Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Laptop ist plötzlich super langsam! (https://www.trojaner-board.de/154871-laptop-ploetzlich-super-langsam.html)

Rapunzel 05.06.2014 21:00
Laptop ist plötzlich super langsam!
 
Hallo ihr lieben. wir waren eine Woche im Urlaub in dieser Zeit war mein Bruder an meinem Laptop. Ich habe keine Ahnung was er gemacht hat, aber hier steht zwischendurch alles. Ich weiss auch nicht wie lange es dauern wird bis der eben geschriebene Text dann mal auf meinem Bidlschirm erscheint. Wenn ich den Rechner neu starte geht er ne Stunde ganz normal und plötzlich geht gar nichts mehr. Ich versuche seit 2 Tagen einen Text in Word zu schreiben, über 8 Zeilen komme ich nicht hinaus, dann kommen die Buchstaben im 10-20 sekündigen abstand. Hilfe!

cosinus 05.06.2014 21:03
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Rapunzel 06.06.2014 07:10
Ich hätte gestern noch mehr geschrieben aber die paar Zeilen haben ne halbe Stunde gedauert.
Also Avast hat was gefunden gleich am 1 und 2.6. allerdings krieg ich die Funde hier nicht kopiert. Gibt es da bei Avast einen Trick? Er hat Silverlight.exe gefunden als Bedrohung:WIN32:Adware-BQN [Trj]
Am 2.6. hab ich dann einen Startzeitscan durchgeführt, da hat er gefunden:
C:\Users \Porstendörfer\Desktop\Sicherheit\Silverlight.exe Bedrohung:WIN32:Adware-BQN [Trj]
C:\Users\Porstendörfer\App Data\Local...\iminent4ie.exe PUP:Win32:Pup.gen [PUP]
C:\Program Files (x86)\Canon\IJPLM\setup.exe Bedrohung: Win32:Maleware-gen

Wenn du mir sagst wie ich das Logfile finde und kopieren kann poste ich das gerne auch noch.

Malewarebytes
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 04.06.2014
Suchlauf-Zeit: 10:43:58
Logdatei:
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.06.04.04
Rootkit Datenbank: v2014.06.02.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Porstendörfer

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 324796
Verstrichene Zeit: 15 Min, 18 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 23
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [7cf8215383f8e94d25c85b12cb370af6],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [7cf8215383f8e94d25c85b12cb370af6],
PUP.Optional.Iminent.A, HKU\S-1-5-21-1923626264-2341716953-3562644547-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, In Quarantäne, [a9cb5024e299bc7a18428edf7b8710f0],
PUP.Optional.Iminent.A, HKU\S-1-5-21-1923626264-2341716953-3562644547-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, In Quarantäne, [a9cb5024e299bc7a18428edf7b8710f0],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, In Quarantäne, [cba9f1836b1064d252e108660ff325db],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, In Quarantäne, [ec88f084f883f3431e16f47ab0521ce4],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, In Quarantäne, [92e2571d403b0d290dbb1d50659db848],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, In Quarantäne, [cca887edf883e84eb600c2f3c042f50b],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\suprasavings, In Quarantäne, [6e0603712655fd396b18604613ef11ef],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent, In Quarantäne, [1064096b0f6c112561964f90e51e23dd],
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, In Quarantäne, [3440066e651691a535686a2cd42e7888],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, In Quarantäne, [fd778fe51b601d1946707f366a987789],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent, In Quarantäne, [a9cbef85e596a690df18d70837cc9b65],
PUP.Optional.HQVideoPro.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQ-Video-Pro-1.9, In Quarantäne, [a6cec3b1c1ba4de9283bf0bcdc26619f],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-1923626264-2341716953-3562644547-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, In Quarantäne, [9ed6f282a6d5ec4ad64d28a4b251ed13],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-1923626264-2341716953-3562644547-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, In Quarantäne, [92e26d07ccafeb4bc1e5854523e038c8],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-1923626264-2341716953-3562644547-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, In Quarantäne, [8ee6f2821c5f072f3a6b735732d159a7],
PUP.Optional.Delta.A, HKU\S-1-5-21-1923626264-2341716953-3562644547-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\delta LTD, In Quarantäne, [83f1abc92754b185c599f6d615eef20e],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1923626264-2341716953-3562644547-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [ec88d1a37605989e192bb42b8a792cd4],
PUP.Optional.SupraSavings.A, HKU\S-1-5-21-1923626264-2341716953-3562644547-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\suprasavings, In Quarantäne, [8ee61c58413a1a1cb6cf5551f30fa35d],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1923626264-2341716953-3562644547-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [a4d0b2c2413a1e188e3cae1c2cd7f30d],
PUP.Optional.Softonic.A, HKU\S-1-5-21-1923626264-2341716953-3562644547-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [591b571d6d0ea096cd90485b4ab8a55b],
PUP.Optional.HDVidCodec.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\1ClickDownload, In Quarantäne, [4f2594e0eb901323322d5230768c7888],

Registrierungswerte: 4
PUP.Optional.Iminent.A, HKU\S-1-5-21-1923626264-2341716953-3562644547-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, In Quarantäne, [92e2571d403b0d290dbb1d50659db848],
PUP.Optional.Iminent.A, HKU\S-1-5-21-1923626264-2341716953-3562644547-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, In Quarantäne, [cca8f48065161d198e3a313c7c8658a8],
PUP.Optional.BrowserProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|bProtectTabs, hxxp://www1.delta-search.com/?affID=119779&tt=gc_&babsrc=NT_ss&mntrId=988E18F46A0C1408, In Quarantäne, [40344a2abfbc67cfb46a19b52ed515eb]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1923626264-2341716953-3562644547-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, tCyC1K1M0V, In Quarantäne, [a4d0b2c2413a1e188e3cae1c2cd7f30d]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 13
PUP.Optional.HDVidCodec.A, C:\Users\Porstendörfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com, In Quarantäne, [81f3fc78cbb02115634ed4f7f70ceb15],
PUP.Optional.Gophoto.A, C:\Program Files (x86)\Gophoto.it, In Quarantäne, [13619bd93b4026105e26ebe4de252cd4],
PUP.Optional.Iminent.A, C:\Users\Porstendörfer\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl, In Quarantäne, [abc9b4c03e3dea4ce6e3c5bba95922de],
PUP.Optional.Iminent.A, C:\Program Files (x86)\IminentToolbar, In Quarantäne, [7bf9a3d14635b97da5419ae68f736997],
PUP.Optional.Iminent.A, C:\Users\Porstendörfer\AppData\Local\temp\Iminent, In Quarantäne, [da9a3c380a715bdb59af68197f83b14f],
PUP.Optional.HDVidCodec.A, C:\Program Files (x86)\hdvidcodec.com, In Quarantäne, [4f2594e0eb901323322d5230768c7888],
PUP.Optional.Iminent.A, C:\Users\Porstendörfer\AppData\Roaming\IminentToolbar, In Quarantäne, [5f15e68e06754ee8f6c1d4ae07fb8779],
PUP.Optional.CrossRider.A, C:\Users\Porstendörfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli, In Quarantäne, [4d27d89c3d3e96a03694622336cc768a],
PUP.Optional.CrossRider.A, C:\Users\Porstendörfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0, In Quarantäne, [4d27d89c3d3e96a03694622336cc768a],
PUP.Optional.CrossRider.A, C:\Users\Porstendörfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0\html, In Quarantäne, [4d27d89c3d3e96a03694622336cc768a],
PUP.Optional.CrossRider.A, C:\Users\Porstendörfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0\images, In Quarantäne, [4d27d89c3d3e96a03694622336cc768a],
PUP.Optional.CrossRider.A, C:\Users\Porstendörfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0\js, In Quarantäne, [4d27d89c3d3e96a03694622336cc768a],
PUP.Optional.SimilarSites.A, C:\Users\Porstendörfer\AppData\Roaming\SimilarSites, In Quarantäne, [0c68fc78146765d186657810bc4647b9],

Dateien: 32
PUP.Optional.GenericExt.A, C:\Users\Porstendörfer\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\minibarchrome.exe, In Quarantäne, [e98bb6be631839fd58df4df03ac610f0],
PUP.Optional.SimilarSites.A, C:\Users\Porstendörfer\AppData\Local\temp\SimilarBundleGenericDl.exe, In Quarantäne, [d69e165edf9c80b61d291e1f4db33fc1],
PUP.Optional.ToolBarInstaller.A, C:\Users\Porstendörfer\AppData\Local\temp\BuenoSearchTB.exe, In Quarantäne, [4f25f57f3f3cdb5bd58d2316b74d02fe],
PUP.Optional.CrossRider.A, C:\Users\Porstendörfer\AppData\Local\temp\n1089\hqvideo_2305_DE-ae66e49a.exe, In Quarantäne, [6c08a9cba7d4e74fcf42e561fa0645bb],
PUP.Optional.Iminent.A, C:\Users\Porstendörfer\AppData\Local\temp\n1089\Iminent_1712-b2fcad5e.exe, In Quarantäne, [6014b6be3a4170c6348568dd1fe2eb15],
PUP.Optional.BundleInstaller.A, C:\Users\Porstendörfer\AppData\Local\temp\n1089\s1089.exe, In Quarantäne, [5f153a3a39424ee81456c97df60a768a],
PUP.Optional.SupraSavings.A, C:\Users\Porstendörfer\AppData\Local\temp\n1089\suprasavings_2703-e3e04064.exe, In Quarantäne, [da9adb9981fa44f2e791a787bc46768a],
PUP.Optional.Softonic.A, C:\Users\Porstendörfer\Downloads\SoftonicDownloader_fuer_tomtom-home.exe, In Quarantäne, [13615f151e5df640f1d3b46d639ee818],
PUP.Optional.Vid, C:\Users\Porstendörfer\Downloads\iLividSetup-r394-n-bf.exe, In Quarantäne, [e094f084bbc0a690045b7c8e4cb511ef],
PUP.Optional.RegCleanerPro, C:\Users\Porstendörfer\Downloads\rcpsetup_matomy_my77231.exe, In Quarantäne, [7bf9e193ccaf85b1dbc4040848b94cb4],
PUP.Optional.Iminent.A, C:\Users\Porstendörfer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage, In Quarantäne, [353f462ea1dad85e901fa5f8a26052ae],
PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, In Quarantäne, [ea8a52220a7136009119199526dcc937],
PUP.Optional.HDVidCodec.A, C:\Users\Porstendörfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com\HDVidCodec.lnk, In Quarantäne, [81f3fc78cbb02115634ed4f7f70ceb15],
PUP.Optional.HDVidCodec.A, C:\Users\Porstendörfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com\Uninstall.lnk, In Quarantäne, [81f3fc78cbb02115634ed4f7f70ceb15],
PUP.Optional.Gophoto.A, C:\Program Files (x86)\Gophoto.it\gophotoit14.crx, In Quarantäne, [13619bd93b4026105e26ebe4de252cd4],
PUP.Optional.Iminent.A, C:\Users\Porstendörfer\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\empty.localstorage, In Quarantäne, [abc9b4c03e3dea4ce6e3c5bba95922de],
PUP.Optional.HDVidCodec.A, C:\Program Files (x86)\hdvidcodec.com\b.bmp, In Quarantäne, [4f2594e0eb901323322d5230768c7888],
PUP.Optional.HDVidCodec.A, C:\Program Files (x86)\hdvidcodec.com\finish.bmp, In Quarantäne, [4f2594e0eb901323322d5230768c7888],
PUP.Optional.HDVidCodec.A, C:\Program Files (x86)\hdvidcodec.com\FinishHDVID.exe, In Quarantäne, [4f2594e0eb901323322d5230768c7888],
PUP.Optional.HDVidCodec.A, C:\Program Files (x86)\hdvidcodec.com\HDVidCodec.exe, In Quarantäne, [4f2594e0eb901323322d5230768c7888],
PUP.Optional.HDVidCodec.A, C:\Program Files (x86)\hdvidcodec.com\HDvidCodec10.crx, In Quarantäne, [4f2594e0eb901323322d5230768c7888],
PUP.Optional.HDVidCodec.A, C:\Program Files (x86)\hdvidcodec.com\hdvid_temp.bmp, In Quarantäne, [4f2594e0eb901323322d5230768c7888],
PUP.Optional.HDVidCodec.A, C:\Program Files (x86)\hdvidcodec.com\uninst.exe, In Quarantäne, [4f2594e0eb901323322d5230768c7888],
PUP.Optional.Iminent.A, C:\Users\Porstendörfer\AppData\Roaming\IminentToolbar\sqlite3.dll, In Quarantäne, [5f15e68e06754ee8f6c1d4ae07fb8779],
PUP.Optional.CrossRider.A, C:\Users\Porstendörfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0\manifest.json, In Quarantäne, [4d27d89c3d3e96a03694622336cc768a],
PUP.Optional.CrossRider.A, C:\Users\Porstendörfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0\html\background.html, In Quarantäne, [4d27d89c3d3e96a03694622336cc768a],
PUP.Optional.CrossRider.A, C:\Users\Porstendörfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0\images\icon.128.png, In Quarantäne, [4d27d89c3d3e96a03694622336cc768a],
PUP.Optional.CrossRider.A, C:\Users\Porstendörfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0\images\icon.16.png, In Quarantäne, [4d27d89c3d3e96a03694622336cc768a],
PUP.Optional.CrossRider.A, C:\Users\Porstendörfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0\images\icon.48.png, In Quarantäne, [4d27d89c3d3e96a03694622336cc768a],
PUP.Optional.CrossRider.A, C:\Users\Porstendörfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0\js\background.js, In Quarantäne, [4d27d89c3d3e96a03694622336cc768a],
PUP.Optional.CrossRider.A, C:\Users\Porstendörfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0\js\ex.js, In Quarantäne, [4d27d89c3d3e96a03694622336cc768a],
PUP.Optional.CrossRider.A, C:\Users\Porstendörfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0\js\jquery.js, In Quarantäne, [4d27d89c3d3e96a03694622336cc768a],

