windows\System32\spoolsv.exe[1656] kernel32.dll!LoadLibraryExW                                                                        76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\System32\spoolsv.exe[1656] kernel32.dll!Process32Next                                                                         76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\System32\spoolsv.exe[1656] PSAPI.DLL!EnumProcesses                                                                            77DC1544 6 Bytes  JMP 5F0A0F5A 
.text           C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1708] ntdll.dll!NtTerminateProcess      77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1708] ntdll.dll!NtTerminateProcess + 4  77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1708] kernel32.dll!LoadLibraryExW       76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1708] kernel32.dll!Process32Next        76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[1752] ntdll.dll!NtTerminateProcess      77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[1752] ntdll.dll!NtTerminateProcess + 4  77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[1752] kernel32.dll!LoadLibraryExW       76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[1752] kernel32.dll!Process32Next        76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[1764] ntdll.dll!NtTerminateProcess                                                            77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Bonjour\mDNSResponder.exe[1764] ntdll.dll!NtTerminateProcess + 4                                                        77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\Bonjour\mDNSResponder.exe[1764] kernel32.dll!LoadLibraryExW                                                             76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[1764] kernel32.dll!Process32Next                                                              76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\system32\svchost.exe[1788] ntdll.dll!NtTerminateProcess                                                                       77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\svchost.exe[1788] ntdll.dll!NtTerminateProcess + 4                                                                   77CC690C 2 Bytes  [0B, 5F]
.text           C:\Windows\system32\svchost.exe[1788] kernel32.dll!LoadLibraryExW                                                                        76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\system32\svchost.exe[1788] kernel32.dll!Process32Next                                                                         76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\system32\svchost.exe[1840] ntdll.dll!NtTerminateProcess                                                                       77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\svchost.exe[1840] ntdll.dll!NtTerminateProcess + 4                                                                   77CC690C 2 Bytes  [0B, 5F]
.text           C:\Windows\system32\svchost.exe[1840] kernel32.dll!LoadLibraryExW                                                                        76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\system32\svchost.exe[1840] kernel32.dll!Process32Next                                                                         76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1860] ntdll.dll!NtTerminateProcess                                               77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1860] ntdll.dll!NtTerminateProcess + 4                                           77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1860] kernel32.dll!LoadLibraryExW                                                76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1860] kernel32.dll!Process32Next                                                 76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2072] ntdll.dll!NtTerminateProcess                                                   77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2072] ntdll.dll!NtTerminateProcess + 4                                               77CC690C 2 Bytes  [11, 5F]
.text           C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2072] kernel32.dll!LoadLibraryExW                                                    76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2072] kernel32.dll!Process32Next                                                     76CB636D 6 Bytes  JMP 5F0D0F5A 
.text           c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe[2116] ntdll.dll!NtTerminateProcess                               77CC6908 3 Bytes  [FF, 25, 1E]
.text           c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe[2116] ntdll.dll!NtTerminateProcess + 4                           77CC690C 2 Bytes  [0B, 5F]
.text           c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe[2116] kernel32.dll!LoadLibraryExW                                76C95189 6 Bytes  JMP 5F040F5A 
.text           c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe[2116] kernel32.dll!Process32Next                                 76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\T-Home\Dialerschutz-Software\DFInject.exe[2148] ntdll.dll!NtTerminateProcess                                            77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\T-Home\Dialerschutz-Software\DFInject.exe[2148] ntdll.dll!NtTerminateProcess + 4                                        77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\T-Home\Dialerschutz-Software\DFInject.exe[2148] kernel32.dll!LoadLibraryExW                                             76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\T-Home\Dialerschutz-Software\DFInject.exe[2148] kernel32.dll!Process32Next                                              76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\system32\fxssvc.exe[2200] ntdll.dll!NtTerminateProcess                                                                        77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\fxssvc.exe[2200] ntdll.dll!NtTerminateProcess + 4                                                                    77CC690C 2 Bytes  [1D, 5F]
.text           C:\Windows\system32\fxssvc.exe[2200] kernel32.dll!LoadLibraryExW                                                                         76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\system32\fxssvc.exe[2200] kernel32.dll!Process32Next                                                                          76CB636D 6 Bytes  JMP 5F190F5A 
.text           C:\Program Files\Nero\Update\NASvc.exe[2244] ntdll.dll!NtTerminateProcess                                                                77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Nero\Update\NASvc.exe[2244] ntdll.dll!NtTerminateProcess + 4                                                            77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\Nero\Update\NASvc.exe[2244] kernel32.dll!LoadLibraryExW                                                                 76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Nero\Update\NASvc.exe[2244] kernel32.dll!Process32Next                                                                  76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\system32\taskhost.exe[2308] ntdll.dll!NtTerminateProcess                                                                      77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\taskhost.exe[2308] ntdll.dll!NtTerminateProcess + 4                                                                  77CC690C 2 Bytes  [0E, 5F] {PUSH CS; POP EDI}
.text           C:\Windows\system32\taskhost.exe[2308] kernel32.dll!LoadLibraryExW                                                                       76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\system32\taskhost.exe[2308] kernel32.dll!Process32Next                                                                        76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\system32\taskhost.exe[2308] psapi.dll!EnumProcesses                                                                           77DC1544 6 Bytes  JMP 5F0A0F5A 
.text           C:\Program Files\Hotspot Shield\bin\openvpnas.exe[2344] ntdll.dll!NtTerminateProcess                                                     77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Hotspot Shield\bin\openvpnas.exe[2344] ntdll.dll!NtTerminateProcess + 4                                                 77CC690C 2 Bytes  [0E, 5F] {PUSH CS; POP EDI}
.text           C:\Program Files\Hotspot Shield\bin\openvpnas.exe[2344] kernel32.dll!LoadLibraryExW                                                      76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Hotspot Shield\bin\openvpnas.exe[2344] kernel32.dll!Process32Next                                                       76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\Hotspot Shield\bin\openvpnas.exe[2344] PSAPI.DLL!EnumProcesses                                                          77DC1544 6 Bytes  JMP 5F0A0F5A 
.text           C:\Windows\system32\Dwm.exe[2416] ntdll.dll!NtTerminateProcess                                                                           77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\Dwm.exe[2416] ntdll.dll!NtTerminateProcess + 4                                                                       77CC690C 2 Bytes  [0B, 5F]
.text           C:\Windows\system32\Dwm.exe[2416] kernel32.dll!LoadLibraryExW                                                                            76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\system32\Dwm.exe[2416] kernel32.dll!Process32Next                                                                             76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\system32\Dwm.exe[2416] PSAPI.DLL!EnumProcesses                                                                                77DC1544 6 Bytes  JMP 5F0D0F5A 
.text           C:\Windows\system32\wbem\unsecapp.exe[2520] ntdll.dll!NtTerminateProcess                                                                 77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\wbem\unsecapp.exe[2520] ntdll.dll!NtTerminateProcess + 4                                                             77CC690C 2 Bytes  [0B, 5F]
.text           C:\Windows\system32\wbem\unsecapp.exe[2520] kernel32.dll!LoadLibraryExW                                                                  76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\system32\wbem\unsecapp.exe[2520] kernel32.dll!Process32Next                                                                   76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\Explorer.EXE[2664] ntdll.dll!NtTerminateProcess                                                                               77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\Explorer.EXE[2664] ntdll.dll!NtTerminateProcess + 4                                                                           77CC690C 2 Bytes  [0E, 5F] {PUSH CS; POP EDI}
.text           C:\Windows\Explorer.EXE[2664] kernel32.dll!LoadLibraryExW                                                                                76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\Explorer.EXE[2664] kernel32.dll!Process32Next                                                                                 76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\Explorer.EXE[2664] SHELL32.dll!SHFileOperationW                                                                               76059708 5 Bytes  JMP 03321102 C:\Program Files\Unlocker\UnlockerHook.dll
.text           C:\Windows\Explorer.EXE[2664] PSAPI.DLL!EnumProcesses                                                                                    77DC1544 6 Bytes  JMP 5F0A0F5A 
.text           C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[2704] ntdll.dll!NtTerminateProcess                                                     77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[2704] ntdll.dll!NtTerminateProcess + 4                                                 77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[2704] kernel32.dll!LoadLibraryExW                                                      76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[2704] kernel32.dll!Process32Next                                                       76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\system32\taskeng.exe[2728] ntdll.dll!NtTerminateProcess                                                                       77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\taskeng.exe[2728] ntdll.dll!NtTerminateProcess + 4                                                                   77CC690C 2 Bytes  [0B, 5F]
.text           C:\Windows\system32\taskeng.exe[2728] kernel32.dll!LoadLibraryExW                                                                        76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\system32\taskeng.exe[2728] kernel32.dll!Process32Next                                                                         76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[2764] ntdll.dll!NtTerminateProcess                                       77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[2764] ntdll.dll!NtTerminateProcess + 4                                   77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[2764] KERNEL32.dll!LoadLibraryExW                                        76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe[2764] KERNEL32.dll!Process32Next                                         76CB636D 6 Bytes  JMP 5F070F5A 
.text           c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2840] ntdll.dll!NtTerminateProcess                                        77CC6908 3 Bytes  [FF, 25, 1E]
.text           c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2840] ntdll.dll!NtTerminateProcess + 4                                    77CC690C 2 Bytes  [0E, 5F] {PUSH CS; POP EDI}
.text           c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2840] kernel32.dll!LoadLibraryExW                                         76C95189 6 Bytes  JMP 5F040F5A 
.text           c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2840] kernel32.dll!Process32Next                                          76CB636D 6 Bytes  JMP 5F070F5A 
.text           c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2840] PSAPI.DLL!EnumProcesses                                             77DC1544 6 Bytes  JMP 5F0A0F5A 
.text           c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2848] ntdll.dll!NtTerminateProcess                                       77CC6908 3 Bytes  [FF, 25, 1E]
.text           c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2848] ntdll.dll!NtTerminateProcess + 4                                   77CC690C 2 Bytes  [0E, 5F] {PUSH CS; POP EDI}
.text           c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2848] kernel32.dll!LoadLibraryExW                                        76C95189 6 Bytes  JMP 5F040F5A 
.text           c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2848] kernel32.dll!Process32Next                                         76CB636D 6 Bytes  JMP 5F070F5A 
.text           c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2848] PSAPI.DLL!EnumProcesses                                            77DC1544 6 Bytes  JMP 5F0A0F5A 
.text           C:\Program Files\PDF Architect\ConversionService.exe[2900] ntdll.dll!NtTerminateProcess                                                  77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\PDF Architect\ConversionService.exe[2900] ntdll.dll!NtTerminateProcess + 4                                              77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\PDF Architect\ConversionService.exe[2900] kernel32.dll!LoadLibraryExW                                                   76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\PDF Architect\ConversionService.exe[2900] kernel32.dll!Process32Next                                                    76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\IDT\WDM\sttray.exe[3060] ntdll.dll!NtTerminateProcess                                                                   77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\IDT\WDM\sttray.exe[3060] ntdll.dll!NtTerminateProcess + 4                                                               77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\IDT\WDM\sttray.exe[3060] kernel32.dll!LoadLibraryExW                                                                    76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\IDT\WDM\sttray.exe[3060] kernel32.dll!Process32Next                                                                     76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\System32\hkcmd.exe[3084] ntdll.dll!NtTerminateProcess                                                                         77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\System32\hkcmd.exe[3084] ntdll.dll!NtTerminateProcess + 4                                                                     77CC690C 2 Bytes  [0B, 5F]
.text           C:\Windows\System32\hkcmd.exe[3084] kernel32.dll!LoadLibraryExW                                                                          76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\System32\hkcmd.exe[3084] kernel32.dll!Process32Next                                                                           76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\system32\igfxsrvc.exe[3124] ntdll.dll!NtTerminateProcess                                                                      77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\igfxsrvc.exe[3124] ntdll.dll!NtTerminateProcess + 4                                                                  77CC690C 2 Bytes  [0B, 5F]
.text           C:\Windows\system32\igfxsrvc.exe[3124] kernel32.dll!LoadLibraryExW                                                                       76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\system32\igfxsrvc.exe[3124] kernel32.dll!Process32Next                                                                        76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\System32\igfxpers.exe[3164] ntdll.dll!NtTerminateProcess                                                                      77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\System32\igfxpers.exe[3164] ntdll.dll!NtTerminateProcess + 4                                                                  77CC690C 2 Bytes  [0B, 5F]
.text           C:\Windows\System32\igfxpers.exe[3164] kernel32.dll!LoadLibraryExW                                                                       76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\System32\igfxpers.exe[3164] kernel32.dll!Process32Next                                                                        76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3260] ntdll.dll!NtTerminateProcess                                      77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3260] ntdll.dll!NtTerminateProcess + 4                                  77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3260] kernel32.dll!LoadLibraryExW                                       76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3260] kernel32.dll!Process32Next                                        76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe[3268] ntdll.dll!NtTerminateProcess                                         77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe[3268] ntdll.dll!NtTerminateProcess + 4                                     77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe[3268] KERNEL32.dll!LoadLibraryExW                                          76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe[3268] KERNEL32.dll!Process32Next                                           76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe[3268] PSAPI.DLL!EnumProcesses                                              77DC1544 6 Bytes  JMP 5F130F5A 
.text           C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe[3300] ntdll.dll!NtTerminateProcess            77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe[3300] ntdll.dll!NtTerminateProcess + 4        77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe[3300] KERNEL32.dll!LoadLibraryExW             76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe[3300] KERNEL32.dll!Process32Next              76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe[3332] ntdll.dll!NtTerminateProcess                               77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe[3332] ntdll.dll!NtTerminateProcess + 4                           77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe[3332] KERNEL32.dll!LoadLibraryExW                                76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe[3332] KERNEL32.dll!Process32Next                                 76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe[3332] PSAPI.DLL!EnumProcesses                                    77DC1544 6 Bytes  JMP 5F130F5A 
.text           C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[3364] ntdll.dll!NtTerminateProcess                                                         77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[3364] ntdll.dll!NtTerminateProcess + 4                                                     77CC690C 2 Bytes  [11, 5F]
.text           C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[3364] KERNEL32.dll!LoadLibraryExW                                                          76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[3364] KERNEL32.dll!Process32Next                                                           76CB636D 6 Bytes  JMP 5F0D0F5A 
.text           C:\Windows\WindowsMobile\wmdc.exe[3372] ntdll.dll!NtTerminateProcess                                                                     77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\WindowsMobile\wmdc.exe[3372] ntdll.dll!NtTerminateProcess + 4                                                                 77CC690C 2 Bytes  [0E, 5F] {PUSH CS; POP EDI}
.text           C:\Windows\WindowsMobile\wmdc.exe[3372] kernel32.dll!LoadLibraryExW                                                                      76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\WindowsMobile\wmdc.exe[3372] kernel32.dll!Process32Next                                                                       76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\WindowsMobile\wmdc.exe[3372] PSAPI.DLL!EnumProcesses                                                                          77DC1544 6 Bytes  JMP 5F0A0F5A 
.text           C:\Program Files\DellTPad\Apoint.exe[3388] ntdll.dll!NtTerminateProcess                                                                  77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\DellTPad\Apoint.exe[3388] ntdll.dll!NtTerminateProcess + 4                                                              77CC690C 2 Bytes  [0E, 5F] {PUSH CS; POP EDI}
.text           C:\Program Files\DellTPad\Apoint.exe[3388] kernel32.dll!LoadLibraryExW                                                                   76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\DellTPad\Apoint.exe[3388] kernel32.dll!Process32Next                                                                    76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\DellTPad\Apoint.exe[3388] PSAPI.DLL!EnumProcesses                                                                       77DC1544 6 Bytes  JMP 5F0A0F5A 
.text           C:\Program Files\PDF Architect\HelperService.exe[3480] ntdll.dll!NtTerminateProcess                                                      77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\PDF Architect\HelperService.exe[3480] ntdll.dll!NtTerminateProcess + 4                                                  77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\PDF Architect\HelperService.exe[3480] kernel32.dll!LoadLibraryExW                                                       76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\PDF Architect\HelperService.exe[3480] kernel32.dll!Process32Next                                                        76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe[3496] ntdll.dll!NtTerminateProcess                                               77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe[3496] ntdll.dll!NtTerminateProcess + 4                                           77CC690C 2 Bytes  [0E, 5F] {PUSH CS; POP EDI}
.text           C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe[3496] kernel32.dll!LoadLibraryExW                                                76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe[3496] kernel32.dll!Process32Next                                                 76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe[3496] PSAPI.DLL!EnumProcesses                                                    77DC1544 6 Bytes  JMP 5F0A0F5A 
.text           C:\Program Files\PDF24\pdf24.exe[3504] ntdll.dll!NtTerminateProcess                                                                      77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\PDF24\pdf24.exe[3504] ntdll.dll!NtTerminateProcess + 4                                                                  77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\PDF24\pdf24.exe[3504] kernel32.dll!LoadLibraryExW                                                                       76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\PDF24\pdf24.exe[3504] kernel32.dll!Process32Next                                                                        76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\DSL-Manager\DslMgr.exe[3572] ntdll.dll!NtTerminateProcess                                                               77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\DSL-Manager\DslMgr.exe[3572] ntdll.dll!NtTerminateProcess + 4                                                           77CC690C 2 Bytes  [11, 5F]
.text           C:\Program Files\DSL-Manager\DslMgr.exe[3572] kernel32.dll!LoadLibraryExW                                                                76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\DSL-Manager\DslMgr.exe[3572] kernel32.dll!Process32Next                                                                 76CB636D 6 Bytes  JMP 5F0D0F5A 
.text           C:\Program Files\DSL-Manager\DslMgr.exe[3572] PSAPI.DLL!EnumProcesses                                                                    77DC1544 6 Bytes  JMP 5F130F5A 
.text           C:\Windows\system32\igfxext.exe[3652] ntdll.dll!NtTerminateProcess                                                                       77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\igfxext.exe[3652] ntdll.dll!NtTerminateProcess + 4                                                                   77CC690C 2 Bytes  [0B, 5F]
.text           C:\Windows\system32\igfxext.exe[3652] kernel32.dll!LoadLibraryExW                                                                        76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\system32\igfxext.exe[3652] kernel32.dll!Process32Next                                                                         76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\V0770Mon.exe[3696] ntdll.dll!NtTerminateProcess                                                                               77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\V0770Mon.exe[3696] ntdll.dll!NtTerminateProcess + 4                                                                           77CC690C 2 Bytes  [0B, 5F]
.text           C:\Windows\V0770Mon.exe[3696] kernel32.dll!LoadLibraryExW                                                                                76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\V0770Mon.exe[3696] kernel32.dll!Process32Next                                                                                 76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\system32\svchost.exe[3828] ntdll.dll!NtTerminateProcess                                                                       77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\svchost.exe[3828] ntdll.dll!NtTerminateProcess + 4                                                                   77CC690C 2 Bytes  [0B, 5F]
.text           C:\Windows\system32\svchost.exe[3828] kernel32.dll!LoadLibraryExW                                                                        76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\system32\svchost.exe[3828] kernel32.dll!Process32Next                                                                         76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\Datacolor2\Spyder3Express\Utility\Spyder3Utility.exe[3844] ntdll.dll!NtTerminateProcess                                 77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Datacolor2\Spyder3Express\Utility\Spyder3Utility.exe[3844] ntdll.dll!NtTerminateProcess + 4                             77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\Datacolor2\Spyder3Express\Utility\Spyder3Utility.exe[3844] kernel32.dll!LoadLibraryExW                                  76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Datacolor2\Spyder3Express\Utility\Spyder3Utility.exe[3844] kernel32.dll!Process32Next                                   76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe[3984] ntdll.dll!NtTerminateProcess                                              77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe[3984] ntdll.dll!NtTerminateProcess + 4                                          77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe[3984] kernel32.dll!LoadLibraryExW                                               76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe[3984] kernel32.dll!Process32Next                                                76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe[3984] PSAPI.DLL!EnumProcesses                                                   77DC1544 6 Bytes  JMP 5F0D0F5A 
.text           C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[4276] ntdll.dll!NtTerminateProcess                                      77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[4276] ntdll.dll!NtTerminateProcess + 4                                  77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[4276] kernel32.dll!LoadLibraryExW                                       76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[4276] kernel32.dll!Process32Next                                        76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\system32\svchost.exe[4280] ntdll.dll!NtTerminateProcess                                                                       77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\svchost.exe[4280] ntdll.dll!NtTerminateProcess + 4                                                                   77CC690C 2 Bytes  [0B, 5F]
.text           C:\Windows\system32\svchost.exe[4280] kernel32.dll!LoadLibraryExW                                                                        76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\system32\svchost.exe[4280] kernel32.dll!Process32Next                                                                         76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\System32\tcpsvcs.exe[4332] ntdll.dll!NtTerminateProcess                                                                       77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\System32\tcpsvcs.exe[4332] ntdll.dll!NtTerminateProcess + 4                                                                   77CC690C 2 Bytes  [0B, 5F]
.text           C:\Windows\System32\tcpsvcs.exe[4332] kernel32.dll!LoadLibraryExW                                                                        76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\System32\tcpsvcs.exe[4332] kernel32.dll!Process32Next                                                                         76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\system32\svchost.exe[4412] ntdll.dll!NtTerminateProcess                                                                       77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\svchost.exe[4412] ntdll.dll!NtTerminateProcess + 4                                                                   77CC690C 2 Bytes  [0B, 5F]
.text           C:\Windows\system32\svchost.exe[4412] kernel32.dll!LoadLibraryExW                                                                        76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\system32\svchost.exe[4412] kernel32.dll!Process32Next                                                                         76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[4472] ntdll.dll!NtTerminateProcess                               77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[4472] ntdll.dll!NtTerminateProcess + 4                           77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[4472] kernel32.dll!LoadLibraryExW                                76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[4472] kernel32.dll!Process32Next                                 76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe[4504] ntdll.dll!NtTerminateProcess                                           77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe[4504] ntdll.dll!NtTerminateProcess + 4                                       77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe[4504] kernel32.dll!LoadLibraryExW                                            76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe[4504] kernel32.dll!Process32Next                                             76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe[4504] Psapi.dll!EnumProcesses                                                77DC1544 6 Bytes  JMP 5F0D0F5A 
.text           C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe[4876] ntdll.dll!NtTerminateProcess                         77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe[4876] ntdll.dll!NtTerminateProcess + 4                     77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe[4876] KERNEL32.dll!LoadLibraryExW                          76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe[4876] KERNEL32.dll!Process32Next                           76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\DellTPad\ApMsgFwd.exe[5008] ntdll.dll!NtTerminateProcess                                                                77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\DellTPad\ApMsgFwd.exe[5008] ntdll.dll!NtTerminateProcess + 4                                                            77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\DellTPad\ApMsgFwd.exe[5008] kernel32.dll!LoadLibraryExW                                                                 76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\DellTPad\ApMsgFwd.exe[5008] kernel32.dll!Process32Next                                                                  76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[5088] ntdll.dll!NtTerminateProcess                                                    77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[5088] ntdll.dll!NtTerminateProcess + 4                                                77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[5088] kernel32.dll!LoadLibraryExW                                                     76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[5088] kernel32.dll!Process32Next                                                      76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\DellTPad\Apntex.exe[5120] ntdll.dll!NtTerminateProcess                                                                  77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\DellTPad\Apntex.exe[5120] ntdll.dll!NtTerminateProcess + 4                                                              77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\DellTPad\Apntex.exe[5120] kernel32.dll!LoadLibraryExW                                                                   76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\DellTPad\Apntex.exe[5120] kernel32.dll!Process32Next                                                                    76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe[5132] ntdll.dll!NtTerminateProcess                           77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe[5132] ntdll.dll!NtTerminateProcess + 4                       77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe[5132] kernel32.dll!LoadLibraryExW                            76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe[5132] kernel32.dll!Process32Next                             76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\DSL-Manager\DslMgrSvc.exe[5368] ntdll.dll!NtTerminateProcess                                                            77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\DSL-Manager\DslMgrSvc.exe[5368] ntdll.dll!NtTerminateProcess + 4                                                        77CC690C 2 Bytes  [0E, 5F] {PUSH CS; POP EDI}
.text           C:\Program Files\DSL-Manager\DslMgrSvc.exe[5368] kernel32.dll!LoadLibraryExW                                                             76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\DSL-Manager\DslMgrSvc.exe[5368] kernel32.dll!Process32Next                                                              76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\DSL-Manager\DslMgrSvc.exe[5368] PSAPI.DLL!EnumProcesses                                                                 77DC1544 6 Bytes  JMP 5F0A0F5A 
.text           C:\Program Files\Software Informer\softinfo.exe[5416] ntdll.dll!NtTerminateProcess                                                       77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Software Informer\softinfo.exe[5416] ntdll.dll!NtTerminateProcess + 4                                                   77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\Software Informer\softinfo.exe[5416] kernel32.dll!LoadLibraryExW                                                        76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Software Informer\softinfo.exe[5416] kernel32.dll!Process32Next                                                         76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\system32\SearchIndexer.exe[5436] ntdll.dll!NtTerminateProcess                                                                 77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\SearchIndexer.exe[5436] ntdll.dll!NtTerminateProcess + 4                                                             77CC690C 2 Bytes  [0E, 5F] {PUSH CS; POP EDI}
.text           C:\Windows\system32\SearchIndexer.exe[5436] kernel32.dll!LoadLibraryExW                                                                  76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\system32\SearchIndexer.exe[5436] kernel32.dll!Process32Next                                                                   76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\system32\SearchIndexer.exe[5436] psapi.dll!EnumProcesses                                                                      77DC1544 6 Bytes  JMP 5F0A0F5A 
.text           C:\Windows\system32\lxbkcoms.exe[5652] ntdll.dll!NtTerminateProcess                                                                      77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\lxbkcoms.exe[5652] ntdll.dll!NtTerminateProcess + 4                                                                  77CC690C 2 Bytes  [0B, 5F]
.text           C:\Windows\system32\lxbkcoms.exe[5652] kernel32.dll!LoadLibraryExW                                                                       76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\system32\lxbkcoms.exe[5652] kernel32.dll!Process32Next                                                                        76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe[5868] ntdll.dll!NtTerminateProcess                                              77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe[5868] ntdll.dll!NtTerminateProcess + 4                                          77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe[5868] kernel32.dll!LoadLibraryExW                                               76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe[5868] kernel32.dll!Process32Next                                                76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe[5868] PSAPI.DLL!EnumProcesses                                                   77DC1544 6 Bytes  JMP 5F0D0F5A 
.text           C:\Program Files\Unlocker\UnlockerAssistant.exe[5916] ntdll.dll!NtTerminateProcess                                                       77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Unlocker\UnlockerAssistant.exe[5916] ntdll.dll!NtTerminateProcess + 4                                                   77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\Unlocker\UnlockerAssistant.exe[5916] kernel32.dll!LoadLibraryExW                                                        76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Unlocker\UnlockerAssistant.exe[5916] kernel32.dll!Process32Next                                                         76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\system32\svchost.exe[6016] ntdll.dll!NtTerminateProcess                                                                       77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\svchost.exe[6016] ntdll.dll!NtTerminateProcess + 4                                                                   77CC690C 2 Bytes  [0B, 5F]
.text           C:\Windows\system32\svchost.exe[6016] kernel32.dll!LoadLibraryExW                                                                        76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\system32\svchost.exe[6016] kernel32.dll!Process32Next                                                                         76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[6172] ntdll.dll!NtTerminateProcess                                                          77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Windows Sidebar\sidebar.exe[6172] ntdll.dll!NtTerminateProcess + 4                                                      77CC690C 2 Bytes  [0B, 5F]
.text           C:\Program Files\Windows Sidebar\sidebar.exe[6172] kernel32.dll!LoadLibraryExW                                                           76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[6172] kernel32.dll!Process32Next                                                            76CB636D 6 Bytes  JMP 5F070F5A 
.text           C:\Users\Thomas\Desktop\Gmer-19357.exe[6388] ntdll.dll!NtTerminateProcess                                                                77CC6908 3 Bytes  [FF, 25, 1E]
.text           C:\Users\Thomas\Desktop\Gmer-19357.exe[6388] ntdll.dll!NtTerminateProcess + 4                                                            77CC690C 2 Bytes  [0B, 5F]
.text           C:\Users\Thomas\Desktop\Gmer-19357.exe[6388] kernel32.dll!LoadLibraryExW                                                                 76C95189 6 Bytes  JMP 5F040F5A 
.text           C:\Users\Thomas\Desktop\Gmer-19357.exe[6388] kernel32.dll!Process32Next                                                                  76CB636D 6 Bytes  JMP 5F070F5A 

---- Devices - GMER 2.1 ----

Device          \Driver\DFInjDrv \Device\DFInjDrv                                                                                                        DFInjDrv32.sys
Device          \Driver\NdisTapi \Device\NdisTapi                                                                                                        DFSYS.SYS

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                 fltmgr.sys

---- Processes - GMER 2.1 ----

Process         C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe (*** hidden *** )                                                             3792                                                                                                                                                 

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\904ce5d4df96                                                              
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\904ce5d4df96@001de90be28e                                                 0xCB 0xD1 0x7D 0xC1 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\904ce5d4df96@a0079825c20d                                                 0x02 0x14 0x54 0xDD ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\904ce5d4df96 (not active ControlSet)                                          
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\904ce5d4df96@001de90be28e                                                     0xCB 0xD1 0x7D 0xC1 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\904ce5d4df96@a0079825c20d                                                     0x02 0x14 0x54 0xDD ...
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{FA2A5F5C-495C-11DF-9A54-806E6F6E6963}                   145976181088

---- EOF - GMER 2.1 ----
         

FRST im Anhang, da Beitrag leider zu lang.