Physische Sektoren: 0
(No malicious items detected)


(end)
Und das hier ist das letzte Schutzprotokoll von Mailwarebytes:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 06.06.2014 07:17:48, SYSTEM, ANDREAS, Protection, Malware Protection, Starting,
Protection, 06.06.2014 07:17:48, SYSTEM, ANDREAS, Protection, Malware Protection, Started,
Protection, 06.06.2014 07:17:49, SYSTEM, ANDREAS, Protection, Malicious Website Protection, Starting,
Update, 06.06.2014 07:17:56, SYSTEM, ANDREAS, Scheduler, Malware Database, 2014.6.5.12, 2014.6.6.3,
Protection, 06.06.2014 07:18:01, SYSTEM, ANDREAS, Protection, Malicious Website Protection, Started,
Protection, 06.06.2014 07:18:09, SYSTEM, ANDREAS, Protection, Refresh, Starting,
Protection, 06.06.2014 07:18:09, SYSTEM, ANDREAS, Protection, Malicious Website Protection, Stopping,
Protection, 06.06.2014 07:18:09, SYSTEM, ANDREAS, Protection, Malicious Website Protection, Stopped,
Protection, 06.06.2014 07:18:19, SYSTEM, ANDREAS, Protection, Refresh, Success,
Protection, 06.06.2014 07:18:19, SYSTEM, ANDREAS, Protection, Malicious Website Protection, Starting,
Protection, 06.06.2014 07:18:20, SYSTEM, ANDREAS, Protection, Malicious Website Protection, Started,

(end)
Dann haben wir noch Eset:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=40827b6ac8dffd42a5134a1665ecef3f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-27 11:54:01
# local_time=2012-04-28 01:54:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777214 0 3 107580 107580 0 0
# compatibility_mode=5893 16776574 100 94 26138993 87196255 0 0
# compatibility_mode=8192 67108863 100 0 437 437 0 0
# scanned=216446
# found=0
# cleaned=0
# scan_time=4604
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=40827b6ac8dffd42a5134a1665ecef3f
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-28 12:21:55
# local_time=2012-04-28 02:21:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=5121 16777214 0 3 113631 113631 0 0
# compatibility_mode=5893 16776574 100 94 26145044 87202306 0 0
# compatibility_mode=8192 67108863 100 0 6488 6488 0 0
# scanned=535
# found=0
# cleaned=0
# scan_time=79
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=40827b6ac8dffd42a5134a1665ecef3f
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-26 09:54:52
# local_time=2012-09-26 11:54:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=5893 16776574 100 94 39221922 100279184 0 0
# compatibility_mode=8192 67108863 100 0 13083366 13083366 0 0
# scanned=103131
# found=1
# cleaned=0
# scan_time=4126
C:\Users\Porstendörfer\AppData\Local\temp\SetupDataMngr_Searchqu.exe        multiple threats (unable to clean)        00000000000000000000000000000000        I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=40827b6ac8dffd42a5134a1665ecef3f
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-26 04:12:00
# local_time=2012-09-26 06:12:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=5893 16776574 100 94 39248508 100305770 0 0
# compatibility_mode=8192 67108863 100 0 13109952 13109952 0 0
# scanned=22
# found=0
# cleaned=0
# scan_time=11
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=40827b6ac8dffd42a5134a1665ecef3f
# engine=18558
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-05 04:06:15
# local_time=2014-06-05 06:06:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=782 16777213 100 97 288550 166361665 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 92513763 153571025 0 0
# scanned=221874
# found=7
# cleaned=5
# scan_time=31412
sh=3972109B1974BEA7EAA2CFCAF92269548E9C2E72 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\43WFD7JQ\monetizationLoader[1].js"
sh=710CDC0F01EB25B609E4355FAB810E25344CA26C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AE9X83S7\monetizationLoader[1].js"
sh=9B65A06B630598916A1574E7A16201AAF04B430D ft=1 fh=afff72e543a80d66 vn="Win32/InstallCore.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\FLVPlayer\FLVPlayer.exe"
sh=52F11DD8D8841DC6518E0509E7993B99F9BCA9C6 ft=1 fh=af07e7ddbff033f0 vn="a variant of Win32/InstallCore.D potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\FLVPlayer\Uninstall\Uninstall.exe"
sh=710CDC0F01EB25B609E4355FAB810E25344CA26C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Porstendörfer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3213CFO\monetizationLoader[1].js"
sh=3972109B1974BEA7EAA2CFCAF92269548E9C2E72 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\43WFD7JQ\monetizationLoader[1].js"
sh=710CDC0F01EB25B609E4355FAB810E25344CA26C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AE9X83S7\monetizationLoader[1].js"
Farbars mach ich gleich und poste es dann. Danke schon mal!


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Porstendörfer (administrator) on ANDREAS on 06-06-2014 08:04:18
Running from C:\Users\Porstendörfer\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
() C:\Windows\PLFSetI.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
() C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.EXE
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\NielsenOnline64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [503864 2009-07-20] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [818720 2010-02-26] (Acer Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-09-25] ()
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2008-03-03] (CANON INC.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [825864 2009-09-24] (Dritek System Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-27] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [NielsenOnline] => C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe [91688 2014-04-07] (The Nielsen Company)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1923626264-2341716953-3562644547-1004\...\Run: [Facebook Update] => C:\Users\Porstendörfer\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-08-04] (Facebook Inc.)
HKU\S-1-5-21-1923626264-2341716953-3562644547-1004\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\Porstendörfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Porstendörfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stillness Buddy.lnk
ShortcutTarget: Stillness Buddy.lnk -> C:\Stillness Buddy\Start Stillness Buddy.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs-001&type={partner_id}&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com/?&fr=hp-avast&type={partner_id}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5635z&r=27360211b816l0413z135i6741u202
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5635z&r=27360211b816l0413z135i6741u202
URLSearchHook: HKLM-x32 - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs-001&type={partner_id}&p={searchTerms}
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs-001&type={partner_id}&p={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.enhanced-search.com/?q={searchTerms}&babsrc=SP_ss_mib2&mntrId=988E18F46A0C1408&affID=128492&tsp=5201
SearchScopes: HKCU - {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs-001&type={partner_id}&p={searchTerms}
SearchScopes: HKCU - {5CFA3734-F2DB-4ECC-B719-1D6C7236F087} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE417DE417
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Porstendörfer\AppData\Roaming\Mozilla\Firefox\Profiles\g7glcx6n.default-1401870923548
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll (Nielsen)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Porstendörfer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Porstendörfer\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: GMX MailCheck - C:\Users\Porstendörfer\AppData\Roaming\Mozilla\Firefox\Profiles\g7glcx6n.default-1401870923548\Extensions\toolbar@gmx.net.xpi [2014-06-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-05-01]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi
FF Extension: Nielsen NetSight - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi [2014-06-06]

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-19] (Adobe Systems)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-08] (AVAST Software)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 NielsenUpdate; C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2854952 2014-04-07] (The Nielsen Company)
S2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-16] (NTI, Inc.)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
S3 TermService; %SystemRoot%\System32\termsrv.dll [X]
S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-08] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-04-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-08] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R1 nnfwdk; C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\nnfwdk64.sys [26664 2014-04-07] (The Nielsen Company)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S2 secdrv; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-06 08:04 - 2014-06-06 08:04 - 00019859 ____C () C:\Users\Porstendörfer\Desktop\FRST.txt
2014-06-06 08:02 - 2014-06-06 08:02 - 02068992 ____C (Farbar) C:\Users\Porstendörfer\Desktop\FRST64.exe
2014-06-05 19:55 - 2014-06-06 07:12 - 00000168 ____C () C:\Windows\setupact.log
2014-06-05 19:55 - 2014-06-05 19:55 - 00000584 ____C () C:\Windows\PFRO.log
2014-06-05 19:55 - 2014-06-05 19:55 - 00000000 ____C () C:\Windows\setuperr.log
2014-06-05 08:33 - 2014-06-05 08:33 - 00002788 ____C () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-05 08:33 - 2014-06-05 08:33 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-05 08:33 - 2014-06-05 08:33 - 00000000 ___DC () C:\Program Files\CCleaner
2014-06-05 08:31 - 2014-06-05 08:31 - 04748896 ____C (Piriform Ltd) C:\Users\Porstendörfer\Downloads\ccsetup414.exe
2014-06-05 08:01 - 2014-06-05 08:01 - 00003234 ____C () C:\Windows\System32\Tasks\{FB578874-50DC-4D74-8026-52C72111DE3F}
2014-06-04 10:43 - 2014-06-06 07:18 - 00122584 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-04 10:43 - 2014-06-04 10:43 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-04 10:43 - 2014-06-04 10:43 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-04 10:43 - 2014-05-12 07:26 - 00091352 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-04 10:43 - 2014-05-12 07:26 - 00063704 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-04 10:40 - 2014-06-04 10:41 - 17292760 ____C (Malwarebytes Corporation ) C:\Users\Porstendörfer\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-26 15:05 - 2014-05-26 15:05 - 00003052 ____C () C:\Windows\System32\Tasks\{650E0D19-B655-434A-A101-8D313D41F4FF}
2014-05-26 15:01 - 2014-05-26 15:01 - 00003052 ____C () C:\Windows\System32\Tasks\{F2766D69-96EB-4A68-93C0-47F4BABA3421}
2014-05-26 15:00 - 2014-05-26 15:00 - 00003052 ____C () C:\Windows\System32\Tasks\{22095F36-CBF9-4B5E-83B1-4229C8025218}
2014-05-26 11:56 - 2014-06-02 20:21 - 00000000 ___DC () C:\Program Files (x86)\globalUpdate
2014-05-26 11:56 - 2014-05-26 11:56 - 00000000 ___DC () C:\Users\Porstendörfer\AppData\Local\globalUpdate
2014-05-26 11:55 - 2014-05-26 11:55 - 00000000 ___DC () C:\Program Files\003
2014-05-24 15:46 - 2014-05-24 15:46 - 00003040 ____C () C:\Windows\System32\Tasks\{3EF8A789-04EE-42B1-860F-FB41AB790A16}
2014-05-24 15:45 - 2014-05-24 15:45 - 00003040 ____C () C:\Windows\System32\Tasks\{3A3207F0-C070-43C4-A3F7-AEAF82B4956E}
2014-05-20 12:26 - 2014-05-20 12:26 - 00000000 ___DC () C:\Users\Porstendörfer\Desktop\cars2
2014-05-14 20:14 - 2014-05-14 21:18 - 00000000 ___DC () C:\Users\Porstendörfer\AppData\Roaming\Spuk im Wirtshaus
2014-05-14 20:12 - 2009-09-04 17:44 - 00517960 ____C (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-05-14 20:12 - 2009-09-04 17:44 - 00515416 ____C (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2014-05-14 20:12 - 2009-09-04 17:44 - 00238936 ____C (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-05-14 20:12 - 2009-09-04 17:44 - 00176968 ____C (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-05-14 20:12 - 2009-09-04 17:44 - 00073544 ____C (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-05-14 20:12 - 2009-09-04 17:44 - 00069464 ____C (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2014-05-14 20:12 - 2009-09-04 17:29 - 05554512 ____C (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-05-14 20:12 - 2009-09-04 17:29 - 05501792 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-05-14 20:12 - 2009-09-04 17:29 - 02582888 ____C (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-05-14 20:12 - 2009-09-04 17:29 - 02475352 ____C (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-05-14 20:12 - 2009-09-04 17:29 - 01974616 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-05-14 20:12 - 2009-09-04 17:29 - 01892184 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-05-14 20:12 - 2009-09-04 17:29 - 00523088 ____C (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-05-14 20:12 - 2009-09-04 17:29 - 00453456 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2014-05-14 20:12 - 2009-09-04 17:29 - 00285024 ____C (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-05-14 20:12 - 2009-09-04 17:29 - 00235344 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-05-14 20:12 - 2009-03-16 14:18 - 00521560 ____C (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-05-14 20:12 - 2009-03-16 14:18 - 00517448 ____C (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-05-14 20:12 - 2009-03-16 14:18 - 00235352 ____C (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-05-14 20:12 - 2009-03-16 14:18 - 00174936 ____C (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-05-14 20:12 - 2009-03-16 14:18 - 00024920 ____C (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-05-14 20:12 - 2009-03-16 14:18 - 00022360 ____C (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-05-14 20:12 - 2009-03-09 15:27 - 05425496 ____C (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-05-14 20:12 - 2009-03-09 15:27 - 04178264 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-05-14 20:12 - 2009-03-09 15:27 - 02430312 ____C (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-05-14 20:12 - 2009-03-09 15:27 - 01846632 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2014-05-14 20:12 - 2009-03-09 15:27 - 00520544 ____C (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-05-14 20:12 - 2009-03-09 15:27 - 00453456 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2014-05-14 20:12 - 2008-10-27 10:04 - 00518480 ____C (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-05-14 20:12 - 2008-10-27 10:04 - 00514384 ____C (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-05-14 20:12 - 2008-10-27 10:04 - 00235856 ____C (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-05-14 20:12 - 2008-10-27 10:04 - 00175440 ____C (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-05-14 20:12 - 2008-10-27 10:04 - 00074576 ____C (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-05-14 20:12 - 2008-10-27 10:04 - 00070992 ____C (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-05-14 20:12 - 2008-10-27 10:04 - 00025936 ____C (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-05-14 20:12 - 2008-10-27 10:04 - 00023376 ____C (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-05-14 20:12 - 2008-10-15 06:22 - 05631312 ____C (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-05-14 20:12 - 2008-10-15 06:22 - 04379984 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-05-14 20:12 - 2008-10-15 06:22 - 02605920 ____C (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-05-14 20:12 - 2008-10-15 06:22 - 02036576 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-05-14 20:12 - 2008-10-15 06:22 - 00519000 ____C (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-05-14 20:12 - 2008-10-15 06:22 - 00452440 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-05-14 20:12 - 2008-07-31 10:41 - 00238088 ____C (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-05-14 20:12 - 2008-07-31 10:41 - 00177672 ____C (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-05-14 20:12 - 2008-07-31 10:41 - 00072200 ____C (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-05-14 20:12 - 2008-07-31 10:41 - 00068616 ____C (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-05-14 20:12 - 2008-07-31 10:40 - 00513544 ____C (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-05-14 20:12 - 2008-07-31 10:40 - 00509448 ____C (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-05-14 20:12 - 2008-07-10 11:01 - 00467984 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-05-14 20:12 - 2008-07-10 11:00 - 04992520 ____C (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-05-14 20:12 - 2008-07-10 11:00 - 03851784 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-05-14 20:12 - 2008-07-10 11:00 - 01942552 ____C (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-05-14 20:12 - 2008-07-10 11:00 - 01493528 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-05-14 20:12 - 2008-07-10 11:00 - 00540688 ____C (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-05-14 20:12 - 2008-05-30 14:19 - 00511496 ____C (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-05-14 20:12 - 2008-05-30 14:19 - 00507400 ____C (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2014-05-14 20:12 - 2008-05-30 14:18 - 00238088 ____C (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2014-05-14 20:12 - 2008-05-30 14:18 - 00177672 ____C (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-05-14 20:12 - 2008-05-30 14:17 - 00068104 ____C (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-05-14 20:12 - 2008-05-30 14:17 - 00065032 ____C (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2014-05-14 20:12 - 2008-05-30 14:17 - 00025608 ____C (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2014-05-14 20:12 - 2008-05-30 14:16 - 00028168 ____C (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-05-14 20:12 - 2008-05-30 14:11 - 04991496 ____C (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-05-14 20:12 - 2008-05-30 14:11 - 03850760 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2014-05-14 20:12 - 2008-05-30 14:11 - 01941528 ____C (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-05-14 20:12 - 2008-05-30 14:11 - 01491992 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2014-05-14 20:12 - 2008-05-30 14:11 - 00540688 ____C (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-05-14 20:12 - 2008-05-30 14:11 - 00467984 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2014-05-14 20:12 - 2008-03-05 16:04 - 00489480 ____C (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-05-14 20:12 - 2008-03-05 16:03 - 00479752 ____C (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2014-05-14 20:12 - 2008-03-05 16:03 - 00238088 ____C (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2014-05-14 20:12 - 2008-03-05 16:03 - 00177672 ____C (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-05-14 20:12 - 2008-03-05 16:00 - 00028168 ____C (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-05-14 20:12 - 2008-03-05 16:00 - 00025608 ____C (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2014-05-14 20:12 - 2008-03-05 15:56 - 04910088 ____C (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-05-14 20:12 - 2008-03-05 15:56 - 03786760 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2014-05-14 20:12 - 2008-03-05 15:56 - 01860120 ____C (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-05-14 20:12 - 2008-03-05 15:56 - 01420824 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2014-05-14 20:12 - 2008-02-05 23:07 - 00529424 ____C (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-05-14 20:12 - 2008-02-05 23:07 - 00462864 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2014-05-14 20:12 - 2007-10-22 03:40 - 00411656 ____C (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-05-14 20:12 - 2007-10-22 03:39 - 00267272 ____C (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2014-05-14 20:12 - 2007-10-22 03:37 - 00021000 ____C (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-05-14 20:12 - 2007-10-22 03:37 - 00017928 ____C (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2014-05-14 20:12 - 2007-10-12 15:14 - 05081608 ____C (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-05-14 20:12 - 2007-10-12 15:14 - 03734536 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2014-05-14 20:12 - 2007-10-12 15:14 - 02006552 ____C (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-05-14 20:12 - 2007-10-12 15:14 - 01374232 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2014-05-14 20:12 - 2007-10-02 09:56 - 00508264 ____C (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-05-14 20:12 - 2007-10-02 09:56 - 00444776 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2014-05-14 20:12 - 2007-07-20 00:57 - 00411496 ____C (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-05-14 20:12 - 2007-07-20 00:57 - 00267112 ____C (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2014-05-14 20:12 - 2007-07-19 18:14 - 05073256 ____C (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-05-14 20:12 - 2007-07-19 18:14 - 03727720 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2014-05-14 20:12 - 2007-07-19 18:14 - 01985904 ____C (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-05-14 20:12 - 2007-07-19 18:14 - 01358192 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2014-05-14 20:12 - 2007-07-19 18:14 - 00508264 ____C (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-05-14 20:12 - 2007-07-19 18:14 - 00444776 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2014-05-14 20:12 - 2007-06-20 20:49 - 00409960 ____C (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-05-14 20:12 - 2007-06-20 20:46 - 00266088 ____C (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2014-05-14 20:12 - 2007-05-16 16:45 - 04496232 ____C (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-05-14 20:12 - 2007-05-16 16:45 - 03497832 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2014-05-14 20:12 - 2007-05-16 16:45 - 01401200 ____C (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-05-14 20:12 - 2007-05-16 16:45 - 01124720 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2014-05-14 20:12 - 2007-05-16 16:45 - 00506728 ____C (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-05-14 20:12 - 2007-05-16 16:45 - 00443752 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2014-05-14 20:12 - 2007-04-04 18:55 - 00403304 ____C (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-05-14 20:12 - 2007-04-04 18:55 - 00261480 ____C (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2014-05-14 20:12 - 2007-04-04 18:54 - 00107368 ____C (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-05-14 20:12 - 2007-04-04 18:53 - 00081768 ____C (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-05-14 20:12 - 2007-03-15 16:57 - 00506728 ____C (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-05-14 20:12 - 2007-03-15 16:57 - 00443752 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2014-05-14 20:12 - 2007-03-12 16:42 - 04494184 ____C (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-05-14 20:12 - 2007-03-12 16:42 - 03495784 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2014-05-14 20:12 - 2007-03-12 16:42 - 01400176 ____C (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-05-14 20:12 - 2007-03-12 16:42 - 01123696 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2014-05-14 20:11 - 2007-03-05 12:42 - 00017688 ____C (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-05-14 20:11 - 2007-03-05 12:42 - 00015128 ____C (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2014-05-14 20:08 - 2014-05-14 20:08 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unheimliche Geschichten
2014-05-14 20:06 - 2014-05-14 20:08 - 00000000 ___DC () C:\Program Files (x86)\Unheimliche Geschichten
2014-05-14 11:04 - 2014-05-14 11:04 - 00000000 ___HC () C:\Windows\system32\Drivers\Msft_Kernel_nnfwdk64_01009.Wdf
2014-05-14 10:58 - 2014-05-14 10:58 - 00000890 ____C () C:\nsinst.log
2014-05-14 10:58 - 2014-05-14 10:58 - 00000000 ___DC () C:\Program Files (x86)\NetRatingsNetSight
2014-05-11 12:52 - 2014-05-11 12:53 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 12:33 - 2014-05-09 12:33 - 00264616 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-09 12:33 - 2014-05-09 12:33 - 00096168 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-09 12:33 - 2014-05-09 12:32 - 00175528 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-09 12:33 - 2014-05-09 12:32 - 00175016 ____C (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-08 13:42 - 2014-05-08 13:42 - 00043152 ____C (AVAST Software) C:\Windows\avastSS.scr
2014-05-08 13:42 - 2014-05-08 13:42 - 00029208 ____C () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-08 12:32 - 2014-05-08 12:31 - 00313256 ____C (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-08 12:31 - 2014-05-08 12:31 - 00189352 ____C (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-08 12:31 - 2014-05-08 12:31 - 00189352 ____C (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-08 12:31 - 2014-05-08 12:31 - 00108968 ____C (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-05-08 12:30 - 2014-05-08 12:30 - 00000000 ___DC () C:\Program Files\Java