Alt 03.09.2014, 09:48   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe - Standard

Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe



Hi und

Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 03.09.2014, 10:45   #3
Thomas08
 
Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe - Standard

Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe



Ich dachte, das soll ich lt. der 2. Goldenen Regel nicht machen...
Zitat:
Wenn du statt zu editieren eine Antwort schreibst, dann sieht es für uns aus als wäre dein Thema schon in Arbeit und niemand kümmert sich um dich.
Aber da du schon geantwortet hast, kann ich es jetzt ja auch als neues Posting einfügen? ;-)
Danke schon mal für die Rückmeldung!

FRST:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-09-2014
Ran by Thomas (administrator) on T-LAPTOP on 03-09-2014 10:09:50
Running from C:\Users\Thomas\Desktop
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe
() C:\Program Files\Sony Ericsson\Sony Ericsson MD400 Wireless Modem\wwanSvc.exe
() C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Smith Micro Software, Inc.) C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
(T-Systems International GmbH) C:\Program Files\T-Home\Dialerschutz-Software\DFInject.exe
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\openvpnas.exe
(AnchorFree Inc.) C:\Program Files\Hotspot Shield\HssWPR\HssSrv.exe
() C:\Program Files\Hotspot Shield\bin\hsswd.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
( ) C:\Windows\System32\lxbkcoms.exe
(Deutsche Telekom AG) C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\6.4.1.14\ccsvchst.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\6.4.1.14\ccsvchst.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
(Broadcom Corporation) C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
(Smith Micro Software, Inc.) C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Nero AG) C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Creative Technology Ltd.) C:\Windows\V0770Mon.exe
(T-Systems International GmbH) C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
(T-Systems Enterprise Services GmbH) C:\Program Files\DSL-Manager\DslMgr.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(T-Systems Enterprise Services GmbH) C:\Program Files\DSL-Manager\DslMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\Datacolor2\Spyder3Express\Utility\Spyder3Utility.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Informer Technologies, Inc.) C:\Program Files\Software Informer\softinfo.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [458844 2009-08-01] (IDT, Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [DellControlPoint] => C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [657920 2009-11-02] (Dell Inc.)
HKLM\...\Run: [USCService] => C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-01-05] (Broadcom Corporation)
HKLM\...\Run: [DellConnectionManager] => C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe [1845248 2009-12-22] (Smith Micro Software, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [4685824 2010-04-16] (Dell Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [249856 2009-06-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [NBAgent] => C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1406248 2010-10-28] (Nero AG)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [162856 2013-02-19] (Geek Software GmbH)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [V0770Mon.exe] => C:\Windows\V0770Mon.exe [32884 2012-06-01] (Creative Technology Ltd.)
HKLM\...\Run: [C:\Windows\system32\V0770Ext.ax] => C:\Windows\system32\RegSvr32.exe /s C:\Windows\system32\V0770Ext.ax
HKLM\...\Run: [BingDesktop] => C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2368728 2014-05-23] (Microsoft Corp.)
HKLM\...\Run: [T-Home Dialerschutz-Software] => C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe [1411720 2010-03-29] (T-Systems International GmbH)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\.DEFAULT\...\Run: [InfoCockpit] => C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE [268800 2009-11-16] (Deutsche Telekom AG, T-Com)
HKU\S-1-5-19\...\Run: [InfoCockpit] => C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE [268800 2009-11-16] (Deutsche Telekom AG, T-Com)
HKU\S-1-5-20\...\Run: [InfoCockpit] => C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE [268800 2009-11-16] (Deutsche Telekom AG, T-Com)
HKU\S-1-5-21-570751628-918466799-1238080868-1001\...\Run: [fsm] => [X]
HKU\S-1-5-21-570751628-918466799-1238080868-1001\...\Run: [] => [X]
HKU\S-1-5-21-570751628-918466799-1238080868-1001\...\Run: [SSync] => C:\Users\Thomas\AppData\Roaming\SSync\SSync.exe [36864 2013-04-10] ()
HKU\S-1-5-21-570751628-918466799-1238080868-1001\...\Run: [SCheck] => C:\Users\Thomas\AppData\Roaming\SCheck\SCheck.exe [37376 2013-12-09] ()
HKU\S-1-5-21-570751628-918466799-1238080868-1001\...\Run: [Snoozer] => C:\Users\Thomas\AppData\Roaming\Snz\Snz.exe [1628642 2014-08-03] ()
HKU\S-1-5-21-570751628-918466799-1238080868-1001\...\Run: [Intermediate] => C:\Users\Thomas\AppData\Roaming\Intermediate\Intermediate.exe [37376 2013-12-09] ()
HKU\S-1-5-21-570751628-918466799-1238080868-1001\...\Run: [Sixth] => C:\Users\Thomas\AppData\Roaming\Sixth\Sixth.exe [63624 2014-08-19] ()
HKU\S-1-5-21-570751628-918466799-1238080868-1001\...\Run: [Seventh] => C:\Users\Thomas\AppData\Roaming\Seventh\Seventh.exe [83648 2014-08-19] ()
HKU\S-1-5-21-570751628-918466799-1238080868-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-570751628-918466799-1238080868-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-570751628-918466799-1238080868-1001\...\MountPoints2: {2819f96f-66b6-11df-ab1a-0026b9bf5d36} - E:\LaunchU3.exe -a
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Startup\Dell ControlPoint System Manager.lnk
ShortcutTarget: Dell ControlPoint System Manager.lnk -> C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Startup\Spyder3Utility.lnk
ShortcutTarget: Spyder3Utility.lnk -> C:\Program Files\Datacolor2\Spyder3Express\Utility\Spyder3Utility.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme\Startup\Meine Dienste.lnk
ShortcutTarget: Meine Dienste.lnk -> C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme\Startup\Meine Dienste.lnk
ShortcutTarget: Meine Dienste.lnk -> C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
Startup: C:\Users\Präsentation\AppData\Roaming\Microsoft\Windows\Start Menu\Programme\Startup\cwsm - Verknüpfung.lnk
ShortcutTarget: cwsm - Verknüpfung.lnk -> C:\Program Files\Klassisches Startmenü\cwsm.exe ()
Startup: C:\Users\Präsentation\AppData\Roaming\Microsoft\Windows\Start Menu\Programme\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Präsentation\AppData\Roaming\Microsoft\Windows\Start Menu\Programme\Startup\Meine Dienste.lnk
ShortcutTarget: Meine Dienste.lnk -> C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
Startup: C:\Users\Präsentation\AppData\Roaming\Microsoft\Windows\Start Menu\Programme\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\program\quickstart.exe (No File)
Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programme\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programme\Startup\Netzmanager.lnk
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: 01Mediencenter_InSync -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\Thomas\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: 02Mediencenter_ToSync -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\Thomas\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: 03Mediencenter_Failed -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\Thomas\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: EnabledUnlockedFDEIconOverlay -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: McsShellOverlayUpload -> {0774B5A9-ADB5-4D3A-915F-72C7EF9CD262} => C:\Windows\system32\DTAG.Mediencenter.ShellExtension.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\6.4.1.14\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\6.4.1.14\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\6.4.1.14\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: UninitializedFdeIconOverlay -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
GroupPolicyUsers\S-1-5-21-570751628-918466799-1238080868-1003\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xADE0ED5839FECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://startpage.com/
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} -  No File
URLSearchHook: HKLM - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfit204fbdgy11&q={searchTerms}
SearchScopes: HKCU - {330DC6E0-1A5B-4AFE-8E50-297AF70CEC78} URL = 
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfit204fbdgy11&q={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Deaktivierungs-Add-on für Browser von Google Analytics -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Advertising Cookie Opt-out -> {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} -> C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc)
BHO: Babylon IE plugin -> {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} -> C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
BHO: No Name -> {B922D405-6D13-4A2B-AE89-08A030DA4402} ->  No File
BHO: Flagfox -> {BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24} -> C:\Users\Thomas\AppData\LocalLow\Flagfox\IE\Flagfox.dll (Dave G)
BHO: Hotspot Shield Toolbar -> {c95a4e8e-816d-4655-8c79-d736da1adb6d} -> C:\Program Files\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
Toolbar: HKLM - No Name - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} -  No File
Toolbar: HKLM - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Hotspot Shield Toolbar - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Program Files\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} 
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default
FF Homepage: https://startpage.com/do/search
FF Keyword.URL: hxxp://native-search.com/search.php?channel=de&q=
FF NetworkProxy: "http", "www-proxy.t-online.de"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.1.0 -> C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.1.0 -> C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Thomas\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @phonostar.de/phonostar -> C:\Program Files\phonostar-Player\npphonostarDetectNP.dll ( )
FF Plugin HKCU: @protectdisc.com/NPPDLicenseHelper -> C:\Users\Thomas\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
FF Plugin HKCU: bebomedia.com/OfferMosquitoIEHelper -> C:\Users\Thomas\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File
FF Plugin HKCU: telekom.com/PagePlaceStarter -> C:\Program Files\PagePlace\npPagePlaceStarter.dll (Deutsche Telekom AG)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Thomas\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\searchplugins\fbdownloader_search.xml
FF SearchPlugin: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\searchplugins\search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Conduit Engine  - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\engine@conduit.com [2011-03-28]
FF Extension: Free Download Manager plugin - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\fdm_ffext@freedownloadmanager.org [2012-12-13]
FF Extension: FoxyProxy Standard - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\foxyproxy@eric.h.jung [2014-02-04]
FF Extension: Flagfox - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\info@flagfox.net [2013-05-15]
FF Extension: Pocket - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\isreaditlater@ideashower.com [2014-07-03]
FF Extension: Gutscheinrausch.de - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\mail@gutscheinrausch.de [2012-02-11]
FF Extension: qtl - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\qtl.co.il@gmail.com [2011-03-19]
FF Extension: Garmin Communicator - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-03-02]
FF Extension: Hotspot Shield Community Toolbar - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d} [2013-07-15]
FF Extension: Firebug - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\firebug@software.joehewitt.com.xpi [2014-07-17]
FF Extension: Telekom YouTube Turbo - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\info@maltegoetz.de.xpi [2011-09-08]
FF Extension: Advertising Cookie Opt-out - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\optout@google.com.xpi [2011-05-06]
FF Extension: Simple New Tab - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\snt@dotlabs.co.xpi [2013-12-16]
FF Extension: Google Analytics Opt-out Browser Add-on - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2011-04-20]
FF Extension: ImTranslator - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2013-08-01]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF Extension: Adblock Plus - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-14]
FF Extension: Download Statusbar - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2011-10-29]
FF Extension: Greasemonkey - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-09-02]
FF Extension: Babylon Spelling and Proofreading - C:\Program Files\Mozilla Firefox\extensions\adapter@babylontc.com [2014-07-30]
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2014-07-30]
FF Extension: Babylon OCR - C:\Program Files\Mozilla Firefox\extensions\ocr@babylon.com [2014-07-30]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-07-30]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-07-30]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-07-30]
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2010-07-09]
FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync
FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync [2011-03-13]
FF HKLM\...\Firefox\Extensions: [{1BC4187C-4BB6-4C5A-A11A-3FB535AE04AB}] - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012-05-09]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn [2014-09-03]
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2013-12-11]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-03-11]
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2010-07-09]
FF HKCU\...\Firefox\Extensions: [mail@gutscheinrausch.de] - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\extensions\mail@gutscheinrausch.de
FF HKCU\...\Thunderbird\Extensions: [{528bcd12-8e45-4595-96dd-c92c3989c536}] - C:\Program Files\WEB.DE MultiMessenger\ThunderbirdSyncProxy
FF Extension: Adressbuchanbindung*für*WEB.DE*MultiMessenger - C:\Program Files\WEB.DE MultiMessenger\ThunderbirdSyncProxy [2010-05-29]

Chrome: 
=======
CHR HomePage: Default -> hxxp://search.fbdownloader.com/?channel=sfit204fbdgy11
CHR StartupUrls: Default -> "hxxp://search.fbdownloader.com/?channel=sfit204fbdgy11"
CHR DefaultSearchKeyword: Default -> fbdownloader search
CHR DefaultSearchProvider: Default -> FBDownloader Search
CHR DefaultSearchURL: Default -> hxxp://search.fbdownloader.com/search.php?channel=sfit204fbdgy11&q={searchTerms}
CHR DefaultSuggestURL: Default -> 
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Babylon Chrome Plugin) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.1_0\BabylonChromePI.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\Thomas\AppData\Roaming\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (PagePlace Starter plugin) - C:\Program Files\PagePlace\npPagePlaceStarter.dll (Deutsche Telekom AG)
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (phonostar Detector) - C:\Program Files\phonostar-Player\npphonostarDetectNP.dll ( )
CHR Plugin: (Protect Disc License Acquisition Plugin) - C:\Users\Thomas\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR CustomProfile: C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-11]
CHR Extension: (Flagfox) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfdfamfnacokbbbnmpdfmhonipnhmbid [2013-07-11]
CHR Extension: (Google-Suche) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-11]
CHR Extension: (RealDownloader) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-07-11]
CHR Extension: (Google Wallet) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-06]
CHR Extension: (Google Mail) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-11]
CHR HKLM\...\Chrome\Extension: [cfdfamfnacokbbbnmpdfmhonipnhmbid] - C:\Users\Thomas\AppData\LocalLow\Flagfox\CHROME\Flagfox.crx [2013-04-28]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-03-23]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\6.4.1.14\Exts\Chrome.crx [2014-02-03]
CHR HKCU\...\Chrome\Extension: [docfnddcclkgokdfpnmngpiliiachclb] - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\ext_piccshare\ext_piccshare.crx [2013-06-26]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-01-05]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor10.0; C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173784 2014-05-23] (Microsoft Corp.)
R2 buttonsvc32; C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [278304 2009-11-20] (Dell Inc.)
R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [812448 2009-12-17] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [27040 2009-12-17] (Broadcom Corporation)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-03-23] (Cisco Systems, Inc.)
R2 dcpsysmgrsvc; c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [386848 2009-12-10] (Dell Inc.)
R2 DFSVC; C:\Program Files\T-Home\Dialerschutz-Software\DFInject.exe [288768 2009-10-21] (T-Systems International GmbH) [File not signed]
S3 GSService; C:\Windows\system32\GSService.exe [745472 2011-03-31] () [File not signed]
R2 hshld; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [545576 2013-02-23] (AnchorFree Inc.)
R2 HssSrv; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [453928 2013-02-23] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-02-22] ()
R2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [389928 2013-02-23] ()
R2 lxbk_device; C:\Windows\system32\lxbkcoms.exe [537256 2008-02-19] ( )
R2 MCSWASVR; C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [12800 2011-11-23] (Deutsche Telekom AG) [File not signed]
R2 N360; C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [687400 2011-11-04] (Nero AG)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [31920 2012-03-23] ()
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1032192 2009-11-18] (Wave Systems Corp.) [File not signed]
S3 ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [632832 2011-03-21] (Nokia) [File not signed]
R2 SMManager; C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [77312 2009-12-22] (Smith Micro Software, Inc.) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\STacSV.exe [221266 2009-08-01] (IDT, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] () [File not signed]
R2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [1148264 2009-11-24] (Wave Systems Corp.)
R3 TDslMgrService; C:\Program Files\DSL-Manager\DslMgrSvc.exe [294912 2007-11-26] (T-Systems Enterprise Services GmbH) [File not signed]
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4038656 2010-04-16] (Dell Inc.) [File not signed]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
S3 acpials; C:\Windows\System32\DRIVERS\acpials.sys [7680 2009-07-14] (Microsoft Corporation)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [16640 2010-12-30] (Wondershare) [File not signed]
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-04-16] (Broadcom Corporation)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20140821.007\BHDrvx86.sys [1138480 2014-08-19] (Symantec Corporation)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [265800 2010-05-15] (EldoS Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\0604010.00E\ccSetx86.sys [132768 2012-06-07] (Symantec Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-03-23] (Cisco Systems, Inc.) [File not signed]
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2009-10-31] (Broadcom Corporation)
R3 d553bus; C:\Windows\System32\DRIVERS\d553bus.sys [281216 2008-12-19] (MCCI Corporation)
R3 d553card; C:\Windows\System32\DRIVERS\d553card.sys [356352 2008-12-19] (MCCI Corporation)
R3 d553gps; C:\Windows\System32\DRIVERS\d553gps.sys [77352 2009-01-08] (Dell)
R3 d553mdfl; C:\Windows\System32\DRIVERS\d553mdfl.sys [14976 2008-12-19] (MCCI Corporation)
R3 d553mdfl2; C:\Windows\System32\DRIVERS\d553mdfl2.sys [14976 2008-12-19] (MCCI Corporation)
R3 d553mdm; C:\Windows\System32\DRIVERS\d553mdm.sys [365312 2008-12-19] (MCCI Corporation)
R3 d553mdm2; C:\Windows\System32\DRIVERS\d553mdm2.sys [409216 2008-12-19] (MCCI Corporation)
R3 d553nd5; C:\Windows\System32\DRIVERS\d553nd5.sys [25984 2008-12-19] (MCCI Corporation)
R3 d553scard; C:\Windows\System32\DRIVERS\d553scard.sys [49192 2009-04-06] (Dell)
R3 d553unic; C:\Windows\System32\DRIVERS\d553unic.sys [375424 2008-12-19] (MCCI Corporation)
R3 DFSYS; C:\Program Files\T-Home\Dialerschutz-Software\DFSYS.SYS [14624 2009-10-15] (T-Systems International GmbH)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [16448 2007-08-01] (T-Systems Enterprise Services GmbH)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-06-11] (Symantec Corporation)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [57800 2009-10-22] (FTDI Ltd.)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20140901.001\IDSvix86.sys [476888 2014-08-23] (Symantec Corporation)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [28632 2009-09-21] (Intel Corporation ) [File not signed]
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140902.003\NAVENG.SYS [95704 2014-08-24] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140902.003\NAVEX15.SYS [1636696 2014-08-24] (Symantec Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
S3 OVT511Plus; C:\Windows\System32\Drivers\omcamvid.sys [167816 2001-09-18] (OmniVision Technologies, Inc.)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
S3 risdpcie; C:\Windows\system32\DRIVERS\risdpe86.sys [49152 2009-07-01] (REDC)
S3 rixdpcie; C:\Windows\system32\DRIVERS\rixdpe86.sys [38400 2009-07-05] (REDC)
R3 SipIMNDI; C:\Windows\System32\DRIVERS\SipIMNDI.sys [24352 2009-10-15] (T-Systems International GmbH)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [324096 2013-11-06] (Duplex Secure Ltd.)
S3 Spyder3; C:\Windows\System32\DRIVERS\Spyder3.sys [12288 2008-09-08] ()
R3 SRTSP; C:\Windows\System32\Drivers\N360\0604010.00E\SRTSP.SYS [574112 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\0604010.00E\SRTSPX.SYS [32928 2012-07-06] (Symantec Corporation)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-09-10] (Samsung Electronics) [File not signed]
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-21] () [File not signed]
R0 SymDS; C:\Windows\System32\drivers\N360\0604010.00E\SYMDS.SYS [340088 2011-08-16] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\0604010.00E\SYMEFA.SYS [924320 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-08-02] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\0604010.00E\Ironx86.SYS [149624 2011-11-16] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360\0604010.00E\SYMNETS.SYS [318584 2011-11-16] (Symantec Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2011-01-08] (The OpenVPN Project)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2012-05-16] (AnchorFree Inc)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-02-22] (Anchorfree Inc.)
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2010-03-11] (TeamViewer GmbH)
R3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
S3 UDTT2BDA; C:\Windows\System32\Drivers\UDTT2BDA.sys [55040 2006-02-14] (DTV-DVB)
S3 V0770Vid; C:\Windows\System32\DRIVERS\V0770Vid.sys [325376 2012-06-01] (Creative Technology Ltd.)
S3 X86BDA; C:\Windows\System32\DRIVERS\OEMDrv.sys [195712 2011-06-08] ( )
S3 APL531; System32\Drivers\ov550i.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 NvtSp50; System32\Drivers\NvtSp50.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-03 10:09 - 2014-09-03 10:09 - 00049577 _____ () C:\Users\Thomas\Desktop\FRST.txt
2014-09-03 10:07 - 2014-09-03 10:07 - 01096704 _____ (Farbar) C:\Users\Thomas\Desktop\FRST.exe
2014-09-02 17:45 - 2014-09-02 17:45 - 00081268 _____ () C:\Users\Thomas\Desktop\GMER.log
2014-09-02 13:07 - 2014-09-02 13:07 - 00380416 _____ () C:\Users\Thomas\Desktop\Gmer-19357.exe
2014-09-02 12:45 - 2014-09-02 12:45 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Seventh
2014-09-02 12:39 - 2014-09-02 12:40 - 00000584 _____ () C:\Users\Thomas\Desktop\defogger_disable.log
2014-09-02 12:39 - 2014-09-02 12:40 - 00000020 _____ () C:\Users\Thomas\defogger_reenable
2014-09-02 12:38 - 2014-09-02 12:38 - 00050477 _____ () C:\Users\Thomas\Desktop\Defogger.exe
2014-08-30 09:55 - 2014-09-03 00:14 - 00000000 ____D () C:\Users\Thomas\Desktop\Geburtstag Josef
2014-08-30 09:55 - 2014-09-03 00:10 - 00000000 ____D () C:\Users\Thomas\Desktop\KiFePro Kegeln & Badminton
2014-08-28 10:38 - 2014-08-28 10:38 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Oracle
2014-08-28 09:22 - 2014-08-28 09:22 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-28 09:22 - 2014-08-28 09:21 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-28 09:21 - 2014-08-28 09:21 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-28 09:21 - 2014-08-28 09:21 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-28 09:21 - 2014-08-28 09:21 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-28 09:21 - 2014-08-28 09:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Java
2014-08-27 20:05 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 20:05 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-25 20:04 - 2014-08-25 20:04 - 06052529 _____ (Tim Kosse) C:\Users\Thomas\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-23 14:05 - 2014-08-23 14:05 - 00002007 _____ () C:\Users\Thomas\AppData\Local\recently-used.xbel
2014-08-22 01:46 - 2014-08-22 01:47 - 01020120 _____ () C:\Windows\Minidump\082214-46098-01.dmp
2014-08-21 03:47 - 2014-08-21 03:48 - 00420336 _____ () C:\Windows\Minidump\082114-62650-01.dmp
2014-08-21 01:20 - 2014-08-21 01:21 - 00433320 _____ () C:\Windows\Minidump\082114-59982-01.dmp
2014-08-21 01:19 - 2014-08-22 01:46 - 692794621 _____ () C:\Windows\MEMORY.DMP
2014-08-15 08:03 - 2014-09-03 09:35 - 00015064 _____ () C:\Windows\setupact.log
2014-08-15 08:03 - 2014-08-15 08:03 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-15 08:02 - 2014-09-02 17:51 - 00004776 _____ () C:\Windows\PFRO.log
2014-08-14 13:50 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 13:50 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 13:50 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 13:50 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 13:48 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 13:48 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 13:48 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 13:48 - 2014-07-25 15:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 13:48 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 13:48 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 13:48 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 13:48 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 13:48 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 13:48 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 13:48 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 13:48 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 13:48 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 13:48 - 2014-07-25 14:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 13:48 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 13:48 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 13:48 - 2014-07-25 13:59 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 13:48 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 13:48 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 13:48 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 13:48 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 13:48 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 13:48 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 13:48 - 2014-07-25 13:09 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 13:48 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 13:48 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 13:48 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 13:48 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 13:48 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 13:48 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 12:27 - 2014-08-07 03:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 12:27 - 2014-08-07 03:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 12:27 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 12:27 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 12:27 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 12:26 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 12:26 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 12:26 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 12:26 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 12:26 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 12:26 - 2014-07-09 03:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 12:26 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 12:26 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-08-14 12:26 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-14 12:26 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 12:26 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 12:26 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 12:26 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-11 01:41 - 2014-09-01 18:26 - 00000079 _____ () C:\Users\Thomas\Desktop\Testspiel.txt
2014-08-05 23:04 - 2014-08-05 23:07 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-05 23:04 - 2014-08-05 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programme\ Malwarebytes Anti-Malware 
2014-08-05 23:04 - 2014-08-05 23:04 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-05 23:04 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-05 23:04 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-04 23:35 - 2014-08-04 23:35 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Snz
2014-08-04 23:35 - 2014-08-04 23:35 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Sixth
2014-08-04 00:29 - 2014-08-04 00:29 - 06004615 _____ (Tim Kosse) C:\Users\Thomas\Downloads\FileZilla_3.9.0.2_win32-setup.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-03 10:10 - 2014-09-03 10:09 - 00049577 _____ () C:\Users\Thomas\Desktop\FRST.txt
2014-09-03 10:10 - 2013-11-25 01:42 - 00000000 ____D () C:\FRST
2014-09-03 10:09 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\tracing
2014-09-03 10:07 - 2014-09-03 10:07 - 01096704 _____ (Farbar) C:\Users\Thomas\Desktop\FRST.exe
2014-09-03 09:46 - 2009-07-14 06:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-03 09:46 - 2009-07-14 06:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-03 09:44 - 2010-05-17 20:19 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Software Informer
2014-09-03 09:38 - 2012-04-06 12:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-03 09:38 - 2010-05-12 20:22 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-03 09:35 - 2014-08-15 08:03 - 00015064 _____ () C:\Windows\setupact.log
2014-09-03 09:35 - 2011-02-13 11:01 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-09-03 09:35 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-03 09:33 - 2009-07-14 06:55 - 01809065 _____ () C:\Windows\WindowsUpdate.log
2014-09-03 09:28 - 2010-05-12 20:22 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-03 02:02 - 2014-07-02 17:44 - 00000000 ____D () C:\Users\Thomas\Desktop\z_Schauturnen 2014
2014-09-03 01:52 - 2014-07-18 20:29 - 00000000 ____D () C:\Users\Thomas\Desktop\Sportabzeichen 2014
2014-09-03 01:49 - 2014-07-21 21:07 - 00000000 ____D () C:\Users\Thomas\Desktop\kegeln
2014-09-03 01:13 - 2014-04-19 09:26 - 00000000 ____D () C:\Users\Thomas\Desktop\DAV
2014-09-03 01:04 - 2010-04-28 22:13 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\FileZilla
2014-09-03 00:14 - 2014-08-30 09:55 - 00000000 ____D () C:\Users\Thomas\Desktop\Geburtstag Josef
2014-09-03 00:10 - 2014-08-30 09:55 - 00000000 ____D () C:\Users\Thomas\Desktop\KiFePro Kegeln & Badminton
2014-09-02 23:36 - 2010-05-12 20:53 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\XnView
2014-09-02 17:51 - 2014-08-15 08:02 - 00004776 _____ () C:\Windows\PFRO.log
2014-09-02 17:45 - 2014-09-02 17:45 - 00081268 _____ () C:\Users\Thomas\Desktop\GMER.log
2014-09-02 13:53 - 2010-05-14 23:52 - 00000000 ____D () C:\Fotos
2014-09-02 13:07 - 2014-09-02 13:07 - 00380416 _____ () C:\Users\Thomas\Desktop\Gmer-19357.exe
2014-09-02 12:45 - 2014-09-02 12:45 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Seventh
2014-09-02 12:40 - 2014-09-02 12:39 - 00000584 _____ () C:\Users\Thomas\Desktop\defogger_disable.log
2014-09-02 12:40 - 2014-09-02 12:39 - 00000020 _____ () C:\Users\Thomas\defogger_reenable
2014-09-02 12:39 - 2010-04-27 20:18 - 00000000 ____D () C:\Users\Thomas
2014-09-02 12:38 - 2014-09-02 12:38 - 00050477 _____ () C:\Users\Thomas\Desktop\Defogger.exe
2014-09-02 11:17 - 2010-07-08 20:20 - 00000000 ____D () C:\Users\Thomas\AppData\Local\CrashDumps
2014-09-02 00:07 - 2011-11-02 10:20 - 00000600 _____ () C:\Users\Thomas\AppData\Local\PUTTY.RND
2014-09-01 22:52 - 2010-04-16 15:51 - 00006478 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-01 18:26 - 2014-08-11 01:41 - 00000079 _____ () C:\Users\Thomas\Desktop\Testspiel.txt
2014-08-30 10:30 - 2010-05-12 22:53 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\GSAK
2014-08-30 00:38 - 2010-05-13 21:43 - 00000000 ____D () C:\Privat
2014-08-28 10:38 - 2014-08-28 10:38 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Oracle
2014-08-28 10:35 - 2013-10-18 14:45 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-28 09:22 - 2014-08-28 09:22 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-28 09:21 - 2014-08-28 09:22 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-28 09:21 - 2014-08-28 09:21 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-28 09:21 - 2014-08-28 09:21 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-28 09:21 - 2014-08-28 09:21 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-28 09:21 - 2014-08-28 09:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Java
2014-08-28 09:21 - 2010-06-09 07:55 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-08-28 09:21 - 2010-04-16 15:43 - 00000000 ____D () C:\Program Files\Java
2014-08-28 08:29 - 2009-07-14 06:33 - 00487672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-25 20:05 - 2013-08-15 11:24 - 00001731 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-08-25 20:05 - 2013-05-19 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programme\FileZilla FTP Client
2014-08-25 20:05 - 2010-04-28 22:13 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2014-08-25 20:04 - 2014-08-25 20:04 - 06052529 _____ (Tim Kosse) C:\Users\Thomas\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-23 14:06 - 2013-03-11 01:39 - 00000000 ____D () C:\Users\Thomas\.gimp-2.8
2014-08-23 14:05 - 2014-08-23 14:05 - 00002007 _____ () C:\Users\Thomas\AppData\Local\recently-used.xbel
2014-08-23 03:46 - 2014-08-27 20:05 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 02:42 - 2014-08-27 20:05 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 01:47 - 2014-08-22 01:46 - 01020120 _____ () C:\Windows\Minidump\082214-46098-01.dmp
2014-08-22 01:46 - 2014-08-21 01:19 - 692794621 _____ () C:\Windows\MEMORY.DMP
2014-08-22 01:46 - 2010-12-05 22:45 - 00000000 ____D () C:\Windows\Minidump
2014-08-21 22:39 - 2010-06-25 01:56 - 00007652 _____ () C:\Users\Thomas\AppData\Local\Resmon.ResmonCfg
2014-08-21 03:48 - 2014-08-21 03:47 - 00420336 _____ () C:\Windows\Minidump\082114-62650-01.dmp
2014-08-21 01:21 - 2014-08-21 01:20 - 00433320 _____ () C:\Windows\Minidump\082114-59982-01.dmp
2014-08-17 22:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-08-17 21:57 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-15 08:03 - 2014-08-15 08:03 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-14 23:50 - 2013-03-03 18:46 - 00000000 ___RD () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programme\Startup
2014-08-14 23:50 - 2010-06-10 08:24 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Startup
2014-08-14 23:50 - 2010-06-09 07:46 - 00000000 ____D () C:\Windows\pss
2014-08-14 23:23 - 2010-04-29 22:13 - 00000000 ____D () C:\Users\Thomas\AppData\Local\CWSM
2014-08-14 21:44 - 2012-10-14 12:55 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Dropbox
2014-08-14 19:24 - 2010-06-09 07:38 - 00000000 ___RD () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-14 15:49 - 2014-04-30 10:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 15:49 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-14 14:13 - 2013-07-27 20:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 13:55 - 2010-04-28 21:03 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-09 18:13 - 2011-01-05 18:47 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\vlc
2014-08-08 17:24 - 2013-07-22 10:33 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\SCheck
2014-08-07 03:43 - 2014-08-14 12:27 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 03:39 - 2014-08-14 12:27 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 00:10 - 2013-07-22 10:33 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\DataMgr
2014-08-05 23:07 - 2014-08-05 23:04 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-05 23:04 - 2014-08-05 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programme\ Malwarebytes Anti-Malware 
2014-08-05 23:04 - 2014-08-05 23:04 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-05 23:04 - 2013-09-10 13:11 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-08-05 23:04 - 2011-10-30 03:42 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Malwarebytes
2014-08-05 23:04 - 2011-10-30 03:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-05 22:50 - 2009-07-14 06:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-04 23:35 - 2014-08-04 23:35 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Snz
2014-08-04 23:35 - 2014-08-04 23:35 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Sixth
2014-08-04 00:29 - 2014-08-04 00:29 - 06004615 _____ (Tim Kosse) C:\Users\Thomas\Downloads\FileZilla_3.9.0.2_win32-setup.exe