==================== One Month Modified Files and Folders =======

2014-06-06 08:04 - 2014-06-06 08:04 - 00019859 ____C () C:\Users\Porstendörfer\Desktop\FRST.txt
2014-06-06 08:04 - 2012-04-27 01:40 - 00000000 ___DC () C:\FRST
2014-06-06 08:04 - 2012-04-26 20:19 - 00000000 ___DC () C:\Users\Porstendörfer\AppData\Local\temp
2014-06-06 08:02 - 2014-06-06 08:02 - 02068992 ____C (Farbar) C:\Users\Porstendörfer\Desktop\FRST64.exe
2014-06-06 07:31 - 2012-08-29 07:34 - 00000884 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-06 07:21 - 2009-07-14 06:45 - 00009696 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-06 07:21 - 2009-07-14 06:45 - 00009696 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-06 07:18 - 2014-06-04 10:43 - 00122584 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-06 07:18 - 2010-09-25 14:07 - 01830488 ____C () C:\Windows\WindowsUpdate.log
2014-06-06 07:17 - 2012-06-14 09:37 - 00000000 ___DC () C:\Users\Porstendörfer\Desktop\Sicherheit
2014-06-06 07:14 - 2012-07-11 17:33 - 00004182 ____C () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-06 07:12 - 2014-06-05 19:55 - 00000168 ____C () C:\Windows\setupact.log
2014-06-06 07:12 - 2009-07-14 07:08 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2014-06-05 21:19 - 2013-08-04 15:14 - 00000960 ____C () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1923626264-2341716953-3562644547-1004UA.job
2014-06-05 19:55 - 2014-06-05 19:55 - 00000584 ____C () C:\Windows\PFRO.log
2014-06-05 19:55 - 2014-06-05 19:55 - 00000000 ____C () C:\Windows\setuperr.log
2014-06-05 08:42 - 2011-02-02 11:45 - 00000000 ___DC () C:\Users\Porstendörfer\AppData\Local\Google
2014-06-05 08:42 - 2010-04-08 17:15 - 00000000 ___DC () C:\Program Files (x86)\Google
2014-06-05 08:34 - 2007-07-12 03:49 - 00000000 ___DC () C:\Windows\Panther
2014-06-05 08:33 - 2014-06-05 08:33 - 00002788 ____C () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-05 08:33 - 2014-06-05 08:33 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-05 08:33 - 2014-06-05 08:33 - 00000000 ___DC () C:\Program Files\CCleaner
2014-06-05 08:31 - 2014-06-05 08:31 - 04748896 ____C (Piriform Ltd) C:\Users\Porstendörfer\Downloads\ccsetup414.exe
2014-06-05 08:01 - 2014-06-05 08:01 - 00003234 ____C () C:\Windows\System32\Tasks\{FB578874-50DC-4D74-8026-52C72111DE3F}
2014-06-05 06:05 - 2013-01-13 15:38 - 00000000 ___DC () C:\Program Files (x86)\FLVPlayer
2014-06-04 20:11 - 2013-08-04 15:14 - 00000938 ____C () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1923626264-2341716953-3562644547-1004Core.job
2014-06-04 10:43 - 2014-06-04 10:43 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-04 10:43 - 2014-06-04 10:43 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-04 10:43 - 2012-04-26 20:24 - 00000000 ___DC () C:\Users\Porstendörfer\AppData\Roaming\Malwarebytes
2014-06-04 10:43 - 2012-04-26 20:23 - 00000000 ___DC () C:\ProgramData\Malwarebytes
2014-06-04 10:41 - 2014-06-04 10:40 - 17292760 ____C (Malwarebytes Corporation ) C:\Users\Porstendörfer\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-04 10:35 - 2013-05-23 15:32 - 00000000 ___DC () C:\Users\Porstendörfer\Desktop\Alte Firefox-Daten
2014-06-04 10:09 - 2013-07-08 20:35 - 00000000 ___DC () C:\Users\Porstendörfer\AppData\Roaming\Skype
2014-06-04 06:24 - 2013-09-06 11:48 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
2014-06-04 06:22 - 2013-08-12 20:29 - 00000000 ___DC () C:\ProgramData\Trymedia
2014-06-02 20:21 - 2014-05-26 11:56 - 00000000 ___DC () C:\Program Files (x86)\globalUpdate
2014-06-01 21:55 - 2011-03-16 18:00 - 00000000 ___DC () C:\ProgramData\CanonIJPLM
2014-06-01 21:41 - 2013-07-24 15:18 - 00000000 ___DC () C:\Users\Porstendörfer\AppData\Roaming\Systweak
2014-05-26 15:05 - 2014-05-26 15:05 - 00003052 ____C () C:\Windows\System32\Tasks\{650E0D19-B655-434A-A101-8D313D41F4FF}
2014-05-26 15:01 - 2014-05-26 15:01 - 00003052 ____C () C:\Windows\System32\Tasks\{F2766D69-96EB-4A68-93C0-47F4BABA3421}
2014-05-26 15:00 - 2014-05-26 15:00 - 00003052 ____C () C:\Windows\System32\Tasks\{22095F36-CBF9-4B5E-83B1-4229C8025218}
2014-05-26 11:56 - 2014-05-26 11:56 - 00000000 ___DC () C:\Users\Porstendörfer\AppData\Local\globalUpdate
2014-05-26 11:55 - 2014-05-26 11:55 - 00000000 ___DC () C:\Program Files\003
2014-05-24 16:01 - 2013-04-04 11:45 - 00000000 ___DC () C:\Users\Porstendörfer\Documents\Mein Steuer-Sparbuch Heute
2014-05-24 15:46 - 2014-05-24 15:46 - 00003040 ____C () C:\Windows\System32\Tasks\{3EF8A789-04EE-42B1-860F-FB41AB790A16}
2014-05-24 15:45 - 2014-05-24 15:45 - 00003040 ____C () C:\Windows\System32\Tasks\{3A3207F0-C070-43C4-A3F7-AEAF82B4956E}
2014-05-23 09:15 - 2012-04-25 08:44 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-21 12:00 - 2012-04-28 18:56 - 00002441 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-21 11:12 - 2010-09-25 23:58 - 00716208 ____C () C:\Windows\system32\perfh007.dat
2014-05-21 11:12 - 2010-09-25 23:58 - 00156302 ____C () C:\Windows\system32\perfc007.dat
2014-05-21 11:12 - 2009-07-14 07:13 - 01659858 ____C () C:\Windows\system32\PerfStringBackup.INI
2014-05-20 12:26 - 2014-05-20 12:26 - 00000000 ___DC () C:\Users\Porstendörfer\Desktop\cars2
2014-05-15 19:52 - 2014-03-29 21:16 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox.bak
2014-05-15 13:42 - 2014-01-10 19:10 - 00085328 ____C (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-15 13:42 - 2012-05-01 20:24 - 01039096 ____C (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 13:42 - 2012-05-01 20:24 - 00423240 ____C (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-15 12:08 - 2012-08-29 07:34 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-15 12:08 - 2012-04-28 19:05 - 00692400 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 12:08 - 2011-06-11 06:25 - 00070832 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 21:18 - 2014-05-14 20:14 - 00000000 ___DC () C:\Users\Porstendörfer\AppData\Roaming\Spuk im Wirtshaus
2014-05-14 20:08 - 2014-05-14 20:08 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unheimliche Geschichten
2014-05-14 20:08 - 2014-05-14 20:06 - 00000000 ___DC () C:\Program Files (x86)\Unheimliche Geschichten
2014-05-14 11:04 - 2014-05-14 11:04 - 00000000 ___HC () C:\Windows\system32\Drivers\Msft_Kernel_nnfwdk64_01009.Wdf
2014-05-14 10:58 - 2014-05-14 10:58 - 00000890 ____C () C:\nsinst.log
2014-05-14 10:58 - 2014-05-14 10:58 - 00000000 ___DC () C:\Program Files (x86)\NetRatingsNetSight
2014-05-12 07:26 - 2014-06-04 10:43 - 00091352 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-04 10:43 - 00063704 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2012-04-26 20:23 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 12:53 - 2014-05-11 12:52 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 20:28 - 2011-03-27 16:35 - 00000000 ___DC () C:\Users\Porstendörfer\Desktop\Andreas
2014-05-09 13:14 - 2011-04-12 13:44 - 00000000 ___DC () C:\Program Files (x86)\Buhl finance
2014-05-09 13:14 - 2010-04-08 16:31 - 00000000 __HDC () C:\Program Files (x86)\InstallShield Installation Information
2014-05-09 13:13 - 2009-07-14 05:20 - 00000000 __RDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-09 12:39 - 2013-07-01 17:14 - 00001074 ____C () C:\Users\Public\Desktop\VLC media player.lnk
2014-05-09 12:38 - 2013-09-26 11:52 - 00000000 ___DC () C:\ProgramData\Oracle
2014-05-09 12:33 - 2014-05-09 12:33 - 00264616 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-09 12:33 - 2014-05-09 12:33 - 00096168 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-09 12:32 - 2014-05-09 12:33 - 00175528 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-09 12:32 - 2014-05-09 12:33 - 00175016 ____C (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-09 12:32 - 2012-04-28 17:13 - 00000000 ___DC () C:\Program Files (x86)\Java
2014-05-08 13:42 - 2014-05-08 13:42 - 00043152 ____C (AVAST Software) C:\Windows\avastSS.scr
2014-05-08 13:42 - 2014-05-08 13:42 - 00029208 ____C () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-08 13:42 - 2013-03-20 13:37 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-08 13:42 - 2013-03-20 13:37 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-08 13:42 - 2012-05-01 20:24 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1400154147536
2014-05-08 13:42 - 2012-05-01 20:24 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1400154147536
2014-05-08 13:42 - 2012-05-01 20:24 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-08 13:42 - 2012-05-01 20:23 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-08 13:42 - 2012-05-01 20:23 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-08 12:31 - 2014-05-08 12:32 - 00313256 ____C (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-08 12:31 - 2014-05-08 12:31 - 00189352 ____C (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-08 12:31 - 2014-05-08 12:31 - 00189352 ____C (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-08 12:31 - 2014-05-08 12:31 - 00108968 ____C (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-05-08 12:30 - 2014-05-08 12:30 - 00000000 ___DC () C:\Program Files\Java

Some content of TEMP:
====================
C:\Users\Porstendörfer\AppData\Local\temp\BuenoSearchTB[1].exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 21:40

==================== End Of Log ============================
--- --- ---

--- --- ---

[/CODE]

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014
Ran by Porstendörfer at 2014-06-06 08:04:59
Running from C:\Users\Porstendörfer\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
Acer Crystal Eye webcam Ver:1.1.160.210 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.160.210 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3007 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3011 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1) (Version: 6.1.0.2 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.11.1209 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3002 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Bridge 1.0 (x32 Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adressenverwaltung (HKLM-x32\...\{F4A841BD-7E4D-4F6E-9347-68139A80D70A}) (Version: 5.0.08 - VR-Software)
Ahnenblatt 2.64 (HKLM-x32\...\Ahnenblatt_is1) (Version: 2.64.1.3 - Dirk Boettcher)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.17 - Atheros Communications Inc.)
avast! Pro Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - )
Business Contact Manager für Outlook 2007 SP2 (HKLM-x32\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version:  - )
Canon MP260 series Benutzerregistrierung (HKLM-x32\...\Canon MP260 series Benutzerregistrierung) (Version:  - )
Canon MP260 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP260_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.9.0 - Conexant)
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4FE6ABAF-20F3-4F5F-A966-380FDAE9A31A}) (Version:  - Microsoft)
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
Finanzfuchs Haushaltsbuch 2005 2.08  (HKLM-x32\...\Finanzfuchs Haushaltsbuch 2005) (Version: 2.08 - Franzis)
FLV Player Packages (HKCU\...\FLV Player Packages) (Version:  - ) <==== ATTENTION
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version:  - Oberon Media)
Graboid Video 2.03 (HKLM-x32\...\Graboid Video) (Version: 2.03 - Graboid Inc.)
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Inkjet Printer/Scanner Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5.10.75 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.5.10.75 - InterVideo Inc.) Hidden
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.04 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MD Adressbuch 2011 (HKLM-x32\...\MD Adressbuch 2011_is1) (Version:  - Stefan Göppert Softwareentwicklung)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office O MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
Microsoft Office SharePoint Designer MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{7C39E0D1-E138-42B1-B083-213EC2CF7692}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 5.0.0.1168 - MyHeritage.com)
Nielsen (HKLM-x32\...\NetSight) (Version:  - )
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.630 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.630 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6635 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6635 - NewTech Infosystems) Hidden
Oddly Enough: Der Rattenfänger von Hameln (HKLM-x32\...\BFG-Oddly Enough - Der Rattenfaenger von Hameln) (Version:  - )
PDF24 Creator 5.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Pixum Fotobuch (HKLM-x32\...\Pixum Fotobuch) (Version:  - )
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30094 - Realtek Semiconductor Corp.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Softwarenetz Haushaltsbuch5 (HKLM-x32\...\Haushaltsbuch5) (Version:  - Softwarenetz)
Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version:  - Oberon Media)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.6.0 - Synaptics Incorporated)
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Unheimliche Geschichten (HKLM-x32\...\Unheimliche Geschichten) (Version:  - )
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM-x32\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3D1F379C-AA64-4823-90A4-A8DDD4B48C21}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7AC49FC8-F8D2-4DD8-9086-09E52385A21F}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{E6EAF5E1-5E2A-4E4F-847E-97B45179E45B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{17E7B9AB-2DD2-457D-8D8E-CD14ACA973FE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{15058154-469F-4794-ACD5-94F8420F9B80}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{D1688F5A-9A61-42F0-B8D0-2C9DF315A141}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{32E700B9-1A94-48B4-99E1-CB8BD5F7340A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{C8694FF0-8203-483B-A07A-2BC40433167D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{28FAC187-7C0E-413A-B90A-76F19D0FBF30}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4D98EEEA-A31B-42FA-991A-F989594F4DA5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4D98EEEA-A31B-42FA-991A-F989594F4DA5}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{BEBC2484-290C-46AD-9834-6DAD1FA80273}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{0C175ED0-26B9-4B09-AFA9-3F16A03A29B9}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BEBC2484-290C-46AD-9834-6DAD1FA80273}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{FB95DCF2-C3FD-44E4-ABFC-1B082885703F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38990592-F6A1-4A26-96C7-0600E36AE794}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{81CA2EFA-7250-4B1E-B3A6-E0595224E2CD}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebEx Event-Manager für Firefox oder Chrome  (HKLM-x32\...\{2E732021-24C0-4D96-9B27-1876A7A143A2}) (Version: 28.11.0.16469 - Cisco WebEx LLC)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.01.3002 - Acer Incorporated)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{BF0EA47F-0ED2-44CE-A8A4-644A85274F0D}) (Version: 21.00.8480 - Buhl Data Service GmbH)