Files to move or delete:
====================
C:\Users\Thomas\CTX.DAT
C:\Users\Thomas\spielbericht_setup.exe


Some content of TEMP:
====================
C:\Users\Thomas\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-28 11:24

==================== End Of Log ============================
         
--- --- ---

--- --- ---
__________________

Alt 03.09.2014, 10:47   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe - Standard

Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe



Addition.txt Logfile bitte auch posten
__________________
Logs bitte immer in CODE-Tags posten

Alt 03.09.2014, 10:51   #5
Thomas08
 
Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe - Standard

Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe



Wo bekomme ich die her? FRST hat mir auf dem Desktop kein Addition.txt erstellt.

Ausführen lies sich FRST übrigens auch nur, nachdem ich Norton deaktiviert habe (und dazu natürlich das Internet getrennt habe), weil der FRST für "gefährlich" hält. Kann es damit zusammenhängen?


Alt 03.09.2014, 10:52   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe - Standard

Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe



Ist ein Fehlalarm.

Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

__________________
--> Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe

Alt 03.09.2014, 11:31   #7
Thomas08
 
Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe - Standard

Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe



Danke, hat funktioniert.

Addition.txt:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-09-2014
Ran by Thomas at 2014-09-03 12:27:07
Running from C:\Users\Thomas\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 Online (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Online (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Online (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 VIDEO DVR (HKLM\...\{EBD0EE76-2CFC-4EE5-AFE6-7EEAA3B14332}) (Version: 2012.04.17 - -)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
ACDSee 5.0 Standard (HKLM\...\{AF5E8D43-49AD-4BE7-A941-2BB0A8CACA62}) (Version: 5.0.0 - ACD Systems Ltd)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Community Help (Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
Adobe Digital Editions (HKLM\...\Digital Editions) (Version:  - )
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.08) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
AFPL Ghostscript 7.33 (HKLM\...\AFPL Ghostscript 7.33) (Version:  - )
AFPL Ghostscript Fonts (HKLM\...\AFPL Ghostscript Fonts) (Version:  - )
AKVIS Noise Buster (HKLM\...\{C9EC7502-3B5F-4A27-BF88-6002F556CDAF}) (Version: 8.0.2682.7927 - AKVIS)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
AquaSoft "DiaShow 6 für YouTube" (HKLM\...\{7EB405E9-073D-4407-B70A-40F047766C03}_is1) (Version: 6.6.2.31049 - AquaSoft GmbH)
AquaSoft "DiaShow 7 für YouTube" (HKLM\...\{9DFDD0C5-5AC1-484B-ACF8-0F3E1041750B}_is1) (Version: 7.7.11.35343 - AquaSoft GmbH)
AquaSoft DiaShow 6 for YouTube (HKLM\...\AquaSoft DiaShow 6 for YouTube) (Version: 6.6.01 - AquaSoft)
AquaSoft DiaShow 6 for YouTube (Version: 6.6.01 - AquaSoft) Hidden
AquaSoft DiaShow 7 Ultimate (HKLM\...\AquaSoft DiaShow 7 Ultimate) (Version: 7.7.11 - AquaSoft)
AquaSoft DiaShow 7 Ultimate (Version: 7.7.11 - AquaSoft) Hidden
AquaSoft DiaShow 8 Ultimate (HKLM\...\AquaSoft DiaShow 8 Ultimate) (Version: 8.4.03 - AquaSoft)
AquaSoft DiaShow 8 Ultimate (Version: 8.4.03 - AquaSoft) Hidden
AquaSoft DiaShow Deluxe 6 (HKLM\...\AquaSoft DiaShow Deluxe 6) (Version: 6.6.01 - AquaSoft)
AquaSoft DiaShow Deluxe 6 (Version: 6.6.01 - AquaSoft) Hidden
AquaSoft DiaShow XP five (HKLM\...\AquaSoft DiaShow XP five) (Version:  - AquaSoft)
AquaSoft DiaShow XP five (Version: 5.7.03 - AquaSoft) Hidden
AquaSoft Earth Pilot (HKLM\...\AquaSoft Earth Pilot) (Version: 7.2.04 - AquaSoft)
AquaSoft Earth Pilot (Version: 7.2.04 - AquaSoft) Hidden
AquaSoft PhotoFlash 2 (HKLM\...\AquaSoft PhotoFlash 2) (Version:  - AquaSoft)
AquaSoft PhotoFlash 2 (Version: 2.0.08 - AquaSoft) Hidden
AquaSoft ScreenShow 2 (HKLM\...\AquaSoft ScreenShow 2) (Version:  - AquaSoft)
AquaSoft ScreenShow 2 (Version: 2.2.04 - AquaSoft) Hidden
AquaSoft WebShow 3 (HKLM\...\AquaSoft WebShow 3) (Version:  - AquaSoft)
AquaSoft WebShow 3 (Version: 3.2.08 - AquaSoft) Hidden
AquaSoftware Eyedestructor 1.501 (HKLM\...\AquaSoftware Eyedestructor 1.501) (Version: 1.501 - AquaSoftware)
Arbeitszeugnis,  Version 2.95 (HKLM\...\{2FAAECD0-1929-11DA-6784-006853A418BE}) (Version: 2.95 - ZIEL GmbH, Tutzing)
ArcSoft PhotoImpression 6 (HKLM\...\{063E409E-3D7C-4A4A-95AB-2F124B9224B3}) (Version: 6.1.8.146 - ArcSoft)
Audacity 2.0 (HKLM\...\Audacity_is1) (Version:  - Audacity Team)
Auerswald COMlist 2.5.2 (HKLM\...\{F7B74F3E-8B6C-4826-802E-B907BAAE4E4B}) (Version: 2.5.2 - Auerswald GmbH & Co.KG)
Auerswald COMset 2.7.2 (HKLM\...\{B1D2A138-D53E-4D3F-B547-EA2277007746}) (Version: 2.7.2 - Auerswald GmbH & Co.KG)
Auerswald COMtools 2.3.2 (HKLM\...\{CEDE5E8A-37C3-40C7-8F9C-7D0E70DA0C9E}) (Version: 2.3.2 - Auerswald GmbH & Co.KG)
Auerswald D-Kanal Dekoder 2.3.1 Beta (HKLM\...\{FD13E4C2-46BF-4A25-AC78-1390EB55F2BB}) (Version: 2.3.1 Beta - Auerswald GmbH & Co.KG)
Auerswald UNI TSP Treiber (HKLM\...\Auerswald UNI TSP Treiber) (Version:  - )
Auslogics BoostSpeed (HKLM\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 5.5 - Auslogics Software Pty Ltd)
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.4.0 - Auslogics Labs Pty Ltd)
Babylon (HKLM\...\Babylon) (Version:  - Babylon)
bcTester 4.8 (de) (HKLM\...\{DCA0A35D-30F1-4ED0-971F-5FFD2F60BB08}) (Version: 1.0.0 - QS QualitySoft GmbH)
Bing-Desktop (HKLM\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.466.0 - Microsoft Corporation)
BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Cisco Configuration Professional (HKLM\...\{29342492-9F4F-4089-866A-10D801B610FD}) (Version: 1.2 - Cisco Systems)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco Packet Tracer 5.3 (HKLM\...\Cisco Packet Tracer 5.3_is1) (Version:  - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}) (Version: 5.0.6 - Cisco Systems, Inc.)
Cisco WebEx Meeting Center für Firefox oder Chrome (HKLM\...\{78A04242-B25C-401E-AB57-5F6FCF52A84F}) (Version: 8.29.3207 - Cisco WebEx LLC)
Cisco WebEx Meeting Center für Internet Explorer (HKLM\...\{2E29B1BA-5CBB-4863-8291-C6B31AFAEBDC}) (Version: 8.29.3207 - Cisco WebEx LLC)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM\...\{307ECD26-43D7-4AD4-82CF-794B63EDF096}) (Version: 1.0.141 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version: 7.80.4.0 - Conexant)
CrystalDiskInfo 5.6.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 5.6.2 - Crystal Dew World)
Data Sync (HKLM\...\{A4DCAA77-151D-4CE9-8D79-E4ADB48031A2}) (Version: 6.74.14.01 - T-Mobile)
DCP32MMWrapper (Version: 1.6.453.66 - Broadcom Corporation) Hidden
Deaktivierungs-Add-on für Browser von Google Analytics (HKLM\...\{4983285C-1314-4BC1-9413-E7BA60E34120}) (Version: 0.9.6.0 - Google Inc.)
Defraggler (HKLM\...\Defraggler) (Version: 2.14 - Piriform)
Dell 5530 Wireless Broadband Package (HKLM\...\{2DCEFEFF-7831-4D79-BC28-11D1B8D7E076}) (Version: 1.0.11.13 - Dell)
Dell Control Point (Version: 1.6.453.66 - Broadcom Corporation) Hidden
Dell ControlPoint Connection Manager (HKLM\...\{284D3B99-E8F5-4411-A7DD-7072EFCF3A46}) (Version: 1.4.0 - Ihr Firmenname)
Dell ControlPoint Security Manager (HKLM\...\{F4487649-7368-4217-AEA3-1E04DB3E2C5C}) (Version: 1.6.453.66 - Dell Inc.)
Dell ControlPoint System Manager (HKLM\...\{057159C5-3B94-4E36-9271-11615618CACE}) (Version: 1.4.00000 - Dell Inc.)
Dell ControlVault Host Components Installer (Version: 1.7.450.290 - Broadcom Corporation) Hidden
Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Embassy Trust Suite by Wave Systems (Version: 03.05.00.079 - Wave Systems Corp) Hidden
Dell Security Device Driver Pack (HKLM\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.4.050 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.2.101.230 - ALPS ELECTRIC CO., LTD.)
Designer 2.0 (HKLM\...\Designer 2.0_is1) (Version: 7.8.2 - Fomanu AG)
DHL Versandhelfer (HKLM\...\{93B104F0-1AFA-4BBD-B95E-9EA4F9F5AD41}) (Version:  - )
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Document Manager Lite (Version: 06.09.00.147 - Ihr Firmenname) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
DSL-Manager (HKLM\...\{90A455A7-0FC8-4508-B7FA-8F135B8F041A}) (Version:  - )
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.18.44 - Dell Inc.)
Elements 10 Organizer (Version: 10.0 - Ihr Firmenname) Hidden
ElsterFormular (HKLM\...\ElsterFormular) (Version: 14.3.11574 - Landesfinanzdirektion Thüringen)
ElsterFormular 2006/2007 (HKLM\...\{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}) (Version: 8.3.0.0 - Steuerverwaltung des Bundes und der Länder)
ElsterFormular 2007 - 2008 NE (HKLM\...\ElsterFormular 2007 - 2008 NE 2007-2008) (Version: 2007-2008 - Landesfinanzdirektion Thüringen)
ElsterFormular 2008 - 2009 (HKLM\...\ElsterFormular 2008 - 2009 2008-2009) (Version: 2008-2009 - Landesfinanzdirektion Thüringen)
EMBASSY Security Center (Version: 04.00.00.071 - Ihr Firmenname) Hidden
EMBASSY Security Setup (Version: 04.00.00.058 - Ihr Firmenname) Hidden
ESC Home Page Plugin (Version: 04.00.00.010 - Ihr Firmenname) Hidden
Eumex 800 V1.30 (HKLM\...\InstallShield_{FACE9D51-E374-4DDB-857C-816FCB1D6B40}) (Version: 1.30.0000 - T-Home)
Eumex 800 V1.30 (Version: 1.30.0000 - T-Home) Hidden
Eumex RNDIS Driver V1.00 (HKLM\...\{343D7D01-B6D6-4591-B91D-8C887B9FC112}) (Version: 1.00.0000 - Ihr Firmenname)
Exifer (HKLM\...\Exifer_is1) (Version:  - Friedemann Schmidt)
FileZilla Client 3.9.0.3 (HKLM\...\FileZilla Client) (Version: 3.9.0.3 - Tim Kosse)
FixFoto 3.02 (HKLM\...\FixFoto_is1) (Version:  - Joachim Koopmann Software)
FotoMorph version 13.2.5 (HKLM\...\{87A9A094-22A8-4F8A-9B7D-03D7CA48CE15}_is1) (Version: 13.2.5 - Digital Photo Software)
Free Download Manager 3.0 (HKLM\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Free DVD Video Burner version 3.2.7.1219 (HKLM\...\Free DVD Video Burner_is1) (Version: 3.2.7.1219 - DVDVideoSoft Ltd.)
Free PDF Converter (HKLM\...\Free PDF Converter_is1) (Version:  - Baltsoft)
Free Video Converter (HKLM\...\Free Video Converter) (Version: 1.0.1.4 - Extensoft)
Free Video to MP3 Converter version 5.0.30.1029 (HKLM\...\Free Video to MP3 Converter_is1) (Version: 5.0.30.1029 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.41.623 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.41.623 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.8.717 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.8.717 - DVDVideoSoft Ltd.)
Freemake Music Box (HKLM\...\Freemake Music Box_is1) (Version: 1.0.0 - Ellora Assets Corporation)
FRITZ!Box (HKLM\...\AVMFBox) (Version:  - )
Garmin POI Loader (HKLM\...\{8A158B7D-A6E3-49B6-8702-A6A10CCC6323}) (Version: 2.7.1 - Garmin Ltd or its subsidiaries)
Garmin Trip and Waypoint Manager v5 (HKLM\...\{414A373B-59DF-4102-94CA-9FE9A74CBDDA}) (Version: 5.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{D17111CB-C992-42A9-9D56-C19395102AAA}) (Version: 2.4.2 - Garmin Ltd or its subsidiaries)
Gemalto (Version: 01.01.00.0000 - Wave Systems Corp) Hidden
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
GNS3 0.7.4 (HKLM\...\GNS3) (Version: 0.7.4 - )
GNS3 VirtualBox Edition (HKLM\...\GNS3 VirtualBox Edition_is1) (Version:  - )
Google Advertising Cookie Opt-out (HKLM\...\{291820D0-A626-40F9-BDFF-8D5CEAB04243}) (Version: 1.0.1.0 - Google Inc)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Chrome Frame (HKLM\...\{CD4ABC29-0547-388C-B8BC-EF88333E5C2E}) (Version: 65.119.72 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 5.9.0.1216 (HKCU\...\GoToMeeting) (Version: 5.9.0.1216 - CitrixOnline)
GSAK 8.4.0.0 (HKLM\...\GSAK_is1) (Version:  - CWE computer services)
GutscheinRausch.de - AddOn für Firefox (HKLM\...\{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1) (Version: 2.81 - GutscheinRausch.de)
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
honestech VHS to DVD 2.0 SE (HKLM\...\{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}) (Version: 2.0 - honestech)
Hotspot Shield 2.88 (HKLM\...\HotspotShield) (Version: 2.88 - AnchorFree)
Hotspot Shield Toolbar (HKLM\...\Hotspot_Shield Toolbar) (Version: 6.8.9.0 - Hotspot Shield) <==== ATTENTION
HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät (HKLM\...\{8CA7DA5E-B8BD-4E9F-A6F2-BAF53D503498}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Hilfe (HKLM\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
Inkscape 0.48.0 (HKLM\...\Inkscape) (Version: 0.48.0 - )
Inpaint 5.0 (HKLM\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version:  - Teorex)
inSSIDer (HKLM\...\{65A5E87D-7A3F-4819-807D-B86990D5F369}) (Version: 2.1.6 - MetaGeek)
inSSIDer (HKLM\...\{C7DEE429-4C9B-4126-894F-50B4F54FF196}) (Version: 1.2.8 - MetaGeek, LLC)
inSSIDer 3 (HKLM\...\{CDF246AE-C6E3-438F-AA76-21700DCC15F6}) (Version: 3.0.6.42 - MetaGeek, LLC)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel(R) Network Connections 14.6.9.0 (HKLM\...\PROSetDX) (Version: 14.6.9.0 - Dell)
Intel(R) Network Connections 14.6.9.0 (Version: 14.6.9.0 - Dell) Hidden
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Internet Explorer (Version: 9 - Microsoft Corporation) Hidden
Internet-TV für Windows Media Center (HKLM\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
JLC's Internet TV (HKLM\...\JLC's Internet TV) (Version:  - )
JRE 1.6.1 (HKLM\...\{B256C380-AC47-4681-8342-7F42E4F0F434}) (Version: 1.6.1 - Auerswald GmbH & Co.KG)
KaraokeMedia Home PC (Version: 1.0.0 - ECLIPSE PRODUCCIONES S.L) Hidden
Kastor Free Vimeo Downloader V 2.0 (HKLM\...\Kastor Free Vimeo Downloader_is1) (Version: 2.0.0.0 - KastorSoft)
K-Lite Codec Pack 10.2.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.2.0 - )
Konz 2013 (HKLM\...\InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM)
Konz 2013 (Version: 1.00.0000 - USM) Hidden
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
LG NAS Installation Wizard (HKLM\...\{8F1D1ADF-E009-4654-AD7A-C82D3D4606B3}) (Version: 1.0.1111.0401 - LG Electronics Inc.)
LG NASMonitor (HKLM\...\{ED1A63BB-5646-4BF9-BD2F-7CDDFE24FE78}) (Version: 1.00.0000 - LG Electronics Inc.)
Live! Cam Sync HD VF0770 Driver (1.00.02.00) (HKLM\...\Creative VF0770) (Version:  - Creative Technology Ltd.)
LogMeTT 2.9.9 (HKLM\...\{482A01F8-A9C9-4DB6-84DE-265A2B763F20}_is1) (Version:  - LogMeTT.com)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Media Buddy 1.7.1 (HKLM\...\{AD98E3F2-3AC5-47f1-8DD3-473BF3AF3D3E}_is1) (Version:  - Ramka Ltd.)
Mediencenter 3.2.0.1004 (HKCU\...\Mediencenter) (Version: 3.2.0.1004 - Deutsche Telekom AG)
Mediencenter Assistent (HKLM\...\Mediencenter Software) (Version: 2.6.0.1277 - Telekom)
Medienkatalog Landesmediendienste Bayern (HKLM\...\{96E9847F-EE8A-4C31-9094-0688E1A339BE}) (Version: 1.00.0000 - Landesmediendienste Bayern)
Meine CEWE FOTOWELT (HKLM\...\Meine CEWE FOTOWELT) (Version:  - )
Meine Dienste Software (HKLM\...\Meine Dienste Software) (Version: 1.0.2.3 - Telekom)
MFC RunTime files (Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft FrontPage 2000 (HKLM\...\{00120407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95120000-0122-0409-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Office Small Business Edition 2003 (HKLM\...\{91CA0407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Picture It! 2000 (HKLM\...\{E78FC917-C21B-11D2-99FE-00105A98B681}) (Version: 4.0.0.0 - Microsoft)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE) (Version:  - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (Version: 2.0.50728 - Microsoft Corporation) Hidden
Microsoft Works 2000 (HKLM\...\{56364334-9530-11D2-BFFC-00C04FA329AA}) (Version: 1.0.0.0000 - Microsoft Corporation)
Microsoft Works 2000-Setup-Start (HKLM\...\Works2kSetup) (Version:  - )
Microsoft Works 6-9 Converter (HKLM\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0000 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0407-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
Modem Diagnostic Tool (HKLM\...\{294EAADF-E50F-4DD8-AD8D-19587EA10512}) (Version: 1.0.28.0 - Dell)
MovieSaver*3.0 (HKLM\...\{F30787F6-EA4F-4BC8-0001-398BDCC33E1E}) (Version: 3.0.11.1100 - Engelmann Media GmbH)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MPEG4E VFW - H.264/MPEG-4 AVC codec (remove only) (HKLM\...\MPEG4E) (Version:  - )
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero BackItUp 10 (HKLM\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.6.11300.14.100 - Nero AG)
Nero BackItUp 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero BackItUp and Burn Essentials (HKLM\...\{C6A5D6E2-19B4-4005-9670-C4D36C3AD55A}) (Version: 10.5.10200 - Nero AG)
Nero BurnRights 10 (HKLM\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10500.1.102 - Nero AG)
Nero BurnRights 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero Control Center 10 (Version: 10.2.11100.1.1 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero Core Components 10 (Version: 2.0.17800.8.5 - Nero AG) Hidden
Nero Express 10 (HKLM\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.11500.17.100 - Nero AG)
Nero Express 10 Help (CHM) (Version: 10.5.10200 - Nero AG) Hidden
Nero RescueAgent 10 (HKLM\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.2.10800.9.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero Update (Version: 11.0.11400.27.0 - Nero AG) Hidden
Nettalk 6.7 (HKLM\...\Nettalk_is1) (Version:  - Nicolas Kruse)
Netwaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.59 - BVRP Software, Inc)
Netzmanager (HKLM\...\Netzmanager) (Version: 1.081 - Deutsche Telekom AG)
Netzmanager (Version: 1.081 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
Nmap 5.51 (HKLM\...\Nmap) (Version:  - )
No23 Recorder (HKLM\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
Noiseware Community Edition (HKLM\...\{CB3B7C24-30A1-4961-8039-94919F5ED2EE}) (Version: 2.6.0.1 - Imagenomic)
Nokia Connectivity Cable Driver (HKLM\...\{25CFEF55-A945-41FC-86ED-76469F31DF37}) (Version: 7.1.41.0 - Nokia)
Nokia Music Player (HKLM\...\{4FCB1267-7380-4EBA-9A6C-69809C6E8227}) (Version: 2.5.11021 - Nokia Music Player)
Nokia Ovi Suite (HKLM\...\Nokia Ovi Suite) (Version: 2.2.0.245 - Nokia)
Nokia Ovi Suite (Version: 2.2.0.245 - Nokia) Hidden
Nokia Ovi Suite Software Updater (HKLM\...\{A0D65C73-F2C5-432F-8788-90F8A2E99B98}) (Version: 02.05.002.42441 - Nokia Corporation)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.60.0 - Nokia)
Nokia PC Suite (Version: 7.1.60.0 - Nokia) Hidden
Nokia Software Updater (HKLM\...\{73C0DA51-DB32-4F66-970B-7298F3CAF37F}) (Version: 02.05.001.42279 - Nokia Corporation)
Nokia_Multimedia_Common_Components_2_5 (HKLM\...\{25F61E72-AAA4-4607-95D2-1E5139C98FFB}) (Version: 2.7.69 - Nokia)
Norton 360 (HKLM\...\N360) (Version: 6.4.1.14 - Symantec Corporation)
NTRU TCG Software Stack (Version: 2.1.29 - NTRU Cryptosystems) Hidden
ODBC (HKLM\...\ODBC) (Version:  - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Ovi Desktop Sync Engine (Version: 1.4.78.0 - Nokia) Hidden
OviMPlatform (Version: 2.6.195.0 - Nokia) Hidden
PagePlace (HKLM\...\PagePlace) (Version:  - )
Pass4sure Questions and Answers for Cisco 640-802 (HKLM\...\{6B1735C1-0B7E-45D7-B5C3-A5B853734A95}) (Version: 9.4.13241 - Pass4sure)
PC Connectivity Solution (HKLM\...\{4B28C077-9958-45F1-8BB4-CBF90A69AD4E}) (Version: 11.4.15.0 - Nokia)
PDF Architect (HKLM\...\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}) (Version: 1.0.52.8917 - pdfforge)
PDF24 Creator 5.3.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Pdf995 (HKLM\...\Pdf995) (Version:  - )
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)
pdfforge Images2PDF 0.9.2.546 (HKLM\...\{00120495-F25C-4F44-9DC7-2D812D025DBA}) (Version: 0.9.2.546 - pdfforge GbR)
pdfforge Toolbar v4.6 (HKLM\...\{E6098043-1183-4580-89EF-423CBF807188}) (Version: 4.6 - Spigot, Inc.) <==== ATTENTION
PDF-XChange Editor (HKLM\...\{87738bc6-bdf0-4e55-86b5-32ddece8f51d}) (Version: 5.5.308.2 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Editor (Version: 5.5.308.2 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Lite 2012 (HKLM\...\{AD09CC9A-6901-4921-B66D-9402FF32EF27}_is1) (Version: 5.5.308.2 - Tracker Software Products Ltd)
phonostar-Player Version 3.03.2 (HKLM\...\phonostar3RadioPlayer_is1) (Version:  - )
Photomatix Pro version 3.2.5 (HKLM\...\PhotomatixPro3x32_is1) (Version: 3.2.5 - HDRsoft Sarl)
PiccShare (HKCU\...\PiccShare) (Version: 2.0 - HTTO Group Ltd)
Pixum Fotobuch (HKLM\...\Pixum Fotobuch) (Version: 5.0.1 - CEWE COLOR AG u Co. OHG)
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.00.000 - Prolific Technology INC)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
Preboot Manager (Version: 03.00.00.085 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 06.04.00.057 - Ihr Firmenname) Hidden
Protect Disc License Helper 1.0.125 (IE) (HKCU\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PSE10 STI Installer (Version: 10.0 - Adobe Systems Incorporated) Hidden
Python 2.6.6 (HKLM\...\{6151cf20-0bd8-4023-a4a0-6a86dcfe58e5}) (Version: 2.6.6150 - Python Software Foundation)
QIP 2010 3.1.5890 (HKCU\...\QIP 2010) (Version: 3.1.5890 - )
RealDownloader (HKLM\...\{0B2D57D5-8BFD-4554-A9B6-CC8CC0580F1D}) (Version: 1.1.0 - RealNetworks, Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.41 - Piriform)
Roxio Creator Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
Roxio Creator DE 10.3 (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.2 - Roxio) Hidden
Roxio Update Manager (Version: 6.0.0 - Roxio) Hidden
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SanDiskSecureAccess_Manager.exe (HKCU\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19755 - Gemalto N.V.)
Scribus 1.3.8 (HKLM\...\Scribus 1.3.8) (Version: 1.3.8 - The Scribus Team)
Security Wizards (Version: 01.07.00.023 - Ihr Firmenname) Hidden
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SO32MMWrapper (Version: 1.6.453.66 - Broadcom Corporation) Hidden
SoftMaker Office 2008 (C:\Program Files\SoftMaker Office 2008) (HKLM\...\sm-un1.u32) (Version:  - SoftMaker Software GmbH)
Software Informer 1.0 BETA (HKLM\...\Software Informer_is1) (Version:  - Informer Technologies, Inc.)
Sony Ericsson MD400 Wireless Modem (HKLM\...\{EC2CE4B8-AA11-4A11-B494-FCF248A24BDC}) (Version: 4.50.0.0 - Sony Ericsson)
Sony Ericsson Wireless Manager 5 (HKLM\...\{D2C6DAC2-6AB2-4749-8AAF-538AFF5A981A}) (Version: 5.3.2076.12 - Sony Ericsson)
Sportwinner! Kegeln Spielbericht (HKLM\...\{E39396F6-CA9D-40B8-972B-527879548A9E}_is1) (Version: 5.0.574 - Sportwinner Software)
Sportwinner! Spielbericht Classic 2.2 (HKLM\...\{E47B3433-C366-40C1-B8BE-1F7894C4A2BC}_is1) (Version: 2.2.8.007 - Sportwinner Software)
Spyder3Express (HKLM\...\Spyder3Express) (Version:  - )
Stellarium 0.10.4 (HKLM\...\Stellarium_is1) (Version:  - )
Steuer 2012 (HKLM\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
t@x 2011 (HKLM\...\{B0414A3B-3AE3-47B8-8FC0-2129781FF425}) (Version: 18.00.6928 - Buhl Data Service GmbH)
t@x 2012 (HKLM\...\{0E806605-5B82-4A4F-BC31-AA4FADA03C42}) (Version: 19.00.7303 - Buhl Data Service GmbH)
t@x 2014 (HKLM\...\{2547CF96-DBB7-4EDD-9327-0EFDD0D1FA8A}) (Version: 21.00.8480 - Buhl Data Service GmbH)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
Telekom Fotoservice (HKLM\...\Telekom Fotoservice) (Version:  - )
Tera Term 4.71 (HKLM\...\Tera Term_is1) (Version:  - )
T-Home Dialerschutz-Software (HKLM\...\{E8C5BD56-F5D8-41D3-8A71-273468FE256A}) (Version:  - )
T-Online 6.0 (HKLM\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version:  - )
T-Online WLAN-Access Finder (HKLM\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version:  - )
Top50 Viewer (HKLM\...\DeInst_d2vexcrdTop50 Viewer (Build 1.0.5.388)) (Version:  - )
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.51a - Ghisler Software GmbH)
Total Network Monitor 1.1.3 (build 1550) (HKLM\...\Total Network Monitor_is1) (Version: 1.1.3.1550 - Softinventive Lab Inc.)
Trusted Drive Manager (Version: 3.3.0.396 - Wave Systems Corp.) Hidden
TTLEditor 1.2.1 (HKLM\...\{A1BFEB7F-3126-4F60-9CFD-8D4FC1B87BEB}_is1) (Version:  - LogMeTT.com)
UFRaw 0.17 (HKLM\...\UFRaw_is1) (Version:  - Udi Fuchs)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
UPEK TouchChip Fingerprint Reader (Version: 1.2.0 - Dell Inc.) Hidden
Urwigo (HKCU\...\d3b4051a8f45e697) (Version: 1.20.0.141 - Urwigo)
Visual C++ 9.0 CRT (x86) WinSXS MSM (Version: 9.0 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wartung Samsung CLP-320 Series (HKLM\...\Samsung CLP-320 Series) (Version:  - Samsung Electronics Co., Ltd.)
Wave Infrastructure Installer (Version: 07.01.19.0000 - Wave Systems Corp) Hidden
Wave Support Software (Version: 05.10.00.062 - Ihr Firmenname) Hidden
WEB.DE MultiMessenger (HKLM\...\WEB.DE MultiMessenger) (Version: 3.70.2816 - WEB.DE GmbH)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.100 - Broadcom Corporation)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8118.427 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Media Center Add-in for Silverlight (HKLM\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.8) (HKLM\...\E5372C32E8562C76C24DBA6525002B1031495F34) (Version: 06/09/2010 7.01.0.8 - Nokia)
Windows-Treiberpaket - Nokia Modem  (10/07/2010 4.6) (HKLM\...\6DA48AFDE796708D5A4C9121A83E7617A63A9A15) (Version: 10/07/2010 4.6 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Wireshark 1.6.3 (HKLM\...\Wireshark) (Version: 1.6.3 - The Wireshark developer community, hxxp://www.wireshark.org)
WordToPDF 2.9 (HKLM\...\WordToPDF_is1) (Version: 2.9 - Mario Noack)
XAMPP (HKLM\...\xampp) (Version: 1.8.3-4 - Bitnami)
XMind 2012 (v3.3.1) (HKLM\...\XMind_is1) (Version: 3.3.1.201212250029 - XMind Ltd.)
XnView 2.04 (HKLM\...\XnView_is1) (Version: 2.04 - Gougelet Pierre-e)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{0295691A-D674-4904-805C-BDFE165B771B}\localserver32 -> C:\Program Files\SoftMaker Office 2008\TextMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{0AF398C8-E8E1-3f76-048e-f571fdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{0CD1A340-7FAB-e957-ec61-dfe7fdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{0E7589F8-3F4A-96f7-9eb0-536cfdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{109D12C4-4EB6-3087-a122-088bfdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{14F94215-CA07-4CA0-B451-E5D78B68CC58}\InprocServer32 -> C:\Users\Thomas\AppData\Roaming\ProtectDisc\License Helper v2\PDLicenseHelper.dll (Protect Disc GmbH)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{17A833B2-F647-bf85-4b5a-5359fdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{2EE319C4-8593-7585-c5c3-e6fcfdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{30291A01-707C-11d0-B457-4446490043BF}\localserver32 -> C:\Program Files\SoftMaker Office 2008\TextMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\ProgramData\WebEx\WebEx\1224\atucfobj.dll (Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{3801CA43-C9A5-70d8-4de3-8ca8fdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{3A952499-3A8C-e7a4-3247-bb3bfdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{4735E322-568B-bede-1b74-b74ffdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{4C735EC7-E94E-f34a-1161-113efdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{4C756328-2F47-451b-c7f6-4cd5fdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{4CC24160-A50F-bfce-e8eb-7759fdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}\InprocServer32 -> C:\Users\Thomas\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{55cbb4a1-515f-5947-9e5e-931ec3e954ea}\InprocServer32 -> C:\Program Files\PagePlace\npPagePlaceStarter.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}\InprocServer32 -> C:\Users\Thomas\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{65027E39-AEAF-7f8d-f1d6-97e6fdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{6E38DC65-4180-bb0c-3eaf-33b6fdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{71B4EE53-E932-1aed-6231-e750fdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}\InprocServer32 -> C:\Users\Thomas\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1216\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{8A291A46-46B3-61fd-1f38-3563fdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{8E932745-E80C-700c-fa66-132afdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{9dc26434-2a46-4bbe-9056-064b0332e30d}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{AACA9EA2-6F92-00a8-6d06-8ad4fdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{bf608490-5373-11d0-8efb-4446490043bf}\localserver32 -> C:\Program Files\SoftMaker Office 2008\TextMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{F6D87F96-D010-e9a4-905c-c7fffdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{F78FB21B-A447-4d72-4938-bec9fdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{FDECAF97-6F7B-1cb5-a796-c627fdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{FF9D234C-A355-434E-893A-CCA6F40EC29D}\localserver32 -> C:\Users\Thomas\AppData\Roaming\ProtectDisc\License Helper v2\PDLicenseHelperBroker.exe (Protect GmbH)