==================== Restore Points  =========================

24-05-2014 13:48:03 Removed Microsoft Silverlight
24-05-2014 14:09:25 Removed Microsoft Silverlight
26-05-2014 09:50:26 Removed Microsoft Silverlight
01-06-2014 19:51:30 Removed Microsoft Silverlight

==================== Hosts content: ==========================

2009-07-14 04:34 - 2012-09-28 07:26 - 00000098 ___AC C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
::1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {118DAEDE-6B0D-406E-B8FC-59D94D580C2F} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {2467DCFC-DACF-48D3-BDCC-8DB1884B0A4C} - System32\Tasks\{22095F36-CBF9-4B5E-83B1-4229C8025218} => C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\Silverlight.Configuration.exe
Task: {246C348E-20A1-4E68-99B4-294CEA2596C4} - System32\Tasks\{F2766D69-96EB-4A68-93C0-47F4BABA3421} => C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\Silverlight.Configuration.exe
Task: {58E04CEE-D69C-492F-96FB-B1422820A054} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {63EC71BD-0843-4D07-A24C-7E9637399B5B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-08] (AVAST Software)
Task: {8124C7DF-66A3-4EF1-8BDB-848F53F8DC6B} - System32\Tasks\{3EF8A789-04EE-42B1-860F-FB41AB790A16} => C:\Program Files\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe
Task: {93C02BEF-B409-4040-8F6D-FE4942334474} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated)
Task: {A85C86D4-ED82-4599-B959-D0E99CBFF70E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1923626264-2341716953-3562644547-1004UA => C:\Users\Porstendörfer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-04] (Facebook Inc.)
Task: {B6B6C620-67CC-48AF-A651-CBCFE6C64676} - System32\Tasks\{3A3207F0-C070-43C4-A3F7-AEAF82B4956E} => C:\Program Files\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe
Task: {C230C4A9-A80A-4A68-9E8B-11B8456B19A4} - System32\Tasks\{650E0D19-B655-434A-A101-8D313D41F4FF} => C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\Silverlight.Configuration.exe
Task: {E53A11DE-35DB-4BFF-859E-01D0A7B284B2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1923626264-2341716953-3562644547-1004Core => C:\Users\Porstendörfer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-04] (Facebook Inc.)
Task: {E85745B3-7DCD-462D-AB0A-F67E7006F719} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1923626264-2341716953-3562644547-1004Core.job => C:\Users\Porstendörfer\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1923626264-2341716953-3562644547-1004UA.job => C:\Users\Porstendörfer\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-09-25 14:22 - 2010-09-25 14:22 - 00206208 _____ () C:\Windows\PLFSetI.exe
2011-03-16 18:00 - 2008-01-22 10:35 - 00103808 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-02-20 10:16 - 2014-02-28 18:49 - 01429808 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
2014-06-05 19:58 - 2014-06-05 19:58 - 02775040 _____ () C:\Program Files\AVAST Software\Avast\defs\14060500\algo.dll
2014-06-06 07:14 - 2014-06-06 07:14 - 02775040 _____ () C:\Program Files\AVAST Software\Avast\defs\14060503\algo.dll
2014-05-11 12:53 - 2014-05-11 12:53 - 03839088 ____C () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-14 11:04 - 2014-04-07 22:33 - 00504832 ____C () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\communication.dll
2014-05-14 10:58 - 2014-04-07 22:38 - 00504320 ____C () C:\Program Files (x86)\NetRatingsNetSight\NetSight\nsmmc.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-02-20 10:13 - 2014-02-28 18:49 - 09666864 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wgui14.dll
2014-02-20 10:14 - 2014-02-28 18:48 - 00035120 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsdcom48.dll
2014-02-20 10:14 - 2014-02-28 18:48 - 00309040 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\rscorewinapi48.dll
2014-02-20 10:14 - 2014-02-28 18:48 - 00321840 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsguiwinapi48.dll
2014-02-20 10:13 - 2014-02-28 18:48 - 03786544 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wcore14.dll
2014-02-20 10:14 - 2014-02-28 18:48 - 00136496 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsodbc48.dll
2014-02-20 10:13 - 2014-02-28 18:49 - 02674480 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfvie14.dll
2014-02-20 10:14 - 2014-02-28 18:48 - 01982256 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wsteu14.dll
2014-02-20 10:14 - 2014-02-28 18:48 - 01915184 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wreli14.dll
2014-02-20 10:13 - 2014-03-03 11:46 - 04329776 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wauff14.dll
2014-02-20 10:14 - 2014-02-11 12:53 - 01043456 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-core.dll
2014-02-20 10:14 - 2014-02-11 12:53 - 00094720 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-shared.dll
2014-02-20 10:14 - 2014-02-11 12:53 - 00250368 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-contribs-lib.dll
2014-02-20 10:14 - 2014-03-03 11:46 - 01512752 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wmain14.dll
2014-02-20 10:13 - 2014-02-28 18:49 - 05099312 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae114.dll
2014-02-20 10:13 - 2014-02-28 18:49 - 01690416 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae214.dll
2014-02-20 10:13 - 2014-02-28 18:49 - 01801008 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae314.dll
2014-02-20 10:13 - 2014-02-28 18:49 - 01627952 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae414.dll
2014-02-20 10:14 - 2014-02-28 18:49 - 01115440 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau114.dll
2014-02-20 10:14 - 2014-02-28 18:49 - 01322288 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau214.dll
2014-02-20 10:14 - 2014-02-28 18:49 - 01245488 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wwerb14.dll
2014-02-20 10:14 - 2014-02-28 18:50 - 07319344 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wkont14.dll
2014-02-20 10:14 - 2014-02-28 18:49 - 01277232 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wimp14.dll
2014-02-20 10:13 - 2014-02-28 18:49 - 01330480 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfabu14.dll
2013-12-03 12:44 - 2013-12-03 12:44 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-14 11:04 - 2014-04-07 22:34 - 01246720 ____C () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\npffaddons.dll
2014-05-14 11:04 - 2014-04-07 22:35 - 00851968 ____C () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\npfirefoxprocessor.dll
2014-05-14 11:04 - 2014-04-07 22:33 - 00150528 ____C () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\npsp1.dll
2014-05-14 11:04 - 2014-04-07 22:34 - 00228864 ____C () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\npsurvey.dll
2014-05-14 11:04 - 2014-04-07 22:34 - 00224768 ____C () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\npwmi.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:0B9176C0
AlternateDataStreams: C:\ProgramData\TEMP:11590865
AlternateDataStreams: C:\ProgramData\TEMP:12258D63
AlternateDataStreams: C:\ProgramData\TEMP:363E775E
AlternateDataStreams: C:\ProgramData\TEMP:4D066AD2
AlternateDataStreams: C:\ProgramData\TEMP:4E79C4F8
AlternateDataStreams: C:\ProgramData\TEMP:53BA2DF6
AlternateDataStreams: C:\ProgramData\TEMP:5D7E5A8F
AlternateDataStreams: C:\ProgramData\TEMP:762408BA
AlternateDataStreams: C:\ProgramData\TEMP:798A3728
AlternateDataStreams: C:\ProgramData\TEMP:93DE1838
AlternateDataStreams: C:\ProgramData\TEMP:93EB7685
AlternateDataStreams: C:\ProgramData\TEMP:A9056F42
AlternateDataStreams: C:\ProgramData\TEMP:ABE89FFE
AlternateDataStreams: C:\ProgramData\TEMP:B0A727D1
AlternateDataStreams: C:\ProgramData\TEMP:D7D0B4AF
AlternateDataStreams: C:\ProgramData\TEMP:E36F5B57
AlternateDataStreams: C:\ProgramData\TEMP:F68CB1A4

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Security Driver
Description: Security Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: secdrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/06/2014 07:59:04 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/06/2014 07:58:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/05/2014 07:58:35 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/05/2014 07:58:35 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/05/2014 07:58:35 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/05/2014 07:58:35 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (06/05/2014 07:58:33 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/05/2014 07:58:33 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (06/05/2014 07:58:33 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/05/2014 07:58:33 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (06/06/2014 07:14:22 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%126

Error: (06/06/2014 07:14:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Security Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/06/2014 07:14:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NTI Backup Now 5 Scheduler Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/06/2014 07:14:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst NTI Backup Now 5 Scheduler Service erreicht.

Error: (06/06/2014 07:13:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/06/2014 07:13:28 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMService erreicht.

Error: (06/06/2014 07:12:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/06/2014 07:12:54 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMScheduler erreicht.

Error: (06/05/2014 07:59:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/05/2014 07:58:35 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.


Microsoft Office Sessions:
=========================
Error: (06/06/2014 07:59:04 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (06/06/2014 07:58:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Porstendörfer\Desktop\Sicherheit\esetsmartinstaller_enu.exe

Error: (06/05/2014 07:58:35 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/05/2014 07:58:35 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/05/2014 07:58:35 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/05/2014 07:58:35 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (06/05/2014 07:58:33 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (06/05/2014 07:58:33 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (06/05/2014 07:58:33 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (06/05/2014 07:58:33 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
4700


CodeIntegrity Errors:
===================================
  Date: 2012-04-26 18:45:47.461
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-04-26 18:45:47.367
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 42%
Total physical RAM: 3996.93 MB
Available physical RAM: 2309.18 MB
Total Pagefile: 7992.05 MB
Available Pagefile: 6120.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:190.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: A2488D17)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus 06.06.2014 08:42
Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Rapunzel 06.06.2014 16:39
Code:
# AdwCleaner v3.212 - Bericht erstellt am 06/06/2014 um 17:10:05
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Porstendörfer - ANDREAS
# Gestartet von : C:\Users\Porstendörfer\Desktop\adwcleaner_3.212.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\speedypc software
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files\003
Ordner Gelöscht : C:\Users\Porstendörfer\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Porstendörfer\AppData\LocalLow\buenosearch LTD
Ordner Gelöscht : C:\Users\Porstendörfer\AppData\LocalLow\DataMngr
Ordner Gelöscht : C:\Users\Porstendörfer\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Porstendörfer\AppData\Roaming\DriverCure
Ordner Gelöscht : C:\Users\Porstendörfer\AppData\Roaming\speedypc software
Ordner Gelöscht : C:\Users\Porstendörfer\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Porstendörfer\Documents\Updater

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension-InternalInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension-InternalInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_1712-b2fcad5e_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_1712-b2fcad5e_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\52ed68ce03ae547
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_dvdfab_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_dvdfab_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_quicktime_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_quicktime_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_tomtom-home_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_tomtom-home_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Schlüssel Gelöscht : HKCU\Software\Cr_Installer
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\speedypc software
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\speedypc software
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Trymedia Systems
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DatamngrCoordinator.exe

***** [ Browser ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\Porstendörfer\AppData\Roaming\Mozilla\Firefox\Profiles\g7glcx6n.default-1401870923548\prefs.js ]