==================== Restore Points  =========================

27-08-2014 18:05:56 Windows Update
28-08-2014 07:18:56 Installed Java 7 Update 67

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {031657FD-5920-438F-952E-1197BBDDB8AF} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {11E1F26A-7526-4A67-9EF2-C94917408416} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\6.4.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {21861499-90D6-4945-B795-3996158B8100} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-570751628-918466799-1238080868-1001 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2012-03-23] (RealNetworks, Inc.)
Task: {2688E3A7-7B43-4D86-A793-1B173D1C3BAA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {391C1F85-B0F9-4E65-909A-934330812CB1} - System32\Tasks\Launch 16887 => C:\Program Files\T-Mobile\Data Sync\Voxsync.exe [2011-11-18] ()
Task: {465B2053-680B-477D-B7BC-26CB81C0AE78} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {6BEE6D14-F2E5-4793-A239-ECA5EA761C63} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-570751628-918466799-1238080868-1001 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2012-03-23] (RealNetworks, Inc.)
Task: {801E8B8D-812D-4C5C-BC0E-2A9C9EF90272} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-570751628-918466799-1238080868-1001 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2012-03-23] (RealNetworks, Inc.)
Task: {821435E9-4802-472A-9294-1104D148EA33} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {8FD3795C-95E0-4A8C-B3F7-94AA8DD62BED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-12] (Google Inc.)
Task: {A15B6DF8-8CBE-4B3A-B639-7A649303BA0B} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {BA11644D-D0A6-423B-82B0-E120352B4237} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\6.4.1.14\WSCStub.exe [2013-02-02] (Symantec Corporation)
Task: {C08B4FC5-D181-4E04-8225-3F9C97729248} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\6.4.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {C22AE53B-6B85-4111-966D-F2D9F46090F0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-12] (Google Inc.)
Task: {CC2259B4-C9F0-41C0-A29D-2D276794E4D2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {D77F7426-113C-4629-B4BA-0505EE95F6BC} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {D83058F4-D882-413B-856F-B4521204102F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {E012B980-D2C5-4973-9F01-F0042663B099} - System32\Tasks\JavaUpdateSched => C:\Windows\System32\jusched.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

1997-03-04 00:00 - 1997-03-04 00:00 - 00022016 _____ () C:\Windows\system32\docobj.dll
2008-10-14 16:47 - 2008-10-14 16:47 - 00106496 ____R () C:\Program Files\Sony Ericsson\Sony Ericsson MD400 Wireless Modem\wwanSvc.exe
2010-04-16 15:50 - 2010-04-16 15:50 - 00026112 _____ () C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
2010-04-28 21:41 - 2010-04-28 21:41 - 00051716 _____ () C:\Windows\System32\pdf995mon.dll
2011-06-21 08:42 - 2011-06-21 08:42 - 00024064 _____ () C:\Windows\System32\sst3cl3.dll
2014-01-23 02:42 - 2013-10-17 17:32 - 00019448 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\TeamViewer_PrintProcessor.dll
2009-12-22 11:21 - 2009-12-22 11:21 - 00128512 _____ () C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMBIOSController.dll
2009-12-22 11:16 - 2009-12-22 11:16 - 00356352 ____R () C:\Program Files\Dell\Dell ControlPoint\Connection Manager\wmcoreapi-c.dll
2009-12-22 11:23 - 2009-12-22 11:23 - 01211904 _____ () C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMILANDW.dll
2010-03-23 14:26 - 2010-03-23 14:26 - 00201512 _____ () C:\Windows\system32\vpnapi.dll
2013-02-23 03:32 - 2013-02-23 03:32 - 00702248 _____ () C:\Program Files\Hotspot Shield\bin\af_proxy.dll
2013-02-23 03:33 - 2013-02-23 03:33 - 00389928 _____ () C:\Program Files\Hotspot Shield\bin\hsswd.exe
2014-08-13 16:09 - 2014-08-13 16:09 - 00035328 _____ () C:\Programme\FileZilla FTP Client\fzshellext.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00091648 _____ () C:\Programme\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00892416 _____ () C:\Programme\FileZilla FTP Client\libstdc++-6.dll
2010-10-19 09:31 - 2010-10-19 09:31 - 00159744 _____ () C:\Program Files\Netzmanager\NMInfraIS2\driver\SoftplugLib.DLL
2012-03-23 12:31 - 2012-03-23 12:31 - 00031920 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2010-07-04 23:32 - 2010-07-04 23:32 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2010-07-04 23:32 - 2010-07-04 23:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2010-05-12 20:53 - 2011-06-21 09:09 - 01662976 _____ () C:\Program Files\XnView\ShellEx\XnViewShellExt.dll
2009-11-19 15:48 - 2009-11-19 15:48 - 00278528 _____ () C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\ContextMenuItem.dll
2009-11-19 15:47 - 2009-11-19 15:47 - 00249856 _____ () C:\Windows\system32\wxvault.dll
2009-11-13 08:17 - 2009-11-13 08:17 - 00010752 _____ () C:\Windows\system32\Wavx_ESC_Logging.dll
2008-11-12 13:29 - 2008-11-12 13:29 - 00004608 _____ () C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_DEU.dll
2009-12-22 11:19 - 2009-12-22 11:19 - 00573440 _____ () C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SmithMicro.Message.XmlSerializers.dll
2009-08-11 10:19 - 2009-08-11 10:19 - 06798714 _____ () C:\Program Files\Datacolor2\Spyder3Express\Utility\Spyder3Utility.exe
2009-08-11 10:19 - 2009-08-11 10:19 - 00135168 _____ () C:\Program Files\Datacolor2\Spyder3Express\Utility\Spyder3Utility Libs\Appearance Pak.dll
2009-08-11 10:19 - 2009-08-11 10:19 - 00147456 _____ () C:\Program Files\Datacolor2\Spyder3Express\Utility\Spyder3Utility Libs\RegEx.dll
2009-08-11 10:19 - 2009-08-11 10:19 - 00897024 _____ () C:\Program Files\Datacolor2\Spyder3Express\Utility\Spyder3Utility Libs\RBScript.dll
2009-08-11 10:19 - 2009-08-11 10:19 - 00098304 _____ () C:\Program Files\Datacolor2\Spyder3Express\Utility\Spyder3Utility Libs\Shell.dll
2009-08-11 10:19 - 2009-08-11 10:19 - 00762368 _____ () C:\Program Files\Datacolor2\Spyder3Express\Utility\Spyder3Utility Libs\XML.dll
2009-08-11 10:19 - 2009-08-11 10:19 - 00335872 _____ () C:\Program Files\Datacolor2\Spyder3Express\Utility\Spyder3Utility Libs\CGamma.dll
2009-08-11 10:19 - 2009-08-11 10:19 - 00131072 _____ () C:\Program Files\Datacolor2\Spyder3Express\Utility\Spyder3Utility Libs\CSensor.dll
2009-08-11 10:19 - 2009-08-11 10:19 - 00028672 _____ () C:\Program Files\Datacolor2\Spyder3Express\Utility\Spyder3Utility Libs\MBSRegistrationPlugin16042.dll
2009-08-11 10:19 - 2009-08-11 10:19 - 00025600 _____ () C:\Program Files\Datacolor2\Spyder3Express\Utility\Spyder3Utility Libs\MBSPluginVersionPlugin16042.dll
2010-07-04 21:51 - 2010-07-04 21:51 - 00017408 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe
2014-06-10 21:45 - 2014-06-10 21:46 - 03022960 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2014-06-10 21:45 - 2014-06-10 21:46 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2014-06-10 21:45 - 2014-06-10 21:46 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-07-30 21:30 - 2014-07-30 21:31 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-07-08 22:38 - 2014-07-08 22:38 - 17029808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:04853F41
AlternateDataStreams: C:\ProgramData\TEMP:07BF512B
AlternateDataStreams: C:\ProgramData\TEMP:A5B56640

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programme^Startup^cwsm - Verknüpfung.lnk => C:\Windows\pss\cwsm - Verknüpfung.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programme^Startup^Netzmanager.lnk => C:\Windows\pss\Netzmanager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programme^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programme^Startup^t@x aktuell.lnk => C:\Windows\pss\t@x aktuell.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programme^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programme^Startup^DSL-Manager.lnk => C:\Windows\pss\DSL-Manager.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programme^Startup^Netzmanager.lnk => C:\Windows\pss\Netzmanager.lnk.Startup
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Babylon Client => C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
MSCONFIG\startupreg: iSaverCtrl => C:\Program Files\iSaver\iSaverCtrl.exe --startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NokiaMServer => C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
MSCONFIG\startupreg: NokiaMusic FastStart => "C:\Program Files\Nokia\Nokia Music Player\NokiaMusicPlayer.exe" /command:faststart
MSCONFIG\startupreg: phonostar-PlayerTimer => "C:\Program Files\phonostar-Player\phonostarTimer.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Samsung PanelMgr => C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
MSCONFIG\startupreg: SanDiskSecureAccess_Manager.exe => C:\Users\Thomas\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
MSCONFIG\startupreg: SearchSettings => "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: T-Home Dialerschutz-Software => "C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe"
MSCONFIG\startupreg: WavXMgr => C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/02/2014 05:26:41 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Fehler in Manifest- oder Richtliniendatei "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"2" in Zeile  Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition: Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (09/02/2014 11:17:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 11.0.8326.0, Zeitstempel: 0x4c1c2372
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001009
ID des fehlerhaften Prozesses: 0x13f4
Startzeit der fehlerhaften Anwendung: 0xOUTLOOK.EXE0
Pfad der fehlerhaften Anwendung: OUTLOOK.EXE1
Pfad des fehlerhaften Moduls: OUTLOOK.EXE2
Berichtskennung: OUTLOOK.EXE3

Error: (09/01/2014 10:52:30 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (09/01/2014 10:52:30 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (09/01/2014 10:52:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (09/01/2014 07:00:03 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "E:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (09/01/2014 06:19:42 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (09/01/2014 06:19:42 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (09/01/2014 06:19:41 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (08/31/2014 10:19:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: bcmwltry.exe, Version: 5.60.18.8, Zeitstempel: 0x4a8f3820
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x040b5ffc
ID des fehlerhaften Prozesses: 0x634
Startzeit der fehlerhaften Anwendung: 0xbcmwltry.exe0
Pfad der fehlerhaften Anwendung: bcmwltry.exe1
Pfad des fehlerhaften Moduls: bcmwltry.exe2
Berichtskennung: bcmwltry.exe3


System errors:
=============
Error: (09/03/2014 09:37:54 AM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Ein an das System angeschlossenes Gerät funktioniert nicht.Dell USB Reader 0TRANSMIT00 a4 04 00

Error: (09/03/2014 09:37:54 AM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Ein an das System angeschlossenes Gerät funktioniert nicht.Dell USB Reader 0TRANSMIT00 a4 04 00

Error: (09/03/2014 09:37:54 AM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Ein an das System angeschlossenes Gerät funktioniert nicht.Dell USB Reader 0TRANSMIT00 a4 04 00

Error: (09/03/2014 09:37:54 AM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Ein an das System angeschlossenes Gerät funktioniert nicht.Dell USB Reader 0TRANSMIT00 a4 04 00

Error: (09/03/2014 09:37:54 AM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Ein an das System angeschlossenes Gerät funktioniert nicht.Dell USB Reader 0TRANSMIT00 a4 04 00

Error: (09/03/2014 09:37:54 AM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Ein an das System angeschlossenes Gerät funktioniert nicht.Dell USB Reader 0TRANSMIT00 a4 04 00

Error: (09/03/2014 09:37:54 AM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Ein an das System angeschlossenes Gerät funktioniert nicht.Dell USB Reader 0TRANSMIT00 a4 04 00

Error: (09/03/2014 09:37:54 AM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Ein an das System angeschlossenes Gerät funktioniert nicht.Dell USB Reader 0TRANSMIT00 a4 04 00

Error: (09/03/2014 09:37:54 AM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Ein an das System angeschlossenes Gerät funktioniert nicht.Dell USB Reader 0TRANSMIT00 a4 04 00

Error: (09/03/2014 09:37:54 AM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Ein an das System angeschlossenes Gerät funktioniert nicht.Dell USB Reader 0TRANSMIT00 a4 04 00


Microsoft Office Sessions:
=========================
Error: (09/02/2014 05:26:41 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\programdata\WebEx\WebEx\1125\CiscoWebExImporting.exec:\programdata\WebEx\WebEx\1125\Microsoft.VC90.CRT.MANIFEST11

Error: (09/02/2014 11:17:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: OUTLOOK.EXE11.0.8326.04c1c2372unknown0.0.0.000000000c00000050000100913f401cfc68ae182f7a9C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXEunknowne574bca3-3281-11e4-8ea0-b93f4776a969

Error: (09/01/2014 10:52:30 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (09/01/2014 10:52:30 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (09/01/2014 10:52:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (09/01/2014 07:00:03 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (09/01/2014 06:19:42 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (09/01/2014 06:19:42 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (09/01/2014 06:19:41 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (08/31/2014 10:19:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: bcmwltry.exe5.60.18.84a8f3820unknown0.0.0.000000000c0000005040b5ffc63401cfc4f3df5c3474C:\Program Files\Dell\DW WLAN Card\bcmwltry.exeunknown90e43ffd-30e7-11e4-8376-840164fb4591


CodeIntegrity Errors:
===================================
  Date: 2014-09-03 11:20:22.439
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-03 10:47:14.282
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-03 10:21:13.548
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-03 02:08:37.473
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-03 02:03:17.804
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-02 23:37:07.965
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-02 23:09:19.816
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-02 22:53:14.666
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-02 21:42:50.906
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-02 21:32:13.135
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz
Percentage of memory in use: 56%
Total physical RAM: 3535.9 MB
Available physical RAM: 1528.66 MB
Total Pagefile: 7070.09 MB
Available Pagefile: 4455.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.62 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:231.86 GB) (Free:56.42 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: E0000000)
Partition 1: (Not Active) - (Size=298 MB) - (Type=DE)
Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=231.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 03.09.2014, 11:34   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe - Standard

Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe



Ist das ein gewerblich genuztes System?
__________________
Logs bitte immer in CODE-Tags posten

Alt 03.09.2014, 11:43   #9
Thomas08
 
Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe - Standard

Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe



Nein, ist mein privater Laptop.

Vermutlich kommt die Frage u.a. wegen den Auerswald-Programmmen... ich betreue ehrenamtlich die Technik unseres Vereins und hab das dazu mal installiert. Ist aber eine legale Installation, da frei beim Hersteller verfügbar.