*************************

AdwCleaner[R0].txt - [6025 octets] - [06/06/2014 16:01:52]
AdwCleaner[S0].txt - [5436 octets] - [06/06/2014 17:10:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5496 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Porstendörfer on 06.06.2014 at 17:15:46,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511311172}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181110}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r394-n-bf_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r394-n-bf_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r394-n-bf_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r394-n-bf_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\Users\Porstendörfer\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\Porstendörfer\appdata\locallow\sitefinder"



~~~ FireFox

Emptied folder: C:\Users\Porstendörfer\AppData\Roaming\mozilla\firefox\profiles\g7glcx6n.default-1401870923548\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.06.2014 at 17:29:29,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
Ran by Porstendörfer (administrator) on ANDREAS on 06-06-2014 17:33:25
Running from C:\Users\Porstendörfer\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe
(NTI, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
() C:\Windows\PLFSetI.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
() C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\NielsenOnline64.exe
(Thisisu) C:\Users\Porstendörfer\Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [503864 2009-07-20] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [818720 2010-02-26] (Acer Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-09-25] ()
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2008-03-03] (CANON INC.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [825864 2009-09-24] (Dritek System Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-27] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [NielsenOnline] => C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe [91688 2014-04-07] (The Nielsen Company)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1923626264-2341716953-3562644547-1004\...\Run: [Facebook Update] => C:\Users\Porstendörfer\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-08-04] (Facebook Inc.)
HKU\S-1-5-21-1923626264-2341716953-3562644547-1004\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\Porstendörfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Porstendörfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stillness Buddy.lnk
ShortcutTarget: Stillness Buddy.lnk -> C:\Stillness Buddy\Start Stillness Buddy.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs-001&type={partner_id}&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com/?&fr=hp-avast&type={partner_id}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5635z&r=27360211b816l0413z135i6741u202
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5635z&r=27360211b816l0413z135i6741u202
URLSearchHook: HKLM-x32 - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs-001&type={partner_id}&p={searchTerms}
SearchScopes: HKCU - {5CFA3734-F2DB-4ECC-B719-1D6C7236F087} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE417DE417
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Porstendörfer\AppData\Roaming\Mozilla\Firefox\Profiles\g7glcx6n.default-1401870923548
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll (Nielsen)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Porstendörfer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Porstendörfer\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: GMX MailCheck - C:\Users\Porstendörfer\AppData\Roaming\Mozilla\Firefox\Profiles\g7glcx6n.default-1401870923548\Extensions\toolbar@gmx.net.xpi [2014-06-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-05-01]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi
FF Extension: Nielsen NetSight - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi [2014-06-06]

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-19] (Adobe Systems)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-08] (AVAST Software)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 NielsenUpdate; C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2854952 2014-04-07] (The Nielsen Company)
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-16] (NTI, Inc.)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
S3 TermService; %SystemRoot%\System32\termsrv.dll [X]
S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-08] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-04-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-08] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R1 nnfwdk; C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\nnfwdk64.sys [26664 2014-04-07] (The Nielsen Company)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S2 secdrv; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-06 17:33 - 2014-06-06 17:33 - 02072576 ____C (Farbar) C:\Users\Porstendörfer\Downloads\FRST64.exe
2014-06-06 17:33 - 2014-06-06 17:33 - 00019356 ____C () C:\Users\Porstendörfer\Downloads\FRST.txt
2014-06-06 17:29 - 2014-06-06 17:29 - 00001816 ____C () C:\Users\Porstendörfer\Desktop\JRT.txt
2014-06-06 17:15 - 2014-06-06 17:15 - 01016261 ____C (Thisisu) C:\Users\Porstendörfer\Downloads\JRT.exe
2014-06-06 17:15 - 2014-06-06 17:15 - 00000000 ___DC () C:\Windows\ERUNT
2014-06-06 16:01 - 2014-06-06 17:10 - 00000000 ___DC () C:\AdwCleaner
2014-06-06 15:59 - 2014-06-06 15:59 - 01333465 ____C () C:\Users\Porstendörfer\Desktop\adwcleaner_3.212.exe
2014-06-06 08:04 - 2014-06-06 08:05 - 00049097 ____C () C:\Users\Porstendörfer\Desktop\Addition.txt
2014-06-06 08:04 - 2014-06-06 08:05 - 00048981 ____C () C:\Users\Porstendörfer\Desktop\FRST.txt
2014-06-06 08:02 - 2014-06-06 08:02 - 02068992 ____C (Farbar) C:\Users\Porstendörfer\Desktop\FRST64.exe
2014-06-05 19:55 - 2014-06-06 17:11 - 00000890 ____C () C:\Windows\PFRO.log
2014-06-05 19:55 - 2014-06-06 17:11 - 00000336 ____C () C:\Windows\setupact.log
2014-06-05 19:55 - 2014-06-05 19:55 - 00000000 ____C () C:\Windows\setuperr.log
2014-06-05 08:33 - 2014-06-05 08:33 - 00002788 ____C () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-05 08:33 - 2014-06-05 08:33 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-05 08:33 - 2014-06-05 08:33 - 00000000 ___DC () C:\Program Files\CCleaner
2014-06-05 08:31 - 2014-06-05 08:31 - 04748896 ____C (Piriform Ltd) C:\Users\Porstendörfer\Downloads\ccsetup414.exe
2014-06-05 08:01 - 2014-06-05 08:01 - 00003234 ____C () C:\Windows\System32\Tasks\{FB578874-50DC-4D74-8026-52C72111DE3F}
2014-06-04 10:43 - 2014-06-06 17:12 - 00122584 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-04 10:43 - 2014-06-04 10:43 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-04 10:43 - 2014-06-04 10:43 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-04 10:43 - 2014-05-12 07:26 - 00091352 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-04 10:43 - 2014-05-12 07:26 - 00063704 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-04 10:40 - 2014-06-04 10:41 - 17292760 ____C (Malwarebytes Corporation ) C:\Users\Porstendörfer\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-26 15:05 - 2014-05-26 15:05 - 00003052 ____C () C:\Windows\System32\Tasks\{650E0D19-B655-434A-A101-8D313D41F4FF}
2014-05-26 15:01 - 2014-05-26 15:01 - 00003052 ____C () C:\Windows\System32\Tasks\{F2766D69-96EB-4A68-93C0-47F4BABA3421}
2014-05-26 15:00 - 2014-05-26 15:00 - 00003052 ____C () C:\Windows\System32\Tasks\{22095F36-CBF9-4B5E-83B1-4229C8025218}
2014-05-24 15:46 - 2014-05-24 15:46 - 00003040 ____C () C:\Windows\System32\Tasks\{3EF8A789-04EE-42B1-860F-FB41AB790A16}
2014-05-24 15:45 - 2014-05-24 15:45 - 00003040 ____C () C:\Windows\System32\Tasks\{3A3207F0-C070-43C4-A3F7-AEAF82B4956E}
2014-05-20 12:26 - 2014-05-20 12:26 - 00000000 ___DC () C:\Users\Porstendörfer\Desktop\cars2
2014-05-14 20:14 - 2014-05-14 21:18 - 00000000 ___DC () C:\Users\Porstendörfer\AppData\Roaming\Spuk im Wirtshaus
2014-05-14 20:12 - 2009-09-04 17:44 - 00517960 ____C (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-05-14 20:12 - 2009-09-04 17:44 - 00515416 ____C (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2014-05-14 20:12 - 2009-09-04 17:44 - 00238936 ____C (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-05-14 20:12 - 2009-09-04 17:44 - 00176968 ____C (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-05-14 20:12 - 2009-09-04 17:44 - 00073544 ____C (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-05-14 20:12 - 2009-09-04 17:44 - 00069464 ____C (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2014-05-14 20:12 - 2009-09-04 17:29 - 05554512 ____C (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-05-14 20:12 - 2009-09-04 17:29 - 05501792 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-05-14 20:12 - 2009-09-04 17:29 - 02582888 ____C (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-05-14 20:12 - 2009-09-04 17:29 - 02475352 ____C (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-05-14 20:12 - 2009-09-04 17:29 - 01974616 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-05-14 20:12 - 2009-09-04 17:29 - 01892184 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-05-14 20:12 - 2009-09-04 17:29 - 00523088 ____C (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-05-14 20:12 - 2009-09-04 17:29 - 00453456 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2014-05-14 20:12 - 2009-09-04 17:29 - 00285024 ____C (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-05-14 20:12 - 2009-09-04 17:29 - 00235344 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-05-14 20:12 - 2009-03-16 14:18 - 00521560 ____C (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-05-14 20:12 - 2009-03-16 14:18 - 00517448 ____C (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-05-14 20:12 - 2009-03-16 14:18 - 00235352 ____C (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-05-14 20:12 - 2009-03-16 14:18 - 00174936 ____C (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-05-14 20:12 - 2009-03-16 14:18 - 00024920 ____C (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-05-14 20:12 - 2009-03-16 14:18 - 00022360 ____C (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-05-14 20:12 - 2009-03-09 15:27 - 05425496 ____C (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-05-14 20:12 - 2009-03-09 15:27 - 04178264 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-05-14 20:12 - 2009-03-09 15:27 - 02430312 ____C (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-05-14 20:12 - 2009-03-09 15:27 - 01846632 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2014-05-14 20:12 - 2009-03-09 15:27 - 00520544 ____C (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-05-14 20:12 - 2009-03-09 15:27 - 00453456 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2014-05-14 20:12 - 2008-10-27 10:04 - 00518480 ____C (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-05-14 20:12 - 2008-10-27 10:04 - 00514384 ____C (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-05-14 20:12 - 2008-10-27 10:04 - 00235856 ____C (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-05-14 20:12 - 2008-10-27 10:04 - 00175440 ____C (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-05-14 20:12 - 2008-10-27 10:04 - 00074576 ____C (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-05-14 20:12 - 2008-10-27 10:04 - 00070992 ____C (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-05-14 20:12 - 2008-10-27 10:04 - 00025936 ____C (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-05-14 20:12 - 2008-10-27 10:04 - 00023376 ____C (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-05-14 20:12 - 2008-10-15 06:22 - 05631312 ____C (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-05-14 20:12 - 2008-10-15 06:22 - 04379984 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-05-14 20:12 - 2008-10-15 06:22 - 02605920 ____C (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-05-14 20:12 - 2008-10-15 06:22 - 02036576 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-05-14 20:12 - 2008-10-15 06:22 - 00519000 ____C (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-05-14 20:12 - 2008-10-15 06:22 - 00452440 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-05-14 20:12 - 2008-07-31 10:41 - 00238088 ____C (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-05-14 20:12 - 2008-07-31 10:41 - 00177672 ____C (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-05-14 20:12 - 2008-07-31 10:41 - 00072200 ____C (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-05-14 20:12 - 2008-07-31 10:41 - 00068616 ____C (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-05-14 20:12 - 2008-07-31 10:40 - 00513544 ____C (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-05-14 20:12 - 2008-07-31 10:40 - 00509448 ____C (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-05-14 20:12 - 2008-07-10 11:01 - 00467984 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-05-14 20:12 - 2008-07-10 11:00 - 04992520 ____C (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-05-14 20:12 - 2008-07-10 11:00 - 03851784 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-05-14 20:12 - 2008-07-10 11:00 - 01942552 ____C (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-05-14 20:12 - 2008-07-10 11:00 - 01493528 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-05-14 20:12 - 2008-07-10 11:00 - 00540688 ____C (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-05-14 20:12 - 2008-05-30 14:19 - 00511496 ____C (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-05-14 20:12 - 2008-05-30 14:19 - 00507400 ____C (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2014-05-14 20:12 - 2008-05-30 14:18 - 00238088 ____C (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2014-05-14 20:12 - 2008-05-30 14:18 - 00177672 ____C (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-05-14 20:12 - 2008-05-30 14:17 - 00068104 ____C (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-05-14 20:12 - 2008-05-30 14:17 - 00065032 ____C (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2014-05-14 20:12 - 2008-05-30 14:17 - 00025608 ____C (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2014-05-14 20:12 - 2008-05-30 14:16 - 00028168 ____C (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-05-14 20:12 - 2008-05-30 14:11 - 04991496 ____C (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-05-14 20:12 - 2008-05-30 14:11 - 03850760 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2014-05-14 20:12 - 2008-05-30 14:11 - 01941528 ____C (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-05-14 20:12 - 2008-05-30 14:11 - 01491992 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2014-05-14 20:12 - 2008-05-30 14:11 - 00540688 ____C (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-05-14 20:12 - 2008-05-30 14:11 - 00467984 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2014-05-14 20:12 - 2008-03-05 16:04 - 00489480 ____C (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-05-14 20:12 - 2008-03-05 16:03 - 00479752 ____C (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2014-05-14 20:12 - 2008-03-05 16:03 - 00238088 ____C (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2014-05-14 20:12 - 2008-03-05 16:03 - 00177672 ____C (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-05-14 20:12 - 2008-03-05 16:00 - 00028168 ____C (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-05-14 20:12 - 2008-03-05 16:00 - 00025608 ____C (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2014-05-14 20:12 - 2008-03-05 15:56 - 04910088 ____C (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-05-14 20:12 - 2008-03-05 15:56 - 03786760 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2014-05-14 20:12 - 2008-03-05 15:56 - 01860120 ____C (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-05-14 20:12 - 2008-03-05 15:56 - 01420824 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2014-05-14 20:12 - 2008-02-05 23:07 - 00529424 ____C (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-05-14 20:12 - 2008-02-05 23:07 - 00462864 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2014-05-14 20:12 - 2007-10-22 03:40 - 00411656 ____C (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-05-14 20:12 - 2007-10-22 03:39 - 00267272 ____C (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2014-05-14 20:12 - 2007-10-22 03:37 - 00021000 ____C (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-05-14 20:12 - 2007-10-22 03:37 - 00017928 ____C (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2014-05-14 20:12 - 2007-10-12 15:14 - 05081608 ____C (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-05-14 20:12 - 2007-10-12 15:14 - 03734536 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2014-05-14 20:12 - 2007-10-12 15:14 - 02006552 ____C (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-05-14 20:12 - 2007-10-12 15:14 - 01374232 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2014-05-14 20:12 - 2007-10-02 09:56 - 00508264 ____C (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-05-14 20:12 - 2007-10-02 09:56 - 00444776 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2014-05-14 20:12 - 2007-07-20 00:57 - 00411496 ____C (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-05-14 20:12 - 2007-07-20 00:57 - 00267112 ____C (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2014-05-14 20:12 - 2007-07-19 18:14 - 05073256 ____C (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-05-14 20:12 - 2007-07-19 18:14 - 03727720 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2014-05-14 20:12 - 2007-07-19 18:14 - 01985904 ____C (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-05-14 20:12 - 2007-07-19 18:14 - 01358192 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2014-05-14 20:12 - 2007-07-19 18:14 - 00508264 ____C (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-05-14 20:12 - 2007-07-19 18:14 - 00444776 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2014-05-14 20:12 - 2007-06-20 20:49 - 00409960 ____C (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-05-14 20:12 - 2007-06-20 20:46 - 00266088 ____C (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2014-05-14 20:12 - 2007-05-16 16:45 - 04496232 ____C (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-05-14 20:12 - 2007-05-16 16:45 - 03497832 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2014-05-14 20:12 - 2007-05-16 16:45 - 01401200 ____C (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-05-14 20:12 - 2007-05-16 16:45 - 01124720 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2014-05-14 20:12 - 2007-05-16 16:45 - 00506728 ____C (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-05-14 20:12 - 2007-05-16 16:45 - 00443752 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2014-05-14 20:12 - 2007-04-04 18:55 - 00403304 ____C (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-05-14 20:12 - 2007-04-04 18:55 - 00261480 ____C (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2014-05-14 20:12 - 2007-04-04 18:54 - 00107368 ____C (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-05-14 20:12 - 2007-04-04 18:53 - 00081768 ____C (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-05-14 20:12 - 2007-03-15 16:57 - 00506728 ____C (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-05-14 20:12 - 2007-03-15 16:57 - 00443752 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2014-05-14 20:12 - 2007-03-12 16:42 - 04494184 ____C (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-05-14 20:12 - 2007-03-12 16:42 - 03495784 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2014-05-14 20:12 - 2007-03-12 16:42 - 01400176 ____C (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-05-14 20:12 - 2007-03-12 16:42 - 01123696 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2014-05-14 20:11 - 2007-03-05 12:42 - 00017688 ____C (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-05-14 20:11 - 2007-03-05 12:42 - 00015128 ____C (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2014-05-14 20:08 - 2014-05-14 20:08 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unheimliche Geschichten
2014-05-14 20:06 - 2014-05-14 20:08 - 00000000 ___DC () C:\Program Files (x86)\Unheimliche Geschichten
2014-05-14 11:04 - 2014-05-14 11:04 - 00000000 ___HC () C:\Windows\system32\Drivers\Msft_Kernel_nnfwdk64_01009.Wdf
2014-05-14 10:58 - 2014-05-14 10:58 - 00000890 ____C () C:\nsinst.log
2014-05-14 10:58 - 2014-05-14 10:58 - 00000000 ___DC () C:\Program Files (x86)\NetRatingsNetSight
2014-05-11 12:52 - 2014-05-11 12:53 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 12:33 - 2014-05-09 12:33 - 00264616 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-09 12:33 - 2014-05-09 12:33 - 00096168 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-09 12:33 - 2014-05-09 12:32 - 00175528 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-09 12:33 - 2014-05-09 12:32 - 00175016 ____C (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-08 13:42 - 2014-05-08 13:42 - 00043152 ____C (AVAST Software) C:\Windows\avastSS.scr
2014-05-08 13:42 - 2014-05-08 13:42 - 00029208 ____C () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-08 12:32 - 2014-05-08 12:31 - 00313256 ____C (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-08 12:31 - 2014-05-08 12:31 - 00189352 ____C (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-08 12:31 - 2014-05-08 12:31 - 00189352 ____C (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-08 12:31 - 2014-05-08 12:31 - 00108968 ____C (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-05-08 12:30 - 2014-05-08 12:30 - 00000000 ___DC () C:\Program Files\Java

==================== One Month Modified Files and Folders =======

2014-06-06 17:33 - 2014-06-06 17:33 - 02072576 ____C (Farbar) C:\Users\Porstendörfer\Downloads\FRST64.exe
2014-06-06 17:33 - 2014-06-06 17:33 - 00019356 ____C () C:\Users\Porstendörfer\Downloads\FRST.txt
2014-06-06 17:33 - 2012-04-27 01:40 - 00000000 ___DC () C:\FRST
2014-06-06 17:33 - 2012-04-26 20:19 - 00000000 ___DC () C:\Users\Porstendörfer\AppData\Local\temp
2014-06-06 17:31 - 2012-08-29 07:34 - 00000884 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-06 17:29 - 2014-06-06 17:29 - 00001816 ____C () C:\Users\Porstendörfer\Desktop\JRT.txt
2014-06-06 17:20 - 2009-07-14 06:45 - 00009696 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-06 17:20 - 2009-07-14 06:45 - 00009696 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-06 17:15 - 2014-06-06 17:15 - 01016261 ____C (Thisisu) C:\Users\Porstendörfer\Downloads\JRT.exe
2014-06-06 17:15 - 2014-06-06 17:15 - 00000000 ___DC () C:\Windows\ERUNT
2014-06-06 17:12 - 2014-06-04 10:43 - 00122584 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-06 17:11 - 2014-06-05 19:55 - 00000890 ____C () C:\Windows\PFRO.log
2014-06-06 17:11 - 2014-06-05 19:55 - 00000336 ____C () C:\Windows\setupact.log
2014-06-06 17:11 - 2009-07-14 07:08 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2014-06-06 17:10 - 2014-06-06 16:01 - 00000000 ___DC () C:\AdwCleaner
2014-06-06 17:10 - 2010-09-25 14:07 - 01848145 ____C () C:\Windows\WindowsUpdate.log
2014-06-06 15:59 - 2014-06-06 15:59 - 01333465 ____C () C:\Users\Porstendörfer\Desktop\adwcleaner_3.212.exe
2014-06-06 08:05 - 2014-06-06 08:04 - 00049097 ____C () C:\Users\Porstendörfer\Desktop\Addition.txt
2014-06-06 08:05 - 2014-06-06 08:04 - 00048981 ____C () C:\Users\Porstendörfer\Desktop\FRST.txt
2014-06-06 08:02 - 2014-06-06 08:02 - 02068992 ____C (Farbar) C:\Users\Porstendörfer\Desktop\FRST64.exe
2014-06-06 07:17 - 2012-06-14 09:37 - 00000000 ___DC () C:\Users\Porstendörfer\Desktop\Sicherheit
2014-06-06 07:14 - 2012-07-11 17:33 - 00004182 ____C () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-05 21:19 - 2013-08-04 15:14 - 00000960 ____C () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1923626264-2341716953-3562644547-1004UA.job
2014-06-05 19:55 - 2014-06-05 19:55 - 00000000 ____C () C:\Windows\setuperr.log
2014-06-05 08:42 - 2011-02-02 11:45 - 00000000 ___DC () C:\Users\Porstendörfer\AppData\Local\Google
2014-06-05 08:42 - 2010-04-08 17:15 - 00000000 ___DC () C:\Program Files (x86)\Google
2014-06-05 08:34 - 2007-07-12 03:49 - 00000000 ___DC () C:\Windows\Panther
2014-06-05 08:33 - 2014-06-05 08:33 - 00002788 ____C () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-05 08:33 - 2014-06-05 08:33 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-05 08:33 - 2014-06-05 08:33 - 00000000 ___DC () C:\Program Files\CCleaner
2014-06-05 08:31 - 2014-06-05 08:31 - 04748896 ____C (Piriform Ltd) C:\Users\Porstendörfer\Downloads\ccsetup414.exe
2014-06-05 08:01 - 2014-06-05 08:01 - 00003234 ____C () C:\Windows\System32\Tasks\{FB578874-50DC-4D74-8026-52C72111DE3F}
2014-06-05 06:05 - 2013-01-13 15:38 - 00000000 ___DC () C:\Program Files (x86)\FLVPlayer
2014-06-04 20:11 - 2013-08-04 15:14 - 00000938 ____C () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1923626264-2341716953-3562644547-1004Core.job
2014-06-04 10:43 - 2014-06-04 10:43 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-04 10:43 - 2014-06-04 10:43 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-04 10:43 - 2012-04-26 20:24 - 00000000 ___DC () C:\Users\Porstendörfer\AppData\Roaming\Malwarebytes
2014-06-04 10:43 - 2012-04-26 20:23 - 00000000 ___DC () C:\ProgramData\Malwarebytes
2014-06-04 10:41 - 2014-06-04 10:40 - 17292760 ____C (Malwarebytes Corporation ) C:\Users\Porstendörfer\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-04 10:35 - 2013-05-23 15:32 - 00000000 ___DC () C:\Users\Porstendörfer\Desktop\Alte Firefox-Daten
2014-06-04 10:09 - 2013-07-08 20:35 - 00000000 ___DC () C:\Users\Porstendörfer\AppData\Roaming\Skype
2014-06-04 06:24 - 2013-09-06 11:48 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
2014-06-01 21:55 - 2011-03-16 18:00 - 00000000 ___DC () C:\ProgramData\CanonIJPLM
2014-05-26 15:05 - 2014-05-26 15:05 - 00003052 ____C () C:\Windows\System32\Tasks\{650E0D19-B655-434A-A101-8D313D41F4FF}
2014-05-26 15:01 - 2014-05-26 15:01 - 00003052 ____C () C:\Windows\System32\Tasks\{F2766D69-96EB-4A68-93C0-47F4BABA3421}
2014-05-26 15:00 - 2014-05-26 15:00 - 00003052 ____C () C:\Windows\System32\Tasks\{22095F36-CBF9-4B5E-83B1-4229C8025218}
2014-05-24 16:01 - 2013-04-04 11:45 - 00000000 ___DC () C:\Users\Porstendörfer\Documents\Mein Steuer-Sparbuch Heute
2014-05-24 15:46 - 2014-05-24 15:46 - 00003040 ____C () C:\Windows\System32\Tasks\{3EF8A789-04EE-42B1-860F-FB41AB790A16}
2014-05-24 15:45 - 2014-05-24 15:45 - 00003040 ____C () C:\Windows\System32\Tasks\{3A3207F0-C070-43C4-A3F7-AEAF82B4956E}
2014-05-23 09:15 - 2012-04-25 08:44 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-21 12:00 - 2012-04-28 18:56 - 00002441 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-21 11:12 - 2010-09-25 23:58 - 00716208 ____C () C:\Windows\system32\perfh007.dat
2014-05-21 11:12 - 2010-09-25 23:58 - 00156302 ____C () C:\Windows\system32\perfc007.dat
2014-05-21 11:12 - 2009-07-14 07:13 - 01659858 ____C () C:\Windows\system32\PerfStringBackup.INI
2014-05-20 12:26 - 2014-05-20 12:26 - 00000000 ___DC () C:\Users\Porstendörfer\Desktop\cars2
2014-05-15 19:52 - 2014-03-29 21:16 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox.bak
2014-05-15 13:42 - 2014-01-10 19:10 - 00085328 ____C (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-15 13:42 - 2012-05-01 20:24 - 01039096 ____C (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 13:42 - 2012-05-01 20:24 - 00423240 ____C (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-15 12:08 - 2012-08-29 07:34 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-15 12:08 - 2012-04-28 19:05 - 00692400 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 12:08 - 2011-06-11 06:25 - 00070832 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 21:18 - 2014-05-14 20:14 - 00000000 ___DC () C:\Users\Porstendörfer\AppData\Roaming\Spuk im Wirtshaus