Alt 03.09.2014, 11:50   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe - Standard

Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe



Ok, danke für den Hinweis. Ich frag nur nach gewerblicher Nutzung weil in den Logs sensible Kundendaten stehen könnten, außerdem supporten wir keine Bürorechner an der dafür zuständigen Firmen-IT vorbei (wenn ne eigene IT-Abteilung existiert)

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
Logs bitte immer in CODE-Tags posten

Alt 03.09.2014, 13:02   #11
Thomas08
 
Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe - Standard

Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe



Combofix:

Code:
ATTFilter
ComboFix 14-08-31.01 - Thomas 03.09.2014  13:13:23.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3536.2116 [GMT 2:00]
ausgeführt von:: c:\users\Thomas\Desktop\ComboFix.exe
AV: Norton 360 Online *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Online *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 Online *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
C:\UNWISE.EXE
c:\users\Thomas\AppData\Local\ext_piccshare_uninst.exe
c:\users\Thomas\AppData\Local\lame_enc.dll
c:\users\Thomas\AppData\Local\no23xwrapper.dll
c:\users\Thomas\AppData\Local\ogg.dll
c:\users\Thomas\AppData\Local\vorbis.dll
c:\users\Thomas\AppData\Local\vorbisenc.dll
c:\users\Thomas\AppData\Local\vorbisfile.dll
c:\users\Thomas\AppData\LocalLow\Flagfox\IE\FlAGfox.dll
c:\users\Thomas\AppData\Roaming\Microsoft\~DFKd69734.tmp
c:\users\Thomas\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Thomas\AppData\Roaming\Microsoft\bass.dll
c:\users\Thomas\AppData\Roaming\Microsoft\engine_vx.dll
c:\users\Thomas\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Thomas\AppData\Roaming\Microsoft\rsaadjd.dll
c:\users\Thomas\AppData\Roaming\Seventh\Seventh.exe
c:\users\Thomas\g2mdlhlpx.exe
c:\windows\IsUn0407.exe
c:\windows\system32\test
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Service_acedrv11
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-08-03 bis 2014-09-03  ))))))))))))))))))))))))))))))
.
.
2014-09-03 11:26 . 2014-09-03 11:26	--------	d-----w-	c:\users\Präsentation\AppData\Local\temp
2014-08-28 08:38 . 2014-08-28 08:38	--------	d-----w-	c:\users\Thomas\AppData\Roaming\Oracle
2014-08-28 07:22 . 2014-08-28 07:22	--------	d-----w-	c:\program files\Common Files\Java
2014-08-28 07:21 . 2014-08-28 07:21	96680	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2014-08-27 18:05 . 2014-08-23 01:46	305152	----a-w-	c:\windows\system32\gdi32.dll
2014-08-27 18:05 . 2014-08-23 00:42	2352640	----a-w-	c:\windows\system32\win32k.sys
2014-08-14 11:50 . 2014-03-09 21:47	99480	----a-w-	c:\windows\system32\infocardapi.dll
2014-08-14 11:50 . 2014-06-30 22:14	8856	----a-w-	c:\windows\system32\icardres.dll
2014-08-14 11:50 . 2014-03-09 21:47	619672	----a-w-	c:\windows\system32\icardagt.exe
2014-08-14 11:50 . 2014-06-06 06:16	35480	----a-w-	c:\windows\system32\TsWpfWrp.exe
2014-08-14 10:27 . 2014-08-07 01:43	412160	----a-w-	c:\windows\system32\aepdu.dll
2014-08-14 10:27 . 2014-08-07 01:39	302592	----a-w-	c:\windows\system32\aeinv.dll
2014-08-14 10:27 . 2014-07-14 01:42	654336	----a-w-	c:\windows\system32\rpcrt4.dll
2014-08-05 21:04 . 2014-08-05 21:07	110296	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-05 21:04 . 2014-08-05 21:04	--------	d-----w-	c:\program files\ Malwarebytes Anti-Malware 
2014-08-05 21:04 . 2014-05-12 05:26	51928	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-08-05 21:04 . 2014-05-12 05:25	74456	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-08-05 17:20 . 2014-08-05 17:20	227728	----a-w-	c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2014-08-05 17:20 . 2014-08-05 17:20	227728	----a-w-	c:\program files\Internet Explorer\Plugins\nppdf32.dll
2014-08-04 21:35 . 2014-08-04 21:35	--------	d-----w-	c:\users\Thomas\AppData\Roaming\Sixth
2014-08-04 21:35 . 2014-08-04 21:35	--------	d-----w-	c:\users\Thomas\AppData\Roaming\Snz
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-07 09:47 . 2010-05-07 18:42	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2014-08-07 09:47 . 2010-05-19 14:48	42168	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-08-03 15:10 . 2010-05-19 14:49	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2014-08-03 15:09 . 2010-06-03 17:32	42168	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2014-07-31 17:43 . 2010-05-07 18:41	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-07-08 20:38 . 2012-04-06 10:45	699056	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-07-08 20:38 . 2011-05-17 15:47	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-07 19:22 . 2010-06-03 17:32	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2014-06-19 06:08 . 2014-08-03 15:20	111168	----a-w-	c:\windows\system32\pxcpm5L.dll
2014-06-18 01:51 . 2014-07-09 21:37	646144	----a-w-	c:\windows\system32\osk.exe
2014-06-06 09:44 . 2014-07-09 21:37	509440	----a-w-	c:\windows\system32\qedit.dll
2014-06-05 14:26 . 2014-07-09 21:33	1059840	----a-w-	c:\windows\system32\lsasrv.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-06-23 18:49	297128	----a-w-	c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Mediencenter_InSync]
@="{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}"
"ReferenceCount"=dword:00000001
[HKEY_CLASSES_ROOT\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}]
2012-10-04 13:23	540672	----a-w-	c:\users\Thomas\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Mediencenter_ToSync]
@="{528EE335-5034-4EFC-834E-63E5F02D2BC2}"
"ReferenceCount"=dword:00000001
[HKEY_CLASSES_ROOT\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}]
2012-10-04 13:23	540672	----a-w-	c:\users\Thomas\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Mediencenter_Failed]
@="{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}"
"ReferenceCount"=dword:00000001
[HKEY_CLASSES_ROOT\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}]
2012-10-04 13:23	540672	----a-w-	c:\users\Thomas\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-05-15 13:55	155416	----a-w-	c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-11-24 13:48	62832	----a-w-	c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\McsShellOverlayUpload]
@="{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}"
[HKEY_CLASSES_ROOT\CLSID\{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}]
2011-11-23 12:01	284160	----a-w-	c:\windows\System32\DTAG.Mediencenter.ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-11-24 13:48	62832	----a-w-	c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSync"="c:\users\Thomas\AppData\Roaming\SSync\SSync.exe" [2013-04-09 36864]
"SCheck"="c:\users\Thomas\AppData\Roaming\SCheck\SCheck.exe" [2013-12-09 37376]
"Snoozer"="c:\users\Thomas\AppData\Roaming\Snz\Snz.exe" [2014-08-03 1628642]
"Intermediate"="c:\users\Thomas\AppData\Roaming\Intermediate\Intermediate.exe" [2013-12-09 37376]
"Sixth"="c:\users\Thomas\AppData\Roaming\Sixth\Sixth.exe" [2014-08-19 63624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\V0770Ext.ax"="c:\windows\system32\V0770Ext.ax" [X]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-01 458844]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-03 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-03 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-03 151064]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-01-05 34232]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-12-22 1845248]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-04-16 4685824]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-10-28 1406248]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2013-02-19 162856]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"V0770Mon.exe"="c:\windows\V0770Mon.exe" [2012-06-01 32884]
"BingDesktop"="c:\program files\Microsoft\BingDesktop\BingDesktop.exe" [2014-05-23 2368728]
"T-Home Dialerschutz-Software"="c:\program files\T-Home\Dialerschutz-Software\Defender.exe" [2010-03-29 1411720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"InfoCockpit"="c:\program files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2009-11-16 268800]
.
c:\users\Präsentation\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
cwsm - Verknüpfung.lnk - c:\program files\Klassisches Startmenü\cwsm.exe [2010-2-26 272637]
DSL-Manager.lnk - c:\program files\DSL-Manager\DslMgr.exe [2010-5-12 1085440]
Meine Dienste.lnk - c:\program files\Telekom\Meine Dienste\StartMeineDienste.exe Autostart [2012-3-4 262800]
.
c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programme\Startup\
DSL-Manager.lnk - c:\program files\DSL-Manager\DslMgr.exe [2010-5-12 1085440]
Netzmanager.lnk - c:\program files\Netzmanager\netzmanager.exe /Autostart [2014-1-24 14140416]
.
c:\programdata\Microsoft\Windows\Start Menu\Programme\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-11 795936]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-12-10 1327392]
DSL-Manager.lnk - c:\program files\DSL-Manager\DslMgr.exe [2010-5-12 1085440]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]
Spyder3Utility.lnk - c:\program files\Datacolor2\Spyder3Express\Utility\Spyder3Utility.exe [2009-8-11 6798714]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme\Startup\
DSL-Manager.lnk - c:\program files\DSL-Manager\DslMgr.exe [2010-5-12 1085440]
Meine Dienste.lnk - c:\program files\Telekom\Meine Dienste\StartMeineDienste.exe Autostart [2012-3-4 262800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ   	msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programme^Startup^cwsm - Verknüpfung.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programme\Startup\cwsm - Verknüpfung.lnk
backup=c:\windows\pss\cwsm - Verknüpfung.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programme^Startup^Netzmanager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programme\Startup\Netzmanager.lnk
backup=c:\windows\pss\Netzmanager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programme^Startup^OpenOffice.org 3.4.1.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programme\Startup\OpenOffice.org 3.4.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.1.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programme^Startup^t@x aktuell.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programme\Startup\t@x aktuell.lnk
backup=c:\windows\pss\t@x aktuell.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programme^Startup^Dropbox.lnk]
path=c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programme\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programme^Startup^DSL-Manager.lnk]
path=c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programme\Startup\DSL-Manager.lnk
backup=c:\windows\pss\DSL-Manager.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programme^Startup^Netzmanager.lnk]
path=c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programme\Startup\Netzmanager.lnk
backup=c:\windows\pss\Netzmanager.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 10:48	58656	----a-w-	c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
2011-08-22 07:48	3346032	----a-w-	c:\program files\Babylon\Babylon-Pro\Babylon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2011-10-21 12:19	2193000	----a-w-	c:\program files\Nokia\Nokia Music Player\NokiaMusicPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phonostar-PlayerTimer]
2014-01-11 13:01	42496	----a-w-	c:\program files\phonostar-Player\phonostarTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2010-06-07 10:15	618496	----a-w-	c:\windows\Samsung\PanelMgr\SSMMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SanDiskSecureAccess_Manager.exe]
2012-05-17 09:50	30705792	----a-w-	c:\users\Thomas\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Home Dialerschutz-Software]
2010-03-29 12:00	1411720	----a-w-	c:\program files\T-Home\Dialerschutz-Software\Defender.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WavXMgr]
2010-01-05 12:04	147328	----a-w-	c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 acpials;ALS-Sensorfilter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
R3 APL531;OVT Scanner;c:\windows\system32\Drivers\ov550i.sys [x]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2010-12-30 16640]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-04-16 29472]
R3 DFSYS;T-Home Dialerschutz Hooking Treiber;c:\program files\T-Home\Dialerschutz-Software\DFSYS.SYS [2009-10-15 14624]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-08-20 84248]
R3 GSService;GSService;c:\windows\system32\GSService.exe [2011-03-31 745472]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-07-25 108032]
R3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-07-01 49152]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-05 38400]
R3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys [2008-09-08 12288]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-08-20 182680]
R3 TDslMgrService;DSL-Manager;c:\program files\DSL-Manager\DslMgrSvc.exe [2007-11-26 294912]
R3 TelekomNM3;Telekom Netzmanager Packet Filter Driver;c:\program files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [2010-09-16 35040]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 UDTT2BDA;DTV-DVB USB2 DVB-T receiver;c:\windows\system32\Drivers\UDTT2BDA.sys [2006-02-14 55040]
R3 V0770Vid;Live! Cam Sync HD VF0770 Driver;c:\windows\system32\DRIVERS\V0770Vid.sys [2012-06-01 325376]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-18 1343400]
R3 X86BDA;OEM Capture;c:\windows\system32\DRIVERS\OEMDrv.sys [2011-06-08 195712]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0604010.00E\SYMDS.SYS [2011-08-15 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0604010.00E\SYMEFA.SYS [2012-05-22 924320]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20140821.007\BHDrvx86.sys [2014-08-18 1138480]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2010-05-15 265800]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0604010.00E\ccSetx86.sys [2012-06-07 132768]
S1 DslMNLwf;DSL-Manager NDIS LightWeight Filter;c:\windows\system32\DRIVERS\dslmnlwf.sys [2007-08-01 16448]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20140901.001\IDSvix86.sys [2014-08-23 476888]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0604010.00E\Ironx86.SYS [2011-11-16 149624]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0604010.00E\SYMNETS.SYS [2011-11-16 318584]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\Microsoft\BingDesktop\BingDesktopUpdater.exe [2014-05-23 173784]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-11-20 278304]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2009-12-17 812448]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2009-12-17 27040]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-12-10 386848]
S2 DFSVC;T-Home Dialerschutz Dienst;c:\program files\T-Home\Dialerschutz-Software\DFInject.exe [2009-10-21 288768]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [2013-02-23 545576]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2013-02-23 389928]
S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [2008-02-19 537256]
S2 MCSWASVR;Mediencenter Service;c:\program files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [2011-11-23 12800]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [2012-06-16 138272]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-11-04 687400]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files\PDF Architect\HelperService.exe [2013-01-09 1324104]
S2 PDF Architect Service;PDF Architect Service;c:\program files\PDF Architect\ConversionService.exe [2013-01-09 795208]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-03-23 31920]
S2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2009-12-22 77312]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-09-10 5120]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-04-25 5024576]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2009-10-30 33832]
S3 d553bus;Dell Wireless 5530 HSPA Mobile Broadband Minicard Device driver (WDM);c:\windows\system32\DRIVERS\d553bus.sys [2008-12-19 281216]
S3 d553card;Dell Wireless 5530 HSPA Mobile Broadband Minicard i7;c:\windows\system32\DRIVERS\d553card.sys [2008-12-19 356352]
S3 d553gps;Dell Wireless 5530 HSPA Mobile Broadband Minicard GPS Port;c:\windows\system32\DRIVERS\d553gps.sys [2009-01-08 77352]
S3 d553mdfl;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Filter;c:\windows\system32\DRIVERS\d553mdfl.sys [2008-12-19 14976]
S3 d553mdfl2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Filter;c:\windows\system32\DRIVERS\d553mdfl2.sys [2008-12-19 14976]
S3 d553mdm;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Driver;c:\windows\system32\DRIVERS\d553mdm.sys [2008-12-19 365312]
S3 d553mdm2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Driver;c:\windows\system32\DRIVERS\d553mdm2.sys [2008-12-19 409216]
S3 d553nd5;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (NDIS);c:\windows\system32\DRIVERS\d553nd5.sys [2008-12-19 25984]
S3 d553scard;Dell Wireless 5530 HSPA Mobile Broadband Minicard PC SC Port;c:\windows\system32\DRIVERS\d553scard.sys [2009-04-06 49192]
S3 d553unic;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (WDM);c:\windows\system32\DRIVERS\d553unic.sys [2008-12-19 375424]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2009-06-13 221912]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-06-11 109872]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 122368]
S3 SipIMNDI;T-Home Dialerschutz VoIP Service;c:\windows\system32\DRIVERS\SipIMNDI.sys [2009-10-15 24352]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-02-22 37064]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2010-03-11 25088]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService	REG_MULTI_SZ   	HsfXAudioService
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-02 18:30	1096520	----a-w-	c:\program files\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 20:38]
.
2014-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 18:22]
.
2014-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 18:22]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://startpage.com/
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: {{B472B1D3-A3C5-468B-AF3A-10F2AE45B864} - c:\program files\FreshDevices\FreshDownload\fd.exe
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
Trusted Zone: asamnet.de\webmail
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://native-search.com/search.php?channel=de&q=
FF - prefs.js: browser.startup.homepage - hxxps://startpage.com/do/search
FF - prefs.js: keyword.URL - hxxp://native-search.com/search.php?channel=de&q=
FF - prefs.js: network.proxy.http - www-proxy.t-online.de
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2012-02-11 00:08; mail@gutscheinrausch.de; c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\extensions\mail@gutscheinrausch.de
FF - ExtSQL: !HIDDEN! 2013-12-11 11:00; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files\Common Files\DVDVideoSoft\plugins\ff
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-fsm - (no file)
HKCU-Run-Seventh - c:\users\Thomas\AppData\Roaming\Seventh\Seventh.exe
c:\users\Präsentation\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk - c:\program files\program\quickstart.exe
MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MSConfigStartUp-iSaverCtrl - c:\program files\iSaver\iSaverCtrl.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
AddRemove-DeInst_d2vexcrdTop50 Viewer (Build 1.0.5.388) - c:\windows\IsUn0407.exe
AddRemove-{2FAAECD0-1929-11DA-6784-006853A418BE} - c:\program files\Arbeitszeugnis\Uninst_Arbeitszeugnis
AddRemove-PiccShare - c:\users\Thomas\AppData\Local\ext_piccshare_uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.4.1.14\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(600)
c:\windows\system32\wvauth.DLL
.
- - - - - - - > 'Explorer.exe'(3544)
c:\windows\system32\CbFsMntNtf3.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Unlocker\UnlockerHook.dll
c:\program files\Software Informer\sbtn.dll
c:\windows\system32\docobj.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\STacSV.exe
c:\program files\Sony Ericsson\Sony Ericsson MD400 Wireless Modem\wwanSvc.exe
c:\program files\Dell\DW WLAN Card\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Dell\DW WLAN Card\bcmwltry.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\fxssvc.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
c:\windows\System32\tcpsvcs.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\program files\Microsoft Mouse and Keyboard Center\itype.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Unlocker\UnlockerAssistant.exe
c:\program files\Software Informer\softinfo.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-09-03  13:43:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-09-03 11:43
.
Vor Suchlauf: 16 Verzeichnis(se), 60.401.807.360 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 59.544.178.688 Bytes frei
.
- - End Of File - - 67C85C68A47321005C40AEE42FFB757E
A36C5E4F47E84449FF07ED3517B43A31
         

Alt 03.09.2014, 13:07   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe - Standard

Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe



Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen aus den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
Logs bitte immer in CODE-Tags posten

Alt 03.09.2014, 13:57   #13
Thomas08
 
Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe - Standard

Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe



Alles ausgeführt. Allerdings wurde auch eine erwünschte und ungefährliche Erweiterung in Firefox gelöscht (Pocket, ehem. ReadIt-Later), kann ich diese wieder installieren, oder besser noch nicht?

AdwareCleaner:

Code:
ATTFilter
# AdwCleaner v3.309 - Bericht erstellt am 03/09/2014 um 14:18:52
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : Thomas - T-LAPTOP
# Gestartet von : C:\Users\Thomas\Desktop\adwcleaner_3.309.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : hshld
Dienst Gelöscht : HssSrv
[#] Dienst Gelöscht : hsstrayservice
Dienst Gelöscht : hsswd
[#] Dienst Gelöscht : GSService

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\hotspot shield
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\ProgramData\VideoConverter
Ordner Gelöscht : C:\Program Files\Babylon
Ordner Gelöscht : C:\Program Files\BabylonToolbar
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\Free Video Converter
[/!\] Nicht Gelöscht ( Junction ) : C:\Program Files\Gemeinsame Dateien
Ordner Gelöscht : C:\Program Files\hotspot shield
Ordner Gelöscht : C:\Program Files\Hotspot_Shield
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files\NCH Software
Ordner Gelöscht : C:\Program Files\pdfforge
Ordner Gelöscht : C:\Windows\system32\hotspot shield
Ordner Gelöscht : C:\Users\Präsentation\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Präsentation\AppData\LocalLow\Hotspot_Shield
Ordner Gelöscht : C:\Users\Thomas\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Thomas\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Thomas\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\Thomas\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Thomas\AppData\Local\Video Converter
Ordner Gelöscht : C:\Users\Thomas\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Thomas\AppData\LocalLow\FlagFox
Ordner Gelöscht : C:\Users\Thomas\AppData\LocalLow\Hotspot_Shield
Ordner Gelöscht : C:\Users\Thomas\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\Common\LuaRT
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\DataMgr
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\Intermediate
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\SCheck
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\Seventh
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\Sixth
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\Snz
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\SSync
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\Uniblue
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Conduit
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\ConduitEngine
Ordner Gelöscht : C:\Program Files\Mozilla Firefox\Extensions\adapter@babylontc.com
Ordner Gelöscht : C:\Program Files\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\engine@conduit.com
Ordner Gelöscht : C:\Program Files\Mozilla Firefox\Extensions\ocr@babylon.com
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\isreaditlater@ideashower.com
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
Ordner Gelöscht : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfdfamfnacokbbbnmpdfmhonipnhmbid
Datei Gelöscht : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
Datei Gelöscht : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\snt@dotlabs.co.xpi
Datei Gelöscht : C:\Windows\system32\GSService.exe
Datei Gelöscht : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\searchplugins\fbdownloader_search.xml
Datei Gelöscht : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\searchplugins\search.xml

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\cfdfamfnacokbbbnmpdfmhonipnhmbid
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\docfnddcclkgokdfpnmngpiliiachclb
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Schlüssel Gelöscht : HKCU\Software\Microsoft\Office\Powerpoint\Addins\babylonofficeaddin.officeaddin
Schlüssel Gelöscht : HKCU\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddin
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Intermediate]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [scheck]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Sixth]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Snoozer]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ssync]
Schlüssel Gelöscht : HKCU\Software\MozillaPlugins\bebomedia.com/OfferMosquitoIEHelper
Schlüssel Gelöscht : HKCU\Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\.bdc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\.bgl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\.bof
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonTC.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyDict
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyGloss
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyOptFile
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Babylon Client
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\pdfforgeToolbar-stub-1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\pdfforgeToolbar-stub-1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\registrybooster_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\registrybooster_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader61606_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader61606_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader64308_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader64308_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-vimeo-downloader_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-vimeo-downloader_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_karafun_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_karafun_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_karaokemedia_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_karaokemedia_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_video-download-capture_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_video-download-capture_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{50F7F0BE-31BA-4145-BD8B-6B0DECFED804}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C0CEA572-2978-4DFC-A672-8100FF0E276A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF390AA1-1E65-4825-B8E7-BE6B47BD56B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95734BDE-B702-45B9-86E5-27676729F904}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D0482C8E-BAEA-4943-911A-B661060F56A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{0C2E529C-A82C-4AC6-8807-0B51F7AD7BB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3BC93E76-92F8-5FDA-B676-5AFEE3735BF1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5351D081-0C9E-47A0-A6A1-4459CA4CDDDB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0BF0666-00B4-4CF4-9A2E-FC16C3B0D404}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]
Schlüssel Gelöscht : HKCU\Software\Babylon
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\hotspotshield
Schlüssel Gelöscht : HKCU\Software\httogroup
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\piccshare
Schlüssel Gelöscht : HKCU\Software\Protector
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Hotspot_Shield
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Hotspot_Shield
Schlüssel Gelöscht : HKLM\SOFTWARE\hotspotshield
Schlüssel Gelöscht : HKLM\SOFTWARE\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\pdfforge
Schlüssel Gelöscht : HKLM\SOFTWARE\Search Settings
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free Video Converter
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hotspot_Shield Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\prefs.js ]

Zeile gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Zeile gelöscht : user_pref("CT2269050.CTID", "CT2269050");
Zeile gelöscht : user_pref("CT2269050.CurrentServerDate", "29-6-2010");
Zeile gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT2269050.DownloadReferralCookieData", "");
Zeile gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Tue Jun 29 2010 09:20:12 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.FirstServerDate", "29-6-2010");
Zeile gelöscht : user_pref("CT2269050.FirstTime", true);
Zeile gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Zeile gelöscht : user_pref("CT2269050.FirstTimeSettingsDone", true);
Zeile gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Zeile gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Zeile gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Zeile gelöscht : user_pref("CT2269050.Initialize", true);
Zeile gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 2);
Zeile gelöscht : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Zeile gelöscht : user_pref("CT2269050.InstalledDate", "Mon Jun 28 2010 23:19:32 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.InvalidateCache", false);
Zeile gelöscht : user_pref("CT2269050.IsGrouping", false);
Zeile gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Zeile gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
Zeile gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false);
Zeile gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Mon Jun 28 2010 23:19:38 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Zeile gelöscht : user_pref("CT2269050.LastLogin_2.7.0.14", "Tue Jun 29 2010 09:20:12 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.LatestVersion", "2.1.0.18");
Zeile gelöscht : user_pref("CT2269050.Locale", "en");
Zeile gelöscht : user_pref("CT2269050.LoginCache", 4);
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Zeile gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
Zeile gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Mon Jun 28 2010 23:19:34 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Zeile gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Zeile gelöscht : user_pref("CT2269050.RadioMediaID", "12473383");
Zeile gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
Zeile gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Zeile gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Zeile gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Zeile gelöscht : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2269050&octid=EB_ORIGINAL_CTID&SearchSource=1");
Zeile gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=");
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Mon Jun 28 2010 23:19:33 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Zeile gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Tue Jun 29 2010 09:20:11 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1277628476");
Zeile gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Zeile gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Mon Jun 28 2010 23:19:30 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1277628476");
Zeile gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Zeile gelöscht : user_pref("CT2269050.UserID", "UN21217432632930033");
Zeile gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Zeile gelöscht : user_pref("CT2269050.WeatherPollDate", "Tue Jun 29 2010 09:20:13 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Zeile gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Zeile gelöscht : user_pref("CT2269050.clientLogIsEnabled", true);
Zeile gelöscht : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Zeile gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Zeile gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Zeile gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Zeile gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Zeile gelöscht : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Zeile gelöscht : user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Zeile gelöscht : user_pref("CT2431245.CTID", "CT2431245");
Zeile gelöscht : user_pref("CT2431245.CurrentServerDate", "12-5-2010");
Zeile gelöscht : user_pref("CT2431245.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT2431245.EMailNotifierPollDate", "Wed May 12 2010 22:49:20 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedLastCount129009402595187825", 481);
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634014180506963", "Wed May 12 2010 22:49:20 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634014269327586", "Wed May 12 2010 22:49:18 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634014329599698", "Wed May 12 2010 22:49:19 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634014537505092", "Wed May 12 2010 22:49:18 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634014970726540", "Wed May 12 2010 22:49:19 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634015410831318", "Wed May 12 2010 22:49:20 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634015483395460", "Wed May 12 2010 22:49:19 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634015636754705", "Wed May 12 2010 22:49:19 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634015768347545", "Wed May 12 2010 22:49:19 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634015855543602", "Wed May 12 2010 22:49:19 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634016030710453", "Wed May 12 2010 22:49:18 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634016114705611", "Wed May 12 2010 22:49:20 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634016129205152", "Wed May 12 2010 22:49:20 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634016143724791", "Wed May 12 2010 22:49:20 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634016271239162", "Wed May 12 2010 22:49:20 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634016568520719", "Wed May 12 2010 22:49:20 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634016726993788", "Wed May 12 2010 22:49:18 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634017109031809", "Wed May 12 2010 22:49:19 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634017132743740", "Wed May 12 2010 22:49:19 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634017299547668", "Wed May 12 2010 22:49:20 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634017302327846", "Wed May 12 2010 22:49:19 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634017344111490", "Wed May 12 2010 22:49:19 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634017478360748", "Wed May 12 2010 22:49:21 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634017732797593", "Wed May 12 2010 22:49:19 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634017821686064", "Wed May 12 2010 22:49:20 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634018090228721", "Wed May 12 2010 22:49:20 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.FeedTTL7470634014269327586", 5);
Zeile gelöscht : user_pref("CT2431245.FeedTTL7470634014537505092", 5);
Zeile gelöscht : user_pref("CT2431245.FeedTTL7470634015636754705", 5);
Zeile gelöscht : user_pref("CT2431245.FirstServerDate", "12-5-2010");
Zeile gelöscht : user_pref("CT2431245.FirstTime", true);
Zeile gelöscht : user_pref("CT2431245.FirstTimeFF3", true);
Zeile gelöscht : user_pref("CT2431245.FixPageNotFoundErrors", true);
Zeile gelöscht : user_pref("CT2431245.GroupingServerCheckInterval", 1440);
Zeile gelöscht : user_pref("CT2431245.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Zeile gelöscht : user_pref("CT2431245.Initialize", true);
Zeile gelöscht : user_pref("CT2431245.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("CT2431245.InstalledDate", "Wed May 12 2010 22:49:18 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.InvalidateCache", false);
Zeile gelöscht : user_pref("CT2431245.IsGrouping", false);
Zeile gelöscht : user_pref("CT2431245.IsMulticommunity", false);
Zeile gelöscht : user_pref("CT2431245.IsOpenThankYouPage", false);
Zeile gelöscht : user_pref("CT2431245.IsOpenUninstallPage", true);
Zeile gelöscht : user_pref("CT2431245.LanguagePackLastCheckTime", "Wed May 12 2010 22:49:24 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.LanguagePackReloadIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2431245.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Zeile gelöscht : user_pref("CT2431245.LastLogin_2.5.8.6", "Wed May 12 2010 22:49:18 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.LatestVersion", "2.1.0.18");
Zeile gelöscht : user_pref("CT2431245.Locale", "de-de");
Zeile gelöscht : user_pref("CT2431245.LoginCache", 4);
Zeile gelöscht : user_pref("CT2431245.MCDetectTooltipHeight", "83");
Zeile gelöscht : user_pref("CT2431245.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gelöscht : user_pref("CT2431245.MCDetectTooltipWidth", "295");
Zeile gelöscht : user_pref("CT2431245.RadioIsPodcast", false);
Zeile gelöscht : user_pref("CT2431245.RadioLastCheckTime", "Wed May 12 2010 22:49:19 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.RadioLastUpdateIPServer", "3");
Zeile gelöscht : user_pref("CT2431245.RadioLastUpdateServer", "129167771525870000");
Zeile gelöscht : user_pref("CT2431245.RadioMediaID", "20503672");
Zeile gelöscht : user_pref("CT2431245.RadioMediaType", "Media Player");
Zeile gelöscht : user_pref("CT2431245.RadioMenuSelectedID", "EBRadioMenu_CT243124520503672");
Zeile gelöscht : user_pref("CT2431245.RadioStationName", "Team%20Radio%20Deutschland");
Zeile gelöscht : user_pref("CT2431245.RadioStationURL", "hxxp://trd.stream.w-u-s.org:6666/dsl.m3u");
Zeile gelöscht : user_pref("CT2431245.SHRINK_TOOLBAR", 1);
Zeile gelöscht : user_pref("CT2431245.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2431245&octid=EB_ORIGINAL_CTID&SearchSource=1");
Zeile gelöscht : user_pref("CT2431245.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("CT2431245.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q=");
Zeile gelöscht : user_pref("CT2431245.SearchInNewTabEnabled", true);
Zeile gelöscht : user_pref("CT2431245.SearchInNewTabIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2431245.SearchInNewTabLastCheckTime", "Wed May 12 2010 22:49:19 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2431245.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2431245.SettingsCheckIntervalMin", 120);
Zeile gelöscht : user_pref("CT2431245.SettingsLastCheckTime", "Wed May 12 2010 22:49:16 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.SettingsLastUpdate", "1272782607");
Zeile gelöscht : user_pref("CT2431245.ThirdPartyComponentsInterval", 504);
Zeile gelöscht : user_pref("CT2431245.ThirdPartyComponentsLastCheck", "Wed May 12 2010 22:49:16 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.ThirdPartyComponentsLastUpdate", "1272296347");
Zeile gelöscht : user_pref("CT2431245.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Zeile gelöscht : user_pref("CT2431245.UserID", "UN15253765689334621");
Zeile gelöscht : user_pref("CT2431245.WeatherNetwork", "");
Zeile gelöscht : user_pref("CT2431245.WeatherPollDate", "Wed May 12 2010 22:49:22 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.WeatherUnit", "C");
Zeile gelöscht : user_pref("CT2431245.alertChannelId", "825452");
Zeile gelöscht : user_pref("CT2431245.clientLogIsEnabled", false);
Zeile gelöscht : user_pref("CT2431245.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Zeile gelöscht : user_pref("CT2431245.myStuffEnabled", true);
Zeile gelöscht : user_pref("CT2431245.myStuffPublihserMinWidth", 400);
Zeile gelöscht : user_pref("CT2431245.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Zeile gelöscht : user_pref("CT2431245.myStuffServiceIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2431245.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Zeile gelöscht : user_pref("CT2431245.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"01ffa8b1cc6cb1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.2.1", "\"0652eeacc6cb1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"0652eeacc6cb1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Zeile gelöscht : user_pref("CommunityToolbar.IsEngineShown", true);
Zeile gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Zeile gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2431245,CT2269050,ConduitEngine");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2431245,CT2269050");
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu Mar 24 2011 08:05:24 GMT+0100");
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Mar 29 2011 20:54:29 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Mar 29 2011 20:54:21 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291048634");
Zeile gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Zeile gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Zeile gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Zeile gelöscht : user_pref("CommunityToolbar.alert.userId", "41053da1-f0f9-4ebe-8016-a27ff1c0bafd");
Zeile gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Jun 28 2010 23:19:34 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Thu Mar 24 2011 17:12:42 GMT+0100");
Zeile gelöscht : user_pref("ConduitEngine.CTID", "ConduitEngine");
Zeile gelöscht : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sun Mar 27 2011 13:09:59 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.FirstServerDate", "03/24/2011 10");
Zeile gelöscht : user_pref("ConduitEngine.FirstTime", true);
Zeile gelöscht : user_pref("ConduitEngine.FirstTimeFF3", true);
Zeile gelöscht : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Zeile gelöscht : user_pref("ConduitEngine.Initialize", true);
Zeile gelöscht : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("ConduitEngine.InstalledDate", "Thu Mar 24 2011 08:05:40 GMT+0100");
Zeile gelöscht : user_pref("ConduitEngine.IsMulticommunity", false);
Zeile gelöscht : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Zeile gelöscht : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Zeile gelöscht : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon Mar 28 2011 22:22:01 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.LastLogin_3.3.2.1", "Thu Mar 24 2011 17:12:42 GMT+0100");
Zeile gelöscht : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Tue Mar 29 2011 20:54:22 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("ConduitEngine.SettingsLastCheckTime", "Tue Mar 29 2011 20:54:22 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.UserID", "UN84437794938446938");
Zeile gelöscht : user_pref("ConduitEngine.componentAlertEnabled", false);
Zeile gelöscht : user_pref("ConduitEngine.engineLocale", "de");
Zeile gelöscht : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue Mar 29 2011 20:54:22 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Tue Mar 29 2011 20:54:22 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.initDone", true);
Zeile gelöscht : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://native-search.com/search.php?channel=de&q=");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babclient");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", 21);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.id", "38379aa100000000000000ff6ee11b86");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15282");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "std");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.lastDP", 21);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.35.1011:58:51");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "8.0");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.newTab", true);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.propectorlck", 63054207);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.srchPrvdr", "Search the web (Babylon)");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.4.35.10");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsnTs", "1.4.35.1011:58:51");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://native-search.com/search.php?channel=de&q=");
Zeile gelöscht : user_pref("om.config", "{\"active\":true,\"name\":\"twde\",\"id\":25,\"dispId\":\"CH-25\",\"aboutLink\":\"\",\"trackingGeneral\":false,\"xhrDomains\":[\"become\",\"shopzilla\",\"twenga\",\"bizrate\"],[...]
Zeile gelöscht : user_pref("simplenewtab.url", "hxxp://wisersearch.com/?channel=de_nt");

-\\ Google Chrome v37.0.2062.103

[ Datei : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Startup_urls] : hxxp://search.fbdownloader.com/?channel=sfit204fbdgy11
Gelöscht [Homepage] : hxxp://search.fbdownloader.com/?channel=sfit204fbdgy11
Gelöscht [Extension] : cfdfamfnacokbbbnmpdfmhonipnhmbid
Gelöscht [Extension] : docfnddcclkgokdfpnmngpiliiachclb

*************************

AdwCleaner[R0].txt - [41947 octets] - [03/09/2014 14:15:30]
AdwCleaner[S0].txt - [41114 octets] - [03/09/2014 14:18:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [41175 octets] ##########
         
JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x86
Ran by Thomas on 03.09.2014 at 14:29:29,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Failed to delete: [File] "C:\Users\Thomas\appdata\local\google\chrome\user data\default\ext_piccshare"
Successfully deleted: [File] "C:\Program Files\adobe\reader 10.0\reader\plug_ins\babylon\babylonrpi.api"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Thomas\AppData\Roaming\software informer"
Successfully deleted: [Folder] "C:\Program Files\software informer"



~~~ FireFox

Emptied folder: C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\sddw8rxv.default\minidumps [463 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.09.2014 at 14:37:46,51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST:

FRST:


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-09-2014
Ran by Thomas (administrator) on T-LAPTOP on 03-09-2014 14:39:16
Running from C:\Users\Thomas\Desktop
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe
() C:\Program Files\Sony Ericsson\Sony Ericsson MD400 Wireless Modem\wwanSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Smith Micro Software, Inc.) C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
(T-Systems International GmbH) C:\Program Files\T-Home\Dialerschutz-Software\DFInject.exe
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
( ) C:\Windows\System32\lxbkcoms.exe
(Deutsche Telekom AG) C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\6.4.1.14\ccsvchst.exe
(pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
(Broadcom Corporation) C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
(Smith Micro Software, Inc.) C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Nero AG) C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Creative Technology Ltd.) C:\Windows\V0770Mon.exe
(T-Systems International GmbH) C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(T-Systems Enterprise Services GmbH) C:\Program Files\DSL-Manager\DslMgr.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\Datacolor2\Spyder3Express\Utility\Spyder3Utility.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe
(T-Systems Enterprise Services GmbH) C:\Program Files\DSL-Manager\DslMgrSvc.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\6.4.1.14\ccsvchst.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [458844 2009-08-01] (IDT, Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [DellControlPoint] => C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [657920 2009-11-02] (Dell Inc.)
HKLM\...\Run: [USCService] => C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-01-05] (Broadcom Corporation)
HKLM\...\Run: [DellConnectionManager] => C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe [1845248 2009-12-22] (Smith Micro Software, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [4685824 2010-04-16] (Dell Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [249856 2009-06-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [NBAgent] => C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1406248 2010-10-28] (Nero AG)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [162856 2013-02-19] (Geek Software GmbH)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [V0770Mon.exe] => C:\Windows\V0770Mon.exe [32884 2012-06-01] (Creative Technology Ltd.)
HKLM\...\Run: [C:\Windows\system32\V0770Ext.ax] => C:\Windows\system32\RegSvr32.exe /s C:\Windows\system32\V0770Ext.ax
HKLM\...\Run: [BingDesktop] => C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2368728 2014-05-23] (Microsoft Corp.)
HKLM\...\Run: [T-Home Dialerschutz-Software] => C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe [1411720 2010-03-29] (T-Systems International GmbH)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\.DEFAULT\...\Run: [InfoCockpit] => C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE [268800 2009-11-16] (Deutsche Telekom AG, T-Com)
HKU\S-1-5-21-570751628-918466799-1238080868-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-570751628-918466799-1238080868-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Startup\Dell ControlPoint System Manager.lnk
ShortcutTarget: Dell ControlPoint System Manager.lnk -> C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Startup\Spyder3Utility.lnk
ShortcutTarget: Spyder3Utility.lnk -> C:\Program Files\Datacolor2\Spyder3Express\Utility\Spyder3Utility.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme\Startup\Meine Dienste.lnk
ShortcutTarget: Meine Dienste.lnk -> C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme\Startup\Meine Dienste.lnk
ShortcutTarget: Meine Dienste.lnk -> C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
Startup: C:\Users\Präsentation\AppData\Roaming\Microsoft\Windows\Start Menu\Programme\Startup\cwsm - Verknüpfung.lnk
ShortcutTarget: cwsm - Verknüpfung.lnk -> C:\Program Files\Klassisches Startmenü\cwsm.exe ()
Startup: C:\Users\Präsentation\AppData\Roaming\Microsoft\Windows\Start Menu\Programme\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Präsentation\AppData\Roaming\Microsoft\Windows\Start Menu\Programme\Startup\Meine Dienste.lnk
ShortcutTarget: Meine Dienste.lnk -> C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programme\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programme\Startup\Netzmanager.lnk
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: 01Mediencenter_InSync -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\Thomas\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: 02Mediencenter_ToSync -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\Thomas\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: 03Mediencenter_Failed -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\Thomas\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: EnabledUnlockedFDEIconOverlay -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: McsShellOverlayUpload -> {0774B5A9-ADB5-4D3A-915F-72C7EF9CD262} => C:\Windows\system32\DTAG.Mediencenter.ShellExtension.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\6.4.1.14\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\6.4.1.14\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\6.4.1.14\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: UninitializedFdeIconOverlay -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
GroupPolicyUsers\S-1-5-21-570751628-918466799-1238080868-1003\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xADE0ED5839FECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://startpage.com/
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKCU - {330DC6E0-1A5B-4AFE-8E50-297AF70CEC78} URL = 
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Deaktivierungs-Add-on für Browser von Google Analytics -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Advertising Cookie Opt-out -> {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} -> C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
Toolbar: HKLM - No Name - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} -  No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} 
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default
FF Homepage: https://startpage.com/do/search
FF NetworkProxy: "http", "www-proxy.t-online.de"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.1.0 -> C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.1.0 -> C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Thomas\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @phonostar.de/phonostar -> C:\Program Files\phonostar-Player\npphonostarDetectNP.dll ( )
FF Plugin HKCU: @protectdisc.com/NPPDLicenseHelper -> C:\Users\Thomas\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
FF Plugin HKCU: telekom.com/PagePlaceStarter -> C:\Program Files\PagePlace\npPagePlaceStarter.dll (Deutsche Telekom AG)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Thomas\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Free Download Manager plugin - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\fdm_ffext@freedownloadmanager.org [2012-12-13]
FF Extension: FoxyProxy Standard - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\foxyproxy@eric.h.jung [2014-02-04]
FF Extension: Flagfox - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\info@flagfox.net [2013-05-15]
FF Extension: Gutscheinrausch.de - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\mail@gutscheinrausch.de [2012-02-11]
FF Extension: qtl - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\qtl.co.il@gmail.com [2011-03-19]
FF Extension: Garmin Communicator - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-03-02]
FF Extension: Firebug - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\firebug@software.joehewitt.com.xpi [2014-07-17]
FF Extension: Telekom YouTube Turbo - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\info@maltegoetz.de.xpi [2011-09-08]
FF Extension: Advertising Cookie Opt-out - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\optout@google.com.xpi [2011-05-06]
FF Extension: Google Analytics Opt-out Browser Add-on - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2011-04-20]
FF Extension: ImTranslator - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2013-08-01]
FF Extension: Adblock Plus - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-14]
FF Extension: Download Statusbar - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2011-10-29]
FF Extension: Greasemonkey - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-09-02]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-07-30]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-07-30]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-07-30]
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2010-07-09]
FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync
FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync [2011-03-13]
FF HKLM\...\Firefox\Extensions: [{1BC4187C-4BB6-4C5A-A11A-3FB535AE04AB}] - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012-05-09]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn [2014-09-03]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-03-11]
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2010-07-09]
FF HKCU\...\Firefox\Extensions: [mail@gutscheinrausch.de] - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\sddw8rxv.default\extensions\mail@gutscheinrausch.de
FF HKCU\...\Thunderbird\Extensions: [{528bcd12-8e45-4595-96dd-c92c3989c536}] - C:\Program Files\WEB.DE MultiMessenger\ThunderbirdSyncProxy
FF Extension: Adressbuchanbindung*für*WEB.DE*MultiMessenger - C:\Program Files\WEB.DE MultiMessenger\ThunderbirdSyncProxy [2010-05-29]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchKeyword: Default -> fbdownloader search
CHR DefaultSearchURL: Default -> hxxp://search.fbdownloader.com/search.php?channel=sfit204fbdgy11&q={searchTerms}
CHR DefaultSuggestURL: Default -> 
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Babylon Chrome Plugin) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.1_0\BabylonChromePI.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\Thomas\AppData\Roaming\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (PagePlace Starter plugin) - C:\Program Files\PagePlace\npPagePlaceStarter.dll (Deutsche Telekom AG)
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (phonostar Detector) - C:\Program Files\phonostar-Player\npphonostarDetectNP.dll ( )
CHR Plugin: (Protect Disc License Acquisition Plugin) - C:\Users\Thomas\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR CustomProfile: C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-11]
CHR Extension: (No Name) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfdfamfnacokbbbnmpdfmhonipnhmbid [2013-07-11]
CHR Extension: (Google-Suche) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-11]
CHR Extension: (RealDownloader) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-07-11]
CHR Extension: (Google Wallet) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-06]
CHR Extension: (Google Mail) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-11]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-03-23]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\6.4.1.14\Exts\Chrome.crx [2014-02-03]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor10.0; C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173784 2014-05-23] (Microsoft Corp.)
R2 buttonsvc32; C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [278304 2009-11-20] (Dell Inc.)
R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [812448 2009-12-17] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [27040 2009-12-17] (Broadcom Corporation)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-03-23] (Cisco Systems, Inc.)
R2 dcpsysmgrsvc; c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [386848 2009-12-10] (Dell Inc.)
R2 DFSVC; C:\Program Files\T-Home\Dialerschutz-Software\DFInject.exe [288768 2009-10-21] (T-Systems International GmbH) [File not signed]
R2 lxbk_device; C:\Windows\system32\lxbkcoms.exe [537256 2008-02-19] ( )
R2 MCSWASVR; C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [12800 2011-11-23] (Deutsche Telekom AG) [File not signed]
R2 N360; C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [687400 2011-11-04] (Nero AG)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [31920 2012-03-23] ()
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1032192 2009-11-18] (Wave Systems Corp.) [File not signed]
S3 ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [632832 2011-03-21] (Nokia) [File not signed]
R2 SMManager; C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [77312 2009-12-22] (Smith Micro Software, Inc.) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\STacSV.exe [221266 2009-08-01] (IDT, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] () [File not signed]
R2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [1148264 2009-11-24] (Wave Systems Corp.)
R3 TDslMgrService; C:\Program Files\DSL-Manager\DslMgrSvc.exe [294912 2007-11-26] (T-Systems Enterprise Services GmbH) [File not signed]
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4038656 2010-04-16] (Dell Inc.) [File not signed]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 acpials; C:\Windows\System32\DRIVERS\acpials.sys [7680 2009-07-14] (Microsoft Corporation)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [16640 2010-12-30] (Wondershare) [File not signed]
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-04-16] (Broadcom Corporation)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20140821.007\BHDrvx86.sys [1138480 2014-08-19] (Symantec Corporation)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [265800 2010-05-15] (EldoS Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\0604010.00E\ccSetx86.sys [132768 2012-06-07] (Symantec Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-03-23] (Cisco Systems, Inc.) [File not signed]
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2009-10-31] (Broadcom Corporation)
R3 d553bus; C:\Windows\System32\DRIVERS\d553bus.sys [281216 2008-12-19] (MCCI Corporation)
R3 d553card; C:\Windows\System32\DRIVERS\d553card.sys [356352 2008-12-19] (MCCI Corporation)
R3 d553gps; C:\Windows\System32\DRIVERS\d553gps.sys [77352 2009-01-08] (Dell)
R3 d553mdfl; C:\Windows\System32\DRIVERS\d553mdfl.sys [14976 2008-12-19] (MCCI Corporation)
R3 d553mdfl2; C:\Windows\System32\DRIVERS\d553mdfl2.sys [14976 2008-12-19] (MCCI Corporation)
R3 d553mdm; C:\Windows\System32\DRIVERS\d553mdm.sys [365312 2008-12-19] (MCCI Corporation)
R3 d553mdm2; C:\Windows\System32\DRIVERS\d553mdm2.sys [409216 2008-12-19] (MCCI Corporation)
R3 d553nd5; C:\Windows\System32\DRIVERS\d553nd5.sys [25984 2008-12-19] (MCCI Corporation)
R3 d553scard; C:\Windows\System32\DRIVERS\d553scard.sys [49192 2009-04-06] (Dell)
R3 d553unic; C:\Windows\System32\DRIVERS\d553unic.sys [375424 2008-12-19] (MCCI Corporation)
R3 DFSYS; C:\Program Files\T-Home\Dialerschutz-Software\DFSYS.SYS [14624 2009-10-15] (T-Systems International GmbH)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [16448 2007-08-01] (T-Systems Enterprise Services GmbH)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-06-11] (Symantec Corporation)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [57800 2009-10-22] (FTDI Ltd.)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20140901.001\IDSvix86.sys [476888 2014-08-23] (Symantec Corporation)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [28632 2009-09-21] (Intel Corporation ) [File not signed]
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140902.003\NAVENG.SYS [95704 2014-08-24] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140902.003\NAVEX15.SYS [1636696 2014-08-24] (Symantec Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
S3 OVT511Plus; C:\Windows\System32\Drivers\omcamvid.sys [167816 2001-09-18] (OmniVision Technologies, Inc.)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
S3 risdpcie; C:\Windows\system32\DRIVERS\risdpe86.sys [49152 2009-07-01] (REDC)
S3 rixdpcie; C:\Windows\system32\DRIVERS\rixdpe86.sys [38400 2009-07-05] (REDC)
R3 SipIMNDI; C:\Windows\System32\DRIVERS\SipIMNDI.sys [24352 2009-10-15] (T-Systems International GmbH)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [324096 2013-11-06] (Duplex Secure Ltd.)
S3 Spyder3; C:\Windows\System32\DRIVERS\Spyder3.sys [12288 2008-09-08] ()
R3 SRTSP; C:\Windows\System32\Drivers\N360\0604010.00E\SRTSP.SYS [574112 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\0604010.00E\SRTSPX.SYS [32928 2012-07-06] (Symantec Corporation)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-09-10] (Samsung Electronics) [File not signed]
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-21] () [File not signed]
R0 SymDS; C:\Windows\System32\drivers\N360\0604010.00E\SYMDS.SYS [340088 2011-08-16] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\0604010.00E\SYMEFA.SYS [924320 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-08-02] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\0604010.00E\Ironx86.SYS [149624 2011-11-16] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360\0604010.00E\SYMNETS.SYS [318584 2011-11-16] (Symantec Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2011-01-08] (The OpenVPN Project)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2012-05-16] (AnchorFree Inc)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-02-22] (Anchorfree Inc.)
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2010-03-11] (TeamViewer GmbH)
R3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
S3 UDTT2BDA; C:\Windows\System32\Drivers\UDTT2BDA.sys [55040 2006-02-14] (DTV-DVB)
S3 V0770Vid; C:\Windows\System32\DRIVERS\V0770Vid.sys [325376 2012-06-01] (Creative Technology Ltd.)
S3 X86BDA; C:\Windows\System32\DRIVERS\OEMDrv.sys [195712 2011-06-08] ( )
S3 APL531; System32\Drivers\ov550i.sys [X]
S3 catchme; \??\C:\Users\Thomas\AppData\Local\Temp\catchme.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 NvtSp50; System32\Drivers\NvtSp50.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-03 14:39 - 2014-09-03 14:40 - 00042166 _____ () C:\Users\Thomas\Desktop\FRST.txt
2014-09-03 14:37 - 2014-09-03 14:37 - 00001127 _____ () C:\Users\Thomas\Desktop\JRT.txt
2014-09-03 14:29 - 2014-09-03 14:29 - 00000000 ____D () C:\Windows\ERUNT
2014-09-03 14:27 - 2014-09-03 14:27 - 01096704 _____ (Farbar) C:\Users\Thomas\Desktop\FRST.exe
2014-09-03 14:26 - 2014-09-03 14:26 - 01016261 _____ (Thisisu) C:\Users\Thomas\Desktop\JRT.exe
2014-09-03 14:24 - 2014-09-03 14:24 - 01101648 _____ () C:\Users\Thomas\Desktop\pocket-3.0.5-fx - CHIP-Installer.exe
2014-09-03 14:22 - 2014-09-03 14:22 - 00041256 _____ () C:\Users\Thomas\Desktop\AdwCleaner[S0].txt
2014-09-03 14:15 - 2014-09-03 14:19 - 00000000 ____D () C:\AdwCleaner
2014-09-03 14:14 - 2014-09-03 14:14 - 01370483 _____ () C:\Users\Thomas\Desktop\adwcleaner_3.309.exe
2014-09-03 13:10 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-03 13:10 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-03 13:10 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-03 13:10 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-03 13:10 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-03 13:10 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-03 13:10 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-03 13:10 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-03 13:07 - 2014-09-03 13:43 - 00000000 ____D () C:\Qoobox
2014-09-03 13:06 - 2014-09-03 13:34 - 00000000 ____D () C:\Windows\erdnt
2014-09-03 10:48 - 2014-09-03 14:15 - 00000000 ____D () C:\Users\Thomas\Desktop\Bereinigung
2014-09-02 12:39 - 2014-09-02 12:40 - 00000020 _____ () C:\Users\Thomas\defogger_reenable
2014-08-30 09:55 - 2014-09-03 00:14 - 00000000 ____D () C:\Users\Thomas\Desktop\Geburtstag Josef
2014-08-30 09:55 - 2014-09-03 00:10 - 00000000 ____D () C:\Users\Thomas\Desktop\KiFePro Kegeln & Badminton
2014-08-28 10:38 - 2014-08-28 10:38 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Oracle
2014-08-28 09:22 - 2014-08-28 09:22 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-28 09:22 - 2014-08-28 09:21 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-28 09:21 - 2014-08-28 09:21 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-28 09:21 - 2014-08-28 09:21 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-28 09:21 - 2014-08-28 09:21 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-28 09:21 - 2014-08-28 09:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Java
2014-08-27 20:05 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 20:05 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-25 20:04 - 2014-08-25 20:04 - 06052529 _____ (Tim Kosse) C:\Users\Thomas\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-23 14:05 - 2014-08-23 14:05 - 00002007 _____ () C:\Users\Thomas\AppData\Local\recently-used.xbel
2014-08-22 01:46 - 2014-08-22 01:47 - 01020120 _____ () C:\Windows\Minidump\082214-46098-01.dmp
2014-08-21 03:47 - 2014-08-21 03:48 - 00420336 _____ () C:\Windows\Minidump\082114-62650-01.dmp
2014-08-21 01:20 - 2014-08-21 01:21 - 00433320 _____ () C:\Windows\Minidump\082114-59982-01.dmp
2014-08-21 01:19 - 2014-08-22 01:46 - 692794621 _____ () C:\Windows\MEMORY.DMP
2014-08-15 08:03 - 2014-09-03 14:20 - 00015232 _____ () C:\Windows\setupact.log
2014-08-15 08:03 - 2014-08-15 08:03 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-15 08:02 - 2014-09-03 14:20 - 00005836 _____ () C:\Windows\PFRO.log
2014-08-14 13:50 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 13:50 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 13:50 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 13:50 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 13:48 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 13:48 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 13:48 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 13:48 - 2014-07-25 15:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 13:48 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 13:48 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 13:48 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 13:48 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 13:48 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 13:48 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 13:48 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 13:48 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 13:48 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 13:48 - 2014-07-25 14:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 13:48 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 13:48 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 13:48 - 2014-07-25 13:59 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 13:48 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 13:48 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 13:48 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 13:48 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 13:48 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 13:48 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 13:48 - 2014-07-25 13:09 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 13:48 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 13:48 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 13:48 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 13:48 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 13:48 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 13:48 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 12:27 - 2014-08-07 03:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 12:27 - 2014-08-07 03:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 12:27 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 12:27 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 12:27 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 12:26 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 12:26 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 12:26 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 12:26 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 12:26 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 12:26 - 2014-07-09 03:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 12:26 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 12:26 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-08-14 12:26 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-14 12:26 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 12:26 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 12:26 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 12:26 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-11 01:41 - 2014-09-01 18:26 - 00000079 _____ () C:\Users\Thomas\Desktop\Testspiel.txt
2014-08-05 23:04 - 2014-08-05 23:07 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-05 23:04 - 2014-08-05 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programme\ Malwarebytes Anti-Malware 
2014-08-05 23:04 - 2014-08-05 23:04 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-05 23:04 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-05 23:04 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-04 00:29 - 2014-08-04 00:29 - 06004615 _____ (Tim Kosse) C:\Users\Thomas\Downloads\FileZilla_3.9.0.2_win32-setup.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-03 14:40 - 2014-09-03 14:39 - 00042166 _____ () C:\Users\Thomas\Desktop\FRST.txt
2014-09-03 14:39 - 2013-11-25 01:42 - 00000000 ____D () C:\FRST
2014-09-03 14:38 - 2012-04-06 12:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-03 14:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\tracing
2014-09-03 14:37 - 2014-09-03 14:37 - 00001127 _____ () C:\Users\Thomas\Desktop\JRT.txt
2014-09-03 14:31 - 2009-07-14 06:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-03 14:31 - 2009-07-14 06:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-03 14:29 - 2014-09-03 14:29 - 00000000 ____D () C:\Windows\ERUNT
2014-09-03 14:29 - 2009-07-14 06:55 - 01841856 _____ () C:\Windows\WindowsUpdate.log
2014-09-03 14:27 - 2014-09-03 14:27 - 01096704 _____ (Farbar) C:\Users\Thomas\Desktop\FRST.exe
2014-09-03 14:27 - 2010-05-12 20:22 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-03 14:26 - 2014-09-03 14:26 - 01016261 _____ (Thisisu) C:\Users\Thomas\Desktop\JRT.exe
2014-09-03 14:24 - 2014-09-03 14:24 - 01101648 _____ () C:\Users\Thomas\Desktop\pocket-3.0.5-fx - CHIP-Installer.exe
2014-09-03 14:22 - 2014-09-03 14:22 - 00041256 _____ () C:\Users\Thomas\Desktop\AdwCleaner[S0].txt
2014-09-03 14:21 - 2011-02-13 11:01 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-09-03 14:21 - 2010-05-12 20:22 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-03 14:20 - 2014-08-15 08:03 - 00015232 _____ () C:\Windows\setupact.log
2014-09-03 14:20 - 2014-08-15 08:02 - 00005836 _____ () C:\Windows\PFRO.log
2014-09-03 14:20 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-03 14:19 - 2014-09-03 14:15 - 00000000 ____D () C:\AdwCleaner
2014-09-03 14:19 - 2013-07-22 10:31 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Common
2014-09-03 14:18 - 2010-07-08 20:08 - 00000000 ____D () C:\ProgramData\ICQ
2014-09-03 14:15 - 2014-09-03 10:48 - 00000000 ____D () C:\Users\Thomas\Desktop\Bereinigung
2014-09-03 14:14 - 2014-09-03 14:14 - 01370483 _____ () C:\Users\Thomas\Desktop\adwcleaner_3.309.exe
2014-09-03 14:13 - 2011-02-13 21:16 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Apps\2.0
2014-09-03 13:43 - 2014-09-03 13:07 - 00000000 ____D () C:\Qoobox
2014-09-03 13:43 - 2013-12-29 12:53 - 00000000 ____D () C:\Users\Administrator
2014-09-03 13:43 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-09-03 13:43 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-09-03 13:34 - 2014-09-03 13:06 - 00000000 ____D () C:\Windows\erdnt
2014-09-03 13:30 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-09-03 13:27 - 2009-07-14 04:03 - 73400320 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-09-03 13:27 - 2009-07-14 04:03 - 31981568 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-09-03 13:27 - 2009-07-14 04:03 - 00786432 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-09-03 13:27 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-09-03 13:27 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-09-03 13:26 - 2010-04-27 20:18 - 00000000 ____D () C:\Users\Thomas
2014-09-03 02:02 - 2014-07-02 17:44 - 00000000 ____D () C:\Users\Thomas\Desktop\z_Schauturnen 2014
2014-09-03 01:52 - 2014-07-18 20:29 - 00000000 ____D () C:\Users\Thomas\Desktop\Sportabzeichen 2014
2014-09-03 01:49 - 2014-07-21 21:07 - 00000000 ____D () C:\Users\Thomas\Desktop\kegeln
2014-09-03 01:13 - 2014-04-19 09:26 - 00000000 ____D () C:\Users\Thomas\Desktop\DAV
2014-09-03 01:04 - 2010-04-28 22:13 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\FileZilla
2014-09-03 00:14 - 2014-08-30 09:55 - 00000000 ____D () C:\Users\Thomas\Desktop\Geburtstag Josef
2014-09-03 00:10 - 2014-08-30 09:55 - 00000000 ____D () C:\Users\Thomas\Desktop\KiFePro Kegeln & Badminton
2014-09-02 23:36 - 2010-05-12 20:53 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\XnView
2014-09-02 13:53 - 2010-05-14 23:52 - 00000000 ____D () C:\Fotos
2014-09-02 12:40 - 2014-09-02 12:39 - 00000020 _____ () C:\Users\Thomas\defogger_reenable
2014-09-02 11:17 - 2010-07-08 20:20 - 00000000 ____D () C:\Users\Thomas\AppData\Local\CrashDumps
2014-09-02 00:07 - 2011-11-02 10:20 - 00000600 _____ () C:\Users\Thomas\AppData\Local\PUTTY.RND
2014-09-01 22:52 - 2010-04-16 15:51 - 00006478 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-01 18:26 - 2014-08-11 01:41 - 00000079 _____ () C:\Users\Thomas\Desktop\Testspiel.txt
2014-08-30 10:30 - 2010-05-12 22:53 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\GSAK
2014-08-30 00:38 - 2010-05-13 21:43 - 00000000 ____D () C:\Privat
2014-08-28 10:38 - 2014-08-28 10:38 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Oracle
2014-08-28 10:35 - 2013-10-18 14:45 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-28 09:22 - 2014-08-28 09:22 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-28 09:21 - 2014-08-28 09:22 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-28 09:21 - 2014-08-28 09:21 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-28 09:21 - 2014-08-28 09:21 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-28 09:21 - 2014-08-28 09:21 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-28 09:21 - 2014-08-28 09:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Java
2014-08-28 09:21 - 2010-06-09 07:55 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-08-28 09:21 - 2010-04-16 15:43 - 00000000 ____D () C:\Program Files\Java
2014-08-28 08:29 - 2009-07-14 06:33 - 00487672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-25 20:05 - 2013-08-15 11:24 - 00001731 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-08-25 20:05 - 2013-05-19 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programme\FileZilla FTP Client
2014-08-25 20:05 - 2010-04-28 22:13 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2014-08-25 20:04 - 2014-08-25 20:04 - 06052529 _____ (Tim Kosse) C:\Users\Thomas\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-23 14:06 - 2013-03-11 01:39 - 00000000 ____D () C:\Users\Thomas\.gimp-2.8
2014-08-23 14:05 - 2014-08-23 14:05 - 00002007 _____ () C:\Users\Thomas\AppData\Local\recently-used.xbel
2014-08-23 03:46 - 2014-08-27 20:05 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 02:42 - 2014-08-27 20:05 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 01:47 - 2014-08-22 01:46 - 01020120 _____ () C:\Windows\Minidump\082214-46098-01.dmp
2014-08-22 01:46 - 2014-08-21 01:19 - 692794621 _____ () C:\Windows\MEMORY.DMP
2014-08-22 01:46 - 2010-12-05 22:45 - 00000000 ____D () C:\Windows\Minidump
2014-08-21 22:39 - 2010-06-25 01:56 - 00007652 _____ () C:\Users\Thomas\AppData\Local\Resmon.ResmonCfg
2014-08-21 03:48 - 2014-08-21 03:47 - 00420336 _____ () C:\Windows\Minidump\082114-62650-01.dmp
2014-08-21 01:21 - 2014-08-21 01:20 - 00433320 _____ () C:\Windows\Minidump\082114-59982-01.dmp
2014-08-17 22:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-08-17 21:57 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-15 08:03 - 2014-08-15 08:03 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-14 23:50 - 2013-03-03 18:46 - 00000000 ___RD () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programme\Startup
2014-08-14 23:50 - 2010-06-10 08:24 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Startup
2014-08-14 23:50 - 2010-06-09 07:46 - 00000000 ____D () C:\Windows\pss
2014-08-14 23:23 - 2010-04-29 22:13 - 00000000 ____D () C:\Users\Thomas\AppData\Local\CWSM
2014-08-14 21:44 - 2012-10-14 12:55 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Dropbox
2014-08-14 19:24 - 2010-06-09 07:38 - 00000000 ___RD () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-14 15:49 - 2014-04-30 10:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 15:49 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-14 14:13 - 2013-07-27 20:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 13:55 - 2010-04-28 21:03 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-09 18:13 - 2011-01-05 18:47 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\vlc
2014-08-07 03:43 - 2014-08-14 12:27 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 03:39 - 2014-08-14 12:27 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 23:07 - 2014-08-05 23:04 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-05 23:04 - 2014-08-05 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programme\ Malwarebytes Anti-Malware 
2014-08-05 23:04 - 2014-08-05 23:04 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-05 23:04 - 2013-09-10 13:11 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-08-05 23:04 - 2011-10-30 03:42 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Malwarebytes
2014-08-05 23:04 - 2011-10-30 03:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-05 22:50 - 2009-07-14 06:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-04 00:29 - 2014-08-04 00:29 - 06004615 _____ (Tim Kosse) C:\Users\Thomas\Downloads\FileZilla_3.9.0.2_win32-setup.exe

Files to move or delete:
====================
C:\Users\Thomas\CTX.DAT
C:\Users\Thomas\spielbericht_setup.exe


Some content of TEMP:
====================
C:\Users\Thomas\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-28 11:24

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

Geändert von Thomas08 (03.09.2014 um 14:08 Uhr) Grund: Name entfernt

Alt 03.09.2014, 13:57   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe - Standard

Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe



Zitat:
ungefährliche Erweiterung in Firefox gelöscht (Pocket, ehem. ReadIt-Later), kann ich diese wieder installieren, oder besser noch nicht?
Musst du selber wissen.
Was ist mit FRST?

Edit:

Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

__________________
Logs bitte immer in CODE-Tags posten

Alt 03.09.2014, 13:59   #15
Thomas08
 
Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe - Standard

Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe



FRST gerade gepostet.

Neue Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-09-2014
Ran by Thomas at 2014-09-03 14:40:25
Running from C:\Users\Thomas\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 Online (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Online (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Online (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 VIDEO DVR (HKLM\...\{EBD0EE76-2CFC-4EE5-AFE6-7EEAA3B14332}) (Version: 2012.04.17 - -)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
ACDSee 5.0 Standard (HKLM\...\{AF5E8D43-49AD-4BE7-A941-2BB0A8CACA62}) (Version: 5.0.0 - ACD Systems Ltd)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Community Help (Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
Adobe Digital Editions (HKLM\...\Digital Editions) (Version:  - )
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.08) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
AFPL Ghostscript 7.33 (HKLM\...\AFPL Ghostscript 7.33) (Version:  - )
AFPL Ghostscript Fonts (HKLM\...\AFPL Ghostscript Fonts) (Version:  - )
AKVIS Noise Buster (HKLM\...\{C9EC7502-3B5F-4A27-BF88-6002F556CDAF}) (Version: 8.0.2682.7927 - AKVIS)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
AquaSoft "DiaShow 6 für YouTube" (HKLM\...\{7EB405E9-073D-4407-B70A-40F047766C03}_is1) (Version: 6.6.2.31049 - AquaSoft GmbH)
AquaSoft "DiaShow 7 für YouTube" (HKLM\...\{9DFDD0C5-5AC1-484B-ACF8-0F3E1041750B}_is1) (Version: 7.7.11.35343 - AquaSoft GmbH)
AquaSoft DiaShow 6 for YouTube (HKLM\...\AquaSoft DiaShow 6 for YouTube) (Version: 6.6.01 - AquaSoft)
AquaSoft DiaShow 6 for YouTube (Version: 6.6.01 - AquaSoft) Hidden
AquaSoft DiaShow 7 Ultimate (HKLM\...\AquaSoft DiaShow 7 Ultimate) (Version: 7.7.11 - AquaSoft)
AquaSoft DiaShow 7 Ultimate (Version: 7.7.11 - AquaSoft) Hidden
AquaSoft DiaShow 8 Ultimate (HKLM\...\AquaSoft DiaShow 8 Ultimate) (Version: 8.4.03 - AquaSoft)
AquaSoft DiaShow 8 Ultimate (Version: 8.4.03 - AquaSoft) Hidden
AquaSoft DiaShow Deluxe 6 (HKLM\...\AquaSoft DiaShow Deluxe 6) (Version: 6.6.01 - AquaSoft)
AquaSoft DiaShow Deluxe 6 (Version: 6.6.01 - AquaSoft) Hidden
AquaSoft DiaShow XP five (HKLM\...\AquaSoft DiaShow XP five) (Version:  - AquaSoft)
AquaSoft DiaShow XP five (Version: 5.7.03 - AquaSoft) Hidden
AquaSoft Earth Pilot (HKLM\...\AquaSoft Earth Pilot) (Version: 7.2.04 - AquaSoft)
AquaSoft Earth Pilot (Version: 7.2.04 - AquaSoft) Hidden
AquaSoft PhotoFlash 2 (HKLM\...\AquaSoft PhotoFlash 2) (Version:  - AquaSoft)
AquaSoft PhotoFlash 2 (Version: 2.0.08 - AquaSoft) Hidden
AquaSoft ScreenShow 2 (HKLM\...\AquaSoft ScreenShow 2) (Version:  - AquaSoft)
AquaSoft ScreenShow 2 (Version: 2.2.04 - AquaSoft) Hidden
AquaSoft WebShow 3 (HKLM\...\AquaSoft WebShow 3) (Version:  - AquaSoft)
AquaSoft WebShow 3 (Version: 3.2.08 - AquaSoft) Hidden
AquaSoftware Eyedestructor 1.501 (HKLM\...\AquaSoftware Eyedestructor 1.501) (Version: 1.501 - AquaSoftware)
ArcSoft PhotoImpression 6 (HKLM\...\{063E409E-3D7C-4A4A-95AB-2F124B9224B3}) (Version: 6.1.8.146 - ArcSoft)
Audacity 2.0 (HKLM\...\Audacity_is1) (Version:  - Audacity Team)
Auerswald COMlist 2.5.2 (HKLM\...\{F7B74F3E-8B6C-4826-802E-B907BAAE4E4B}) (Version: 2.5.2 - Auerswald GmbH & Co.KG)
Auerswald COMset 2.7.2 (HKLM\...\{B1D2A138-D53E-4D3F-B547-EA2277007746}) (Version: 2.7.2 - Auerswald GmbH & Co.KG)
Auerswald COMtools 2.3.2 (HKLM\...\{CEDE5E8A-37C3-40C7-8F9C-7D0E70DA0C9E}) (Version: 2.3.2 - Auerswald GmbH & Co.KG)
Auerswald D-Kanal Dekoder 2.3.1 Beta (HKLM\...\{FD13E4C2-46BF-4A25-AC78-1390EB55F2BB}) (Version: 2.3.1 Beta - Auerswald GmbH & Co.KG)
Auerswald UNI TSP Treiber (HKLM\...\Auerswald UNI TSP Treiber) (Version:  - )
Auslogics BoostSpeed (HKLM\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 5.5 - Auslogics Software Pty Ltd)
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.4.0 - Auslogics Labs Pty Ltd)
bcTester 4.8 (de) (HKLM\...\{DCA0A35D-30F1-4ED0-971F-5FFD2F60BB08}) (Version: 1.0.0 - QS QualitySoft GmbH)
Bing-Desktop (HKLM\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.466.0 - Microsoft Corporation)
BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Cisco Configuration Professional (HKLM\...\{29342492-9F4F-4089-866A-10D801B610FD}) (Version: 1.2 - Cisco Systems)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco Packet Tracer 5.3 (HKLM\...\Cisco Packet Tracer 5.3_is1) (Version:  - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}) (Version: 5.0.6 - Cisco Systems, Inc.)
Cisco WebEx Meeting Center für Firefox oder Chrome (HKLM\...\{78A04242-B25C-401E-AB57-5F6FCF52A84F}) (Version: 8.29.3207 - Cisco WebEx LLC)
Cisco WebEx Meeting Center für Internet Explorer (HKLM\...\{2E29B1BA-5CBB-4863-8291-C6B31AFAEBDC}) (Version: 8.29.3207 - Cisco WebEx LLC)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM\...\{307ECD26-43D7-4AD4-82CF-794B63EDF096}) (Version: 1.0.141 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version: 7.80.4.0 - Conexant)
CrystalDiskInfo 5.6.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 5.6.2 - Crystal Dew World)
Data Sync (HKLM\...\{A4DCAA77-151D-4CE9-8D79-E4ADB48031A2}) (Version: 6.74.14.01 - T-Mobile)
DCP32MMWrapper (Version: 1.6.453.66 - Broadcom Corporation) Hidden
Deaktivierungs-Add-on für Browser von Google Analytics (HKLM\...\{4983285C-1314-4BC1-9413-E7BA60E34120}) (Version: 0.9.6.0 - Google Inc.)
Defraggler (HKLM\...\Defraggler) (Version: 2.14 - Piriform)
Dell 5530 Wireless Broadband Package (HKLM\...\{2DCEFEFF-7831-4D79-BC28-11D1B8D7E076}) (Version: 1.0.11.13 - Dell)
Dell Control Point (Version: 1.6.453.66 - Broadcom Corporation) Hidden
Dell ControlPoint Connection Manager (HKLM\...\{284D3B99-E8F5-4411-A7DD-7072EFCF3A46}) (Version: 1.4.0 - Ihr Firmenname)
Dell ControlPoint Security Manager (HKLM\...\{F4487649-7368-4217-AEA3-1E04DB3E2C5C}) (Version: 1.6.453.66 - Dell Inc.)
Dell ControlPoint System Manager (HKLM\...\{057159C5-3B94-4E36-9271-11615618CACE}) (Version: 1.4.00000 - Dell Inc.)
Dell ControlVault Host Components Installer (Version: 1.7.450.290 - Broadcom Corporation) Hidden
Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Embassy Trust Suite by Wave Systems (Version: 03.05.00.079 - Wave Systems Corp) Hidden
Dell Security Device Driver Pack (HKLM\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.4.050 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.2.101.230 - ALPS ELECTRIC CO., LTD.)
Designer 2.0 (HKLM\...\Designer 2.0_is1) (Version: 7.8.2 - Fomanu AG)
DHL Versandhelfer (HKLM\...\{93B104F0-1AFA-4BBD-B95E-9EA4F9F5AD41}) (Version:  - )
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Document Manager Lite (Version: 06.09.00.147 - Ihr Firmenname) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
DSL-Manager (HKLM\...\{90A455A7-0FC8-4508-B7FA-8F135B8F041A}) (Version:  - )
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.18.44 - Dell Inc.)
Elements 10 Organizer (Version: 10.0 - Ihr Firmenname) Hidden
ElsterFormular (HKLM\...\ElsterFormular) (Version: 14.3.11574 - Landesfinanzdirektion Thüringen)
ElsterFormular 2006/2007 (HKLM\...\{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}) (Version: 8.3.0.0 - Steuerverwaltung des Bundes und der Länder)
ElsterFormular 2007 - 2008 NE (HKLM\...\ElsterFormular 2007 - 2008 NE 2007-2008) (Version: 2007-2008 - Landesfinanzdirektion Thüringen)
ElsterFormular 2008 - 2009 (HKLM\...\ElsterFormular 2008 - 2009 2008-2009) (Version: 2008-2009 - Landesfinanzdirektion Thüringen)
EMBASSY Security Center (Version: 04.00.00.071 - Ihr Firmenname) Hidden
EMBASSY Security Setup (Version: 04.00.00.058 - Ihr Firmenname) Hidden
ESC Home Page Plugin (Version: 04.00.00.010 - Ihr Firmenname) Hidden
Eumex 800 V1.30 (HKLM\...\InstallShield_{FACE9D51-E374-4DDB-857C-816FCB1D6B40}) (Version: 1.30.0000 - T-Home)
Eumex 800 V1.30 (Version: 1.30.0000 - T-Home) Hidden
Eumex RNDIS Driver V1.00 (HKLM\...\{343D7D01-B6D6-4591-B91D-8C887B9FC112}) (Version: 1.00.0000 - Ihr Firmenname)
Exifer (HKLM\...\Exifer_is1) (Version:  - Friedemann Schmidt)
FileZilla Client 3.9.0.3 (HKLM\...\FileZilla Client) (Version: 3.9.0.3 - Tim Kosse)
FixFoto 3.02 (HKLM\...\FixFoto_is1) (Version:  - Joachim Koopmann Software)
FotoMorph version 13.2.5 (HKLM\...\{87A9A094-22A8-4F8A-9B7D-03D7CA48CE15}_is1) (Version: 13.2.5 - Digital Photo Software)
Free Download Manager 3.0 (HKLM\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Free DVD Video Burner version 3.2.7.1219 (HKLM\...\Free DVD Video Burner_is1) (Version: 3.2.7.1219 - DVDVideoSoft Ltd.)
Free PDF Converter (HKLM\...\Free PDF Converter_is1) (Version:  - Baltsoft)
Free Video to MP3 Converter version 5.0.30.1029 (HKLM\...\Free Video to MP3 Converter_is1) (Version: 5.0.30.1029 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.41.623 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.41.623 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.8.717 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.8.717 - DVDVideoSoft Ltd.)
Freemake Music Box (HKLM\...\Freemake Music Box_is1) (Version: 1.0.0 - Ellora Assets Corporation)
FRITZ!Box (HKLM\...\AVMFBox) (Version:  - )
Garmin POI Loader (HKLM\...\{8A158B7D-A6E3-49B6-8702-A6A10CCC6323}) (Version: 2.7.1 - Garmin Ltd or its subsidiaries)
Garmin Trip and Waypoint Manager v5 (HKLM\...\{414A373B-59DF-4102-94CA-9FE9A74CBDDA}) (Version: 5.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{D17111CB-C992-42A9-9D56-C19395102AAA}) (Version: 2.4.2 - Garmin Ltd or its subsidiaries)
Gemalto (Version: 01.01.00.0000 - Wave Systems Corp) Hidden
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
GNS3 0.7.4 (HKLM\...\GNS3) (Version: 0.7.4 - )
GNS3 VirtualBox Edition (HKLM\...\GNS3 VirtualBox Edition_is1) (Version:  - )
Google Advertising Cookie Opt-out (HKLM\...\{291820D0-A626-40F9-BDFF-8D5CEAB04243}) (Version: 1.0.1.0 - Google Inc)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Chrome Frame (HKLM\...\{CD4ABC29-0547-388C-B8BC-EF88333E5C2E}) (Version: 65.119.72 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 5.9.0.1216 (HKCU\...\GoToMeeting) (Version: 5.9.0.1216 - CitrixOnline)
GSAK 8.4.0.0 (HKLM\...\GSAK_is1) (Version:  - CWE computer services)
GutscheinRausch.de - AddOn für Firefox (HKLM\...\{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1) (Version: 2.81 - GutscheinRausch.de)
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
honestech VHS to DVD 2.0 SE (HKLM\...\{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}) (Version: 2.0 - honestech)
HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät (HKLM\...\{8CA7DA5E-B8BD-4E9F-A6F2-BAF53D503498}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Hilfe (HKLM\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
Inkscape 0.48.0 (HKLM\...\Inkscape) (Version: 0.48.0 - )
Inpaint 5.0 (HKLM\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version:  - Teorex)
inSSIDer (HKLM\...\{65A5E87D-7A3F-4819-807D-B86990D5F369}) (Version: 2.1.6 - MetaGeek)
inSSIDer (HKLM\...\{C7DEE429-4C9B-4126-894F-50B4F54FF196}) (Version: 1.2.8 - MetaGeek, LLC)
inSSIDer 3 (HKLM\...\{CDF246AE-C6E3-438F-AA76-21700DCC15F6}) (Version: 3.0.6.42 - MetaGeek, LLC)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel(R) Network Connections 14.6.9.0 (HKLM\...\PROSetDX) (Version: 14.6.9.0 - Dell)
Intel(R) Network Connections 14.6.9.0 (Version: 14.6.9.0 - Dell) Hidden
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Internet Explorer (Version: 9 - Microsoft Corporation) Hidden
Internet-TV für Windows Media Center (HKLM\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
JLC's Internet TV (HKLM\...\JLC's Internet TV) (Version:  - )
JRE 1.6.1 (HKLM\...\{B256C380-AC47-4681-8342-7F42E4F0F434}) (Version: 1.6.1 - Auerswald GmbH & Co.KG)
KaraokeMedia Home PC (Version: 1.0.0 - ECLIPSE PRODUCCIONES S.L) Hidden
Kastor Free Vimeo Downloader V 2.0 (HKLM\...\Kastor Free Vimeo Downloader_is1) (Version: 2.0.0.0 - KastorSoft)
K-Lite Codec Pack 10.2.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.2.0 - )
Konz 2013 (HKLM\...\InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM)
Konz 2013 (Version: 1.00.0000 - USM) Hidden
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
LG NAS Installation Wizard (HKLM\...\{8F1D1ADF-E009-4654-AD7A-C82D3D4606B3}) (Version: 1.0.1111.0401 - LG Electronics Inc.)
LG NASMonitor (HKLM\...\{ED1A63BB-5646-4BF9-BD2F-7CDDFE24FE78}) (Version: 1.00.0000 - LG Electronics Inc.)
Live! Cam Sync HD VF0770 Driver (1.00.02.00) (HKLM\...\Creative VF0770) (Version:  - Creative Technology Ltd.)
LogMeTT 2.9.9 (HKLM\...\{482A01F8-A9C9-4DB6-84DE-265A2B763F20}_is1) (Version:  - LogMeTT.com)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Media Buddy 1.7.1 (HKLM\...\{AD98E3F2-3AC5-47f1-8DD3-473BF3AF3D3E}_is1) (Version:  - Ramka Ltd.)
Mediencenter 3.2.0.1004 (HKCU\...\Mediencenter) (Version: 3.2.0.1004 - Deutsche Telekom AG)
Mediencenter Assistent (HKLM\...\Mediencenter Software) (Version: 2.6.0.1277 - Telekom)
Medienkatalog Landesmediendienste Bayern (HKLM\...\{96E9847F-EE8A-4C31-9094-0688E1A339BE}) (Version: 1.00.0000 - Landesmediendienste Bayern)
Meine CEWE FOTOWELT (HKLM\...\Meine CEWE FOTOWELT) (Version:  - )
Meine Dienste Software (HKLM\...\Meine Dienste Software) (Version: 1.0.2.3 - Telekom)
MFC RunTime files (Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft FrontPage 2000 (HKLM\...\{00120407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95120000-0122-0409-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Office Small Business Edition 2003 (HKLM\...\{91CA0407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Picture It! 2000 (HKLM\...\{E78FC917-C21B-11D2-99FE-00105A98B681}) (Version: 4.0.0.0 - Microsoft)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE) (Version:  - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (Version: 2.0.50728 - Microsoft Corporation) Hidden
Microsoft Works 2000 (HKLM\...\{56364334-9530-11D2-BFFC-00C04FA329AA}) (Version: 1.0.0.0000 - Microsoft Corporation)
Microsoft Works 2000-Setup-Start (HKLM\...\Works2kSetup) (Version:  - )
Microsoft Works 6-9 Converter (HKLM\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0000 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0407-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
Modem Diagnostic Tool (HKLM\...\{294EAADF-E50F-4DD8-AD8D-19587EA10512}) (Version: 1.0.28.0 - Dell)
MovieSaver*3.0 (HKLM\...\{F30787F6-EA4F-4BC8-0001-398BDCC33E1E}) (Version: 3.0.11.1100 - Engelmann Media GmbH)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MPEG4E VFW - H.264/MPEG-4 AVC codec (remove only) (HKLM\...\MPEG4E) (Version:  - )
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero BackItUp 10 (HKLM\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.6.11300.14.100 - Nero AG)
Nero BackItUp 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero BackItUp and Burn Essentials (HKLM\...\{C6A5D6E2-19B4-4005-9670-C4D36C3AD55A}) (Version: 10.5.10200 - Nero AG)
Nero BurnRights 10 (HKLM\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10500.1.102 - Nero AG)
Nero BurnRights 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero Control Center 10 (Version: 10.2.11100.1.1 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero Core Components 10 (Version: 2.0.17800.8.5 - Nero AG) Hidden
Nero Express 10 (HKLM\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.11500.17.100 - Nero AG)
Nero Express 10 Help (CHM) (Version: 10.5.10200 - Nero AG) Hidden
Nero RescueAgent 10 (HKLM\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.2.10800.9.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero Update (Version: 11.0.11400.27.0 - Nero AG) Hidden
Nettalk 6.7 (HKLM\...\Nettalk_is1) (Version:  - Nicolas Kruse)
Netwaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.59 - BVRP Software, Inc)
Netzmanager (HKLM\...\Netzmanager) (Version: 1.081 - Deutsche Telekom AG)
Netzmanager (Version: 1.081 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
Nmap 5.51 (HKLM\...\Nmap) (Version:  - )
No23 Recorder (HKLM\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
Noiseware Community Edition (HKLM\...\{CB3B7C24-30A1-4961-8039-94919F5ED2EE}) (Version: 2.6.0.1 - Imagenomic)
Nokia Connectivity Cable Driver (HKLM\...\{25CFEF55-A945-41FC-86ED-76469F31DF37}) (Version: 7.1.41.0 - Nokia)
Nokia Music Player (HKLM\...\{4FCB1267-7380-4EBA-9A6C-69809C6E8227}) (Version: 2.5.11021 - Nokia Music Player)
Nokia Ovi Suite (HKLM\...\Nokia Ovi Suite) (Version: 2.2.0.245 - Nokia)
Nokia Ovi Suite (Version: 2.2.0.245 - Nokia) Hidden
Nokia Ovi Suite Software Updater (HKLM\...\{A0D65C73-F2C5-432F-8788-90F8A2E99B98}) (Version: 02.05.002.42441 - Nokia Corporation)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.60.0 - Nokia)
Nokia PC Suite (Version: 7.1.60.0 - Nokia) Hidden
Nokia Software Updater (HKLM\...\{73C0DA51-DB32-4F66-970B-7298F3CAF37F}) (Version: 02.05.001.42279 - Nokia Corporation)
Nokia_Multimedia_Common_Components_2_5 (HKLM\...\{25F61E72-AAA4-4607-95D2-1E5139C98FFB}) (Version: 2.7.69 - Nokia)
Norton 360 (HKLM\...\N360) (Version: 6.4.1.14 - Symantec Corporation)
NTRU TCG Software Stack (Version: 2.1.29 - NTRU Cryptosystems) Hidden
ODBC (HKLM\...\ODBC) (Version:  - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Ovi Desktop Sync Engine (Version: 1.4.78.0 - Nokia) Hidden
OviMPlatform (Version: 2.6.195.0 - Nokia) Hidden
PagePlace (HKLM\...\PagePlace) (Version:  - )
Pass4sure Questions and Answers for Cisco 640-802 (HKLM\...\{6B1735C1-0B7E-45D7-B5C3-A5B853734A95}) (Version: 9.4.13241 - Pass4sure)
PC Connectivity Solution (HKLM\...\{4B28C077-9958-45F1-8BB4-CBF90A69AD4E}) (Version: 11.4.15.0 - Nokia)
PDF Architect (HKLM\...\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}) (Version: 1.0.52.8917 - pdfforge)
PDF24 Creator 5.3.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Pdf995 (HKLM\...\Pdf995) (Version:  - )
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)
pdfforge Images2PDF 0.9.2.546 (HKLM\...\{00120495-F25C-4F44-9DC7-2D812D025DBA}) (Version: 0.9.2.546 - pdfforge GbR)
pdfforge Toolbar v4.6 (HKLM\...\{E6098043-1183-4580-89EF-423CBF807188}) (Version: 4.6 - Spigot, Inc.) <==== ATTENTION
PDF-XChange Editor (HKLM\...\{87738bc6-bdf0-4e55-86b5-32ddece8f51d}) (Version: 5.5.308.2 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Editor (Version: 5.5.308.2 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Lite 2012 (HKLM\...\{AD09CC9A-6901-4921-B66D-9402FF32EF27}_is1) (Version: 5.5.308.2 - Tracker Software Products Ltd)
phonostar-Player Version 3.03.2 (HKLM\...\phonostar3RadioPlayer_is1) (Version:  - )
Photomatix Pro version 3.2.5 (HKLM\...\PhotomatixPro3x32_is1) (Version: 3.2.5 - HDRsoft Sarl)
Pixum Fotobuch (HKLM\...\Pixum Fotobuch) (Version: 5.0.1 - CEWE COLOR AG u Co. OHG)
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.00.000 - Prolific Technology INC)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
Preboot Manager (Version: 03.00.00.085 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 06.04.00.057 - Ihr Firmenname) Hidden
Protect Disc License Helper 1.0.125 (IE) (HKCU\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PSE10 STI Installer (Version: 10.0 - Adobe Systems Incorporated) Hidden
Python 2.6.6 (HKLM\...\{6151cf20-0bd8-4023-a4a0-6a86dcfe58e5}) (Version: 2.6.6150 - Python Software Foundation)
QIP 2010 3.1.5890 (HKCU\...\QIP 2010) (Version: 3.1.5890 - )
RealDownloader (HKLM\...\{0B2D57D5-8BFD-4554-A9B6-CC8CC0580F1D}) (Version: 1.1.0 - RealNetworks, Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.41 - Piriform)
Roxio Creator Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
Roxio Creator DE 10.3 (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.2 - Roxio) Hidden
Roxio Update Manager (Version: 6.0.0 - Roxio) Hidden
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SanDiskSecureAccess_Manager.exe (HKCU\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19755 - Gemalto N.V.)
Scribus 1.3.8 (HKLM\...\Scribus 1.3.8) (Version: 1.3.8 - The Scribus Team)
Security Wizards (Version: 01.07.00.023 - Ihr Firmenname) Hidden
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SO32MMWrapper (Version: 1.6.453.66 - Broadcom Corporation) Hidden
SoftMaker Office 2008 (C:\Program Files\SoftMaker Office 2008) (HKLM\...\sm-un1.u32) (Version:  - SoftMaker Software GmbH)
Software Informer 1.0 BETA (HKLM\...\Software Informer_is1) (Version:  - Informer Technologies, Inc.)
Sony Ericsson MD400 Wireless Modem (HKLM\...\{EC2CE4B8-AA11-4A11-B494-FCF248A24BDC}) (Version: 4.50.0.0 - Sony Ericsson)
Sony Ericsson Wireless Manager 5 (HKLM\...\{D2C6DAC2-6AB2-4749-8AAF-538AFF5A981A}) (Version: 5.3.2076.12 - Sony Ericsson)
Sportwinner! Kegeln Spielbericht (HKLM\...\{E39396F6-CA9D-40B8-972B-527879548A9E}_is1) (Version: 5.0.574 - Sportwinner Software)
Sportwinner! Spielbericht Classic 2.2 (HKLM\...\{E47B3433-C366-40C1-B8BE-1F7894C4A2BC}_is1) (Version: 2.2.8.007 - Sportwinner Software)
Spyder3Express (HKLM\...\Spyder3Express) (Version:  - )
Stellarium 0.10.4 (HKLM\...\Stellarium_is1) (Version:  - )
Steuer 2012 (HKLM\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
t@x 2011 (HKLM\...\{B0414A3B-3AE3-47B8-8FC0-2129781FF425}) (Version: 18.00.6928 - Buhl Data Service GmbH)
t@x 2012 (HKLM\...\{0E806605-5B82-4A4F-BC31-AA4FADA03C42}) (Version: 19.00.7303 - Buhl Data Service GmbH)
t@x 2014 (HKLM\...\{2547CF96-DBB7-4EDD-9327-0EFDD0D1FA8A}) (Version: 21.00.8480 - Buhl Data Service GmbH)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
Telekom Fotoservice (HKLM\...\Telekom Fotoservice) (Version:  - )
Tera Term 4.71 (HKLM\...\Tera Term_is1) (Version:  - )
T-Home Dialerschutz-Software (HKLM\...\{E8C5BD56-F5D8-41D3-8A71-273468FE256A}) (Version:  - )
T-Online 6.0 (HKLM\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version:  - )
T-Online WLAN-Access Finder (HKLM\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version:  - )
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.51a - Ghisler Software GmbH)
Total Network Monitor 1.1.3 (build 1550) (HKLM\...\Total Network Monitor_is1) (Version: 1.1.3.1550 - Softinventive Lab Inc.)
Trusted Drive Manager (Version: 3.3.0.396 - Wave Systems Corp.) Hidden
TTLEditor 1.2.1 (HKLM\...\{A1BFEB7F-3126-4F60-9CFD-8D4FC1B87BEB}_is1) (Version:  - LogMeTT.com)
UFRaw 0.17 (HKLM\...\UFRaw_is1) (Version:  - Udi Fuchs)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
UPEK TouchChip Fingerprint Reader (Version: 1.2.0 - Dell Inc.) Hidden
Urwigo (HKCU\...\d3b4051a8f45e697) (Version: 1.20.0.141 - Urwigo)
Visual C++ 9.0 CRT (x86) WinSXS MSM (Version: 9.0 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wartung Samsung CLP-320 Series (HKLM\...\Samsung CLP-320 Series) (Version:  - Samsung Electronics Co., Ltd.)
Wave Infrastructure Installer (Version: 07.01.19.0000 - Wave Systems Corp) Hidden
Wave Support Software (Version: 05.10.00.062 - Ihr Firmenname) Hidden
WEB.DE MultiMessenger (HKLM\...\WEB.DE MultiMessenger) (Version: 3.70.2816 - WEB.DE GmbH)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.100 - Broadcom Corporation)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8118.427 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Media Center Add-in for Silverlight (HKLM\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.8) (HKLM\...\E5372C32E8562C76C24DBA6525002B1031495F34) (Version: 06/09/2010 7.01.0.8 - Nokia)
Windows-Treiberpaket - Nokia Modem  (10/07/2010 4.6) (HKLM\...\6DA48AFDE796708D5A4C9121A83E7617A63A9A15) (Version: 10/07/2010 4.6 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Wireshark 1.6.3 (HKLM\...\Wireshark) (Version: 1.6.3 - The Wireshark developer community, hxxp://www.wireshark.org)
WordToPDF 2.9 (HKLM\...\WordToPDF_is1) (Version: 2.9 - Mario Noack)
XAMPP (HKLM\...\xampp) (Version: 1.8.3-4 - Bitnami)
XMind 2012 (v3.3.1) (HKLM\...\XMind_is1) (Version: 3.3.1.201212250029 - XMind Ltd.)
XnView 2.04 (HKLM\...\XnView_is1) (Version: 2.04 - Gougelet Pierre-e)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{0295691A-D674-4904-805C-BDFE165B771B}\localserver32 -> C:\Program Files\SoftMaker Office 2008\TextMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{0AF398C8-E8E1-3f76-048e-f571fdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{0CD1A340-7FAB-e957-ec61-dfe7fdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{0E7589F8-3F4A-96f7-9eb0-536cfdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{109D12C4-4EB6-3087-a122-088bfdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{14F94215-CA07-4CA0-B451-E5D78B68CC58}\InprocServer32 -> C:\Users\Thomas\AppData\Roaming\ProtectDisc\License Helper v2\PDLicenseHelper.dll (Protect Disc GmbH)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{17A833B2-F647-bf85-4b5a-5359fdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{2EE319C4-8593-7585-c5c3-e6fcfdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{30291A01-707C-11d0-B457-4446490043BF}\localserver32 -> C:\Program Files\SoftMaker Office 2008\TextMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\ProgramData\WebEx\WebEx\1224\atucfobj.dll (Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{3801CA43-C9A5-70d8-4de3-8ca8fdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{3A952499-3A8C-e7a4-3247-bb3bfdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{4735E322-568B-bede-1b74-b74ffdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{4C735EC7-E94E-f34a-1161-113efdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{4C756328-2F47-451b-c7f6-4cd5fdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{4CC24160-A50F-bfce-e8eb-7759fdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}\InprocServer32 -> C:\Users\Thomas\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{55cbb4a1-515f-5947-9e5e-931ec3e954ea}\InprocServer32 -> C:\Program Files\PagePlace\npPagePlaceStarter.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}\InprocServer32 -> C:\Users\Thomas\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{65027E39-AEAF-7f8d-f1d6-97e6fdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{6E38DC65-4180-bb0c-3eaf-33b6fdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{71B4EE53-E932-1aed-6231-e750fdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}\InprocServer32 -> C:\Users\Thomas\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1216\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{8A291A46-46B3-61fd-1f38-3563fdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{8E932745-E80C-700c-fa66-132afdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{9dc26434-2a46-4bbe-9056-064b0332e30d}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{AACA9EA2-6F92-00a8-6d06-8ad4fdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{bf608490-5373-11d0-8efb-4446490043bf}\localserver32 -> C:\Program Files\SoftMaker Office 2008\TextMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{F6D87F96-D010-e9a4-905c-c7fffdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{F78FB21B-A447-4d72-4938-bec9fdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{FDECAF97-6F7B-1cb5-a796-c627fdeebc1f}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-570751628-918466799-1238080868-1001_Classes\CLSID\{FF9D234C-A355-434E-893A-CCA6F40EC29D}\localserver32 -> C:\Users\Thomas\AppData\Roaming\ProtectDisc\License Helper v2\PDLicenseHelperBroker.exe (Protect GmbH)

==================== Restore Points  =========================

27-08-2014 18:05:56 Windows Update
28-08-2014 07:18:56 Installed Java 7 Update 67
03-09-2014 11:10:24 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2014-09-03 13:29 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {031657FD-5920-438F-952E-1197BBDDB8AF} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {0B159FC6-E73B-4F24-BD5B-A0F869DDC820} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-570751628-918466799-1238080868-1001 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2012-03-23] (RealNetworks, Inc.)
Task: {11E1F26A-7526-4A67-9EF2-C94917408416} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\6.4.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {21861499-90D6-4945-B795-3996158B8100} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-570751628-918466799-1238080868-1001 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2012-03-23] (RealNetworks, Inc.)
Task: {2688E3A7-7B43-4D86-A793-1B173D1C3BAA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {391C1F85-B0F9-4E65-909A-934330812CB1} - System32\Tasks\Launch 16887 => C:\Program Files\T-Mobile\Data Sync\Voxsync.exe [2011-11-18] ()
Task: {465B2053-680B-477D-B7BC-26CB81C0AE78} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {821435E9-4802-472A-9294-1104D148EA33} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {8D9FD695-79A7-4107-B5A3-687827DC044F} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-570751628-918466799-1238080868-1001 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2012-03-23] (RealNetworks, Inc.)
Task: {8FD3795C-95E0-4A8C-B3F7-94AA8DD62BED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-12] (Google Inc.)
Task: {A15B6DF8-8CBE-4B3A-B639-7A649303BA0B} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {BA11644D-D0A6-423B-82B0-E120352B4237} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\6.4.1.14\WSCStub.exe [2013-02-02] (Symantec Corporation)
Task: {C08B4FC5-D181-4E04-8225-3F9C97729248} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\6.4.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {C22AE53B-6B85-4111-966D-F2D9F46090F0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-12] (Google Inc.)
Task: {CC2259B4-C9F0-41C0-A29D-2D276794E4D2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {D77F7426-113C-4629-B4BA-0505EE95F6BC} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {D83058F4-D882-413B-856F-B4521204102F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {E012B980-D2C5-4973-9F01-F0042663B099} - System32\Tasks\JavaUpdateSched => C:\Windows\System32\jusched.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

1997-03-04 00:00 - 1997-03-04 00:00 - 00022016 _____ () C:\Windows\system32\docobj.dll
2008-10-14 16:47 - 2008-10-14 16:47 - 00106496 ____R () C:\Program Files\Sony Ericsson\Sony Ericsson MD400 Wireless Modem\wwanSvc.exe
2010-04-16 15:50 - 2010-04-16 15:50 - 00026112 _____ () C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
2010-04-28 21:41 - 2010-04-28 21:41 - 00051716 _____ () C:\Windows\System32\pdf995mon.dll
2011-06-21 08:42 - 2011-06-21 08:42 - 00024064 _____ () C:\Windows\System32\sst3cl3.dll
2014-01-23 02:42 - 2013-10-17 17:32 - 00019448 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\TeamViewer_PrintProcessor.dll
2009-12-22 11:21 - 2009-12-22 11:21 - 00128512 _____ () C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMBIOSController.dll
2009-12-22 11:16 - 2009-12-22 11:16 - 00356352 ____R () C:\Program Files\Dell\Dell ControlPoint\Connection Manager\wmcoreapi-c.dll
2009-12-22 11:23 - 2009-12-22 11:23 - 01211904 _____ () C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMILANDW.dll
2010-03-23 14:26 - 2010-03-23 14:26 - 00201512 _____ () C:\Windows\system32\vpnapi.dll
2014-08-13 16:09 - 2014-08-13 16:09 - 00035328 _____ () C:\Programme\FileZilla FTP Client\fzshellext.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00091648 _____ () C:\Programme\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00892416 _____ () C:\Programme\FileZilla FTP Client\libstdc++-6.dll
2012-03-23 12:31 - 2012-03-23 12:31 - 00031920 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2009-11-13 08:17 - 2009-11-13 08:17 - 00010752 _____ () C:\Windows\system32\Wavx_ESC_Logging.dll
2008-11-12 13:29 - 2008-11-12 13:29 - 00004608 _____ () C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_DEU.dll
2009-12-22 11:19 - 2009-12-22 11:19 - 00573440 _____ () C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SmithMicro.Message.XmlSerializers.dll
2010-07-04 23:32 - 2010-07-04 23:32 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2009-08-11 10:19 - 2009-08-11 10:19 - 06798714 _____ () C:\Program Files\Datacolor2\Spyder3Express\Utility\Spyder3Utility.exe
2009-08-11 10:19 - 2009-08-11 10:19 - 00135168 _____ () C:\Program Files\Datacolor2\Spyder3Express\Utility\Spyder3Utility Libs\Appearance Pak.dll
2009-08-11 10:19 - 2009-08-11 10:19 - 00147456 _____ () C:\Program Files\Datacolor2\Spyder3Express\Utility\Spyder3Utility Libs\RegEx.dll
2009-08-11 10:19 - 2009-08-11 10:19 - 00897024 _____ () C:\Program Files\Datacolor2\Spyder3Express\Utility\Spyder3Utility Libs\RBScript.dll
2009-08-11 10:19 - 2009-08-11 10:19 - 00098304 _____ () C:\Program Files\Datacolor2\Spyder3Express\Utility\Spyder3Utility Libs\Shell.dll
2009-08-11 10:19 - 2009-08-11 10:19 - 00762368 _____ () C:\Program Files\Datacolor2\Spyder3Express\Utility\Spyder3Utility Libs\XML.dll
2009-08-11 10:19 - 2009-08-11 10:19 - 00335872 _____ () C:\Program Files\Datacolor2\Spyder3Express\Utility\Spyder3Utility Libs\CGamma.dll
2009-08-11 10:19 - 2009-08-11 10:19 - 00131072 _____ () C:\Program Files\Datacolor2\Spyder3Express\Utility\Spyder3Utility Libs\CSensor.dll
2009-08-11 10:19 - 2009-08-11 10:19 - 00028672 _____ () C:\Program Files\Datacolor2\Spyder3Express\Utility\Spyder3Utility Libs\MBSRegistrationPlugin16042.dll
2009-08-11 10:19 - 2009-08-11 10:19 - 00025600 _____ () C:\Program Files\Datacolor2\Spyder3Express\Utility\Spyder3Utility Libs\MBSPluginVersionPlugin16042.dll
2010-10-19 09:31 - 2010-10-19 09:31 - 00159744 _____ () C:\Program Files\Netzmanager\NMInfraIS2\driver\SoftplugLib.DLL
2010-07-04 21:51 - 2010-07-04 21:51 - 00017408 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:04853F41
AlternateDataStreams: C:\ProgramData\TEMP:07BF512B
AlternateDataStreams: C:\ProgramData\TEMP:A5B56640

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programme^Startup^cwsm - Verknüpfung.lnk => C:\Windows\pss\cwsm - Verknüpfung.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programme^Startup^Netzmanager.lnk => C:\Windows\pss\Netzmanager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programme^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programme^Startup^t@x aktuell.lnk => C:\Windows\pss\t@x aktuell.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programme^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programme^Startup^DSL-Manager.lnk => C:\Windows\pss\DSL-Manager.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programme^Startup^Netzmanager.lnk => C:\Windows\pss\Netzmanager.lnk.Startup
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: NokiaMServer => C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
MSCONFIG\startupreg: NokiaMusic FastStart => "C:\Program Files\Nokia\Nokia Music Player\NokiaMusicPlayer.exe" /command:faststart
MSCONFIG\startupreg: phonostar-PlayerTimer => "C:\Program Files\phonostar-Player\phonostarTimer.exe"
MSCONFIG\startupreg: Samsung PanelMgr => C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
MSCONFIG\startupreg: SanDiskSecureAccess_Manager.exe => C:\Users\Thomas\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
MSCONFIG\startupreg: T-Home Dialerschutz-Software => "C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe"
MSCONFIG\startupreg: WavXMgr => C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-09-03 13:23:16.202
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-03 11:20:22.439
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-03 10:47:14.282
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-03 10:21:13.548
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-03 02:08:37.473
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-03 02:03:17.804
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-02 23:37:07.965
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-02 23:09:19.816
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-02 22:53:14.666
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-02 21:42:50.906
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz
Percentage of memory in use: 38%
Total physical RAM: 3535.9 MB
Available physical RAM: 2190.66 MB
Total Pagefile: 7070.09 MB
Available Pagefile: 5403.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.7 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:231.86 GB) (Free:55.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: E0000000)
Partition 1: (Not Active) - (Size=298 MB) - (Type=DE)
Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=231.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Antwort

Themen zu Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe
bonjour, explorer.exe, fehlercode 0x5, fehlercode 0x81000006, fehlercode 0xc0000005, hotspot, js/agent.nmr, lsass.exe, problem, required, services.exe, sttray.exe, svchost.exe, system, win32/downloadsponsor.a, win32/pricegong.a, win32/toolbar.conduit, win32/toolbar.conduit.b, win32/toolbar.conduit.o, win32/toolbar.conduit.p, win32/toolbar.conduit.q, win32/toolbar.conduit.y, win32/toolbar.montiera.a, win32/toolbar.widgi, windows media player, winlogon.exe, wlan



Ähnliche Themen: Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe


  1. Bei fast jedem Klick öffnen sich Werbeseiten
    Plagegeister aller Art und deren Bekämpfung - 06.08.2015 (16)
  2. Windows 7: Trojaner artemis!E* wird bei fast jedem Scan auf meinem PC gefunden
    Log-Analyse und Auswertung - 20.04.2015 (20)
  3. Bei fast jedem Klick geht eine neue Seite mit Werbung auf
    Log-Analyse und Auswertung - 12.02.2015 (23)
  4. Regsvr32 Fehler beim jedem Windows-Start
    Log-Analyse und Auswertung - 19.06.2014 (12)
  5. Windows 7: Grafikfehler in fast jedem Spiel?
    Netzwerk und Hardware - 21.12.2013 (7)
  6. Windows 7: Rechner hat Virenbefall. Avira meldet services.exe bei jedem Start!
    Log-Analyse und Auswertung - 07.10.2013 (18)
  7. Werbefenster öffnen sich in fast jedem Tab
    Plagegeister aller Art und deren Bekämpfung - 12.09.2013 (19)
  8. Windows 7: Malewarebytes findet nach jedem Suchlauf neue Funde.
    Log-Analyse und Auswertung - 28.08.2013 (7)
  9. Windows XP/Mozilla Firefox: Habe mir Dropper? JVL.LibPack.net eingefangen.Bei fast jedem klick öffnet sich Fenster mit JVL LIBPACK.NET
    Log-Analyse und Auswertung - 09.08.2013 (17)
  10. Windows XP/Mozilla Firefox: Habe mir Dropper? JVL.LibPack.net eingefangen.Bei fast jedem klick öffnet sich Fenster mit JVL LIBPACK.NET
    Mülltonne - 05.08.2013 (0)
  11. bizcoaching Popup öffnet sich bei fast jedem Klick im IE10
    Mülltonne - 04.07.2013 (1)
  12. Firefox: Fast bei jedem Klick öffnet sich ein neuer Tab mit Werbung
    Plagegeister aller Art und deren Bekämpfung - 21.06.2013 (9)
  13. 2 mal Firefow.exe und ein bild kommt nach jedem Windows Start
    Plagegeister aller Art und deren Bekämpfung - 15.06.2010 (35)
  14. Antivir findet Hijacker.Gen beim Start von Windows
    Log-Analyse und Auswertung - 17.02.2010 (2)
  15. Internet Explorer startet nach jedem Windows-Start automatisch.
    Plagegeister aller Art und deren Bekämpfung - 27.06.2008 (2)
  16. Werbefenster öffnen sich im Firefox bei fast jedem Klick
    Log-Analyse und Auswertung - 26.04.2008 (1)
  17. Explorer hängt sich bei fast jedem Start auf
    Alles rund um Windows - 29.03.2008 (9)

Zum Thema Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe - Hallo, ich habe seit August das Problem, dass mein Norton 360 bei fast jedem Windows-Start ntdllinst.exe und ntcrxinst.exe findet und blockiert. Entfernen kann ich diese aber nicht bzw. beim nächsten - Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe...
Archiv
Du betrachtest: Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.