2014-05-14 20:08 - 2014-05-14 20:08 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unheimliche Geschichten
2014-05-14 20:08 - 2014-05-14 20:06 - 00000000 ___DC () C:\Program Files (x86)\Unheimliche Geschichten
2014-05-14 11:04 - 2014-05-14 11:04 - 00000000 ___HC () C:\Windows\system32\Drivers\Msft_Kernel_nnfwdk64_01009.Wdf
2014-05-14 10:58 - 2014-05-14 10:58 - 00000890 ____C () C:\nsinst.log
2014-05-14 10:58 - 2014-05-14 10:58 - 00000000 ___DC () C:\Program Files (x86)\NetRatingsNetSight
2014-05-12 07:26 - 2014-06-04 10:43 - 00091352 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-04 10:43 - 00063704 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2012-04-26 20:23 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 12:53 - 2014-05-11 12:52 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 20:28 - 2011-03-27 16:35 - 00000000 ___DC () C:\Users\Porstendörfer\Desktop\Andreas
2014-05-09 13:14 - 2011-04-12 13:44 - 00000000 ___DC () C:\Program Files (x86)\Buhl finance
2014-05-09 13:14 - 2010-04-08 16:31 - 00000000 __HDC () C:\Program Files (x86)\InstallShield Installation Information
2014-05-09 13:13 - 2009-07-14 05:20 - 00000000 __RDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-09 12:39 - 2013-07-01 17:14 - 00001074 ____C () C:\Users\Public\Desktop\VLC media player.lnk
2014-05-09 12:38 - 2013-09-26 11:52 - 00000000 ___DC () C:\ProgramData\Oracle
2014-05-09 12:33 - 2014-05-09 12:33 - 00264616 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-09 12:33 - 2014-05-09 12:33 - 00096168 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-09 12:32 - 2014-05-09 12:33 - 00175528 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-09 12:32 - 2014-05-09 12:33 - 00175016 ____C (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-09 12:32 - 2012-04-28 17:13 - 00000000 ___DC () C:\Program Files (x86)\Java
2014-05-08 13:42 - 2014-05-08 13:42 - 00043152 ____C (AVAST Software) C:\Windows\avastSS.scr
2014-05-08 13:42 - 2014-05-08 13:42 - 00029208 ____C () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-08 13:42 - 2013-03-20 13:37 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-08 13:42 - 2013-03-20 13:37 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-08 13:42 - 2012-05-01 20:24 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1400154147536
2014-05-08 13:42 - 2012-05-01 20:24 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1400154147536
2014-05-08 13:42 - 2012-05-01 20:24 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-08 13:42 - 2012-05-01 20:23 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-08 13:42 - 2012-05-01 20:23 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-08 12:31 - 2014-05-08 12:32 - 00313256 ____C (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-08 12:31 - 2014-05-08 12:31 - 00189352 ____C (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-08 12:31 - 2014-05-08 12:31 - 00189352 ____C (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-08 12:31 - 2014-05-08 12:31 - 00108968 ____C (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-05-08 12:30 - 2014-05-08 12:30 - 00000000 ___DC () C:\Program Files\Java

Some content of TEMP:
====================
C:\Users\Porstendörfer\AppData\Local\temp\BuenoSearchTB[1].exe
C:\Users\Porstendörfer\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 21:40

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

hm, eine Addition.txt zeigt er mir nicht an.

cosinus 07.06.2014 01:30
Zitat:
hm, eine Addition.txt zeigt er mir nicht an.
:D :D :D


http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

Rapunzel 07.06.2014 04:53
Code:

LastRegBack: 2014-05-29 21:40

==================== End Of Log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2014
Ran by Porstendörfer at 2014-06-07 05:49:09
Running from C:\Users\Porstendörfer\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
Acer Crystal Eye webcam Ver:1.1.160.210 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.160.210 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3007 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3011 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1) (Version: 6.1.0.2 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.11.1209 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3002 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Bridge 1.0 (x32 Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adressenverwaltung (HKLM-x32\...\{F4A841BD-7E4D-4F6E-9347-68139A80D70A}) (Version: 5.0.08 - VR-Software)
Ahnenblatt 2.64 (HKLM-x32\...\Ahnenblatt_is1) (Version: 2.64.1.3 - Dirk Boettcher)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.17 - Atheros Communications Inc.)
avast! Pro Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - )
Business Contact Manager für Outlook 2007 SP2 (HKLM-x32\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version:  - )
Canon MP260 series Benutzerregistrierung (HKLM-x32\...\Canon MP260 series Benutzerregistrierung) (Version:  - )
Canon MP260 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP260_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.9.0 - Conexant)
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4FE6ABAF-20F3-4F5F-A966-380FDAE9A31A}) (Version:  - Microsoft)
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
Finanzfuchs Haushaltsbuch 2005 2.08  (HKLM-x32\...\Finanzfuchs Haushaltsbuch 2005) (Version: 2.08 - Franzis)
FLV Player Packages (HKCU\...\FLV Player Packages) (Version:  - ) <==== ATTENTION
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version:  - Oberon Media)
Graboid Video 2.03 (HKLM-x32\...\Graboid Video) (Version: 2.03 - Graboid Inc.)
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Inkjet Printer/Scanner Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5.10.75 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.5.10.75 - InterVideo Inc.) Hidden
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.04 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MD Adressbuch 2011 (HKLM-x32\...\MD Adressbuch 2011_is1) (Version:  - Stefan Göppert Softwareentwicklung)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office O MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
Microsoft Office SharePoint Designer MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{7C39E0D1-E138-42B1-B083-213EC2CF7692}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 5.0.0.1168 - MyHeritage.com)
Nielsen (HKLM-x32\...\NetSight) (Version:  - )
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.630 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.630 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6635 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6635 - NewTech Infosystems) Hidden
Oddly Enough: Der Rattenfänger von Hameln (HKLM-x32\...\BFG-Oddly Enough - Der Rattenfaenger von Hameln) (Version:  - )
PDF24 Creator 5.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Pixum Fotobuch (HKLM-x32\...\Pixum Fotobuch) (Version:  - )
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30094 - Realtek Semiconductor Corp.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Softwarenetz Haushaltsbuch5 (HKLM-x32\...\Haushaltsbuch5) (Version:  - Softwarenetz)
Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version:  - Oberon Media)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.6.0 - Synaptics Incorporated)
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Unheimliche Geschichten (HKLM-x32\...\Unheimliche Geschichten) (Version:  - )
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM-x32\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3D1F379C-AA64-4823-90A4-A8DDD4B48C21}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7AC49FC8-F8D2-4DD8-9086-09E52385A21F}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{E6EAF5E1-5E2A-4E4F-847E-97B45179E45B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{17E7B9AB-2DD2-457D-8D8E-CD14ACA973FE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{15058154-469F-4794-ACD5-94F8420F9B80}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{D1688F5A-9A61-42F0-B8D0-2C9DF315A141}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{32E700B9-1A94-48B4-99E1-CB8BD5F7340A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{C8694FF0-8203-483B-A07A-2BC40433167D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{28FAC187-7C0E-413A-B90A-76F19D0FBF30}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4D98EEEA-A31B-42FA-991A-F989594F4DA5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4D98EEEA-A31B-42FA-991A-F989594F4DA5}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{BEBC2484-290C-46AD-9834-6DAD1FA80273}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{0C175ED0-26B9-4B09-AFA9-3F16A03A29B9}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BEBC2484-290C-46AD-9834-6DAD1FA80273}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{FB95DCF2-C3FD-44E4-ABFC-1B082885703F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38990592-F6A1-4A26-96C7-0600E36AE794}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{81CA2EFA-7250-4B1E-B3A6-E0595224E2CD}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebEx Event-Manager für Firefox oder Chrome  (HKLM-x32\...\{2E732021-24C0-4D96-9B27-1876A7A143A2}) (Version: 28.11.0.16469 - Cisco WebEx LLC)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.01.3002 - Acer Incorporated)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{BF0EA47F-0ED2-44CE-A8A4-644A85274F0D}) (Version: 21.00.8480 - Buhl Data Service GmbH)

==================== Restore Points  =========================

24-05-2014 13:48:03 Removed Microsoft Silverlight
24-05-2014 14:09:25 Removed Microsoft Silverlight
26-05-2014 09:50:26 Removed Microsoft Silverlight
01-06-2014 19:51:30 Removed Microsoft Silverlight

==================== Hosts content: ==========================

2009-07-14 04:34 - 2012-09-28 07:26 - 00000098 ___AC C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
::1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {118DAEDE-6B0D-406E-B8FC-59D94D580C2F} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {2467DCFC-DACF-48D3-BDCC-8DB1884B0A4C} - System32\Tasks\{22095F36-CBF9-4B5E-83B1-4229C8025218} => C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\Silverlight.Configuration.exe
Task: {246C348E-20A1-4E68-99B4-294CEA2596C4} - System32\Tasks\{F2766D69-96EB-4A68-93C0-47F4BABA3421} => C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\Silverlight.Configuration.exe
Task: {58E04CEE-D69C-492F-96FB-B1422820A054} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {63EC71BD-0843-4D07-A24C-7E9637399B5B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-08] (AVAST Software)
Task: {8124C7DF-66A3-4EF1-8BDB-848F53F8DC6B} - System32\Tasks\{3EF8A789-04EE-42B1-860F-FB41AB790A16} => C:\Program Files\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe
Task: {93C02BEF-B409-4040-8F6D-FE4942334474} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated)
Task: {A85C86D4-ED82-4599-B959-D0E99CBFF70E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1923626264-2341716953-3562644547-1004UA => C:\Users\Porstendörfer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-04] (Facebook Inc.)
Task: {B6B6C620-67CC-48AF-A651-CBCFE6C64676} - System32\Tasks\{3A3207F0-C070-43C4-A3F7-AEAF82B4956E} => C:\Program Files\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe
Task: {C230C4A9-A80A-4A68-9E8B-11B8456B19A4} - System32\Tasks\{650E0D19-B655-434A-A101-8D313D41F4FF} => C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\Silverlight.Configuration.exe
Task: {E53A11DE-35DB-4BFF-859E-01D0A7B284B2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1923626264-2341716953-3562644547-1004Core => C:\Users\Porstendörfer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-04] (Facebook Inc.)
Task: {E85745B3-7DCD-462D-AB0A-F67E7006F719} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1923626264-2341716953-3562644547-1004Core.job => C:\Users\Porstendörfer\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1923626264-2341716953-3562644547-1004UA.job => C:\Users\Porstendörfer\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-03-16 18:00 - 2008-01-22 10:35 - 00103808 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2010-09-25 14:22 - 2010-09-25 14:22 - 00206208 _____ () C:\Windows\PLFSetI.exe
2014-02-20 10:16 - 2014-02-28 18:49 - 01429808 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
2014-06-06 20:40 - 2014-06-06 20:40 - 02775040 _____ () C:\Program Files\AVAST Software\Avast\defs\14060601\algo.dll
2014-05-14 11:04 - 2014-04-07 22:33 - 00504832 ____C () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\communication.dll
2014-05-14 10:58 - 2014-04-07 22:38 - 00504320 ____C () C:\Program Files (x86)\NetRatingsNetSight\NetSight\nsmmc.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-02-20 10:13 - 2014-02-28 18:49 - 09666864 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wgui14.dll
2014-02-20 10:14 - 2014-02-28 18:48 - 00035120 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsdcom48.dll
2014-02-20 10:14 - 2014-02-28 18:48 - 00309040 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\rscorewinapi48.dll
2014-02-20 10:14 - 2014-02-28 18:48 - 00321840 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsguiwinapi48.dll
2014-02-20 10:13 - 2014-02-28 18:48 - 03786544 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wcore14.dll
2014-02-20 10:14 - 2014-02-28 18:48 - 00136496 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsodbc48.dll
2014-02-20 10:13 - 2014-02-28 18:49 - 02674480 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfvie14.dll
2014-02-20 10:14 - 2014-02-28 18:48 - 01982256 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wsteu14.dll
2014-02-20 10:14 - 2014-02-28 18:48 - 01915184 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wreli14.dll
2014-02-20 10:13 - 2014-03-03 11:46 - 04329776 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wauff14.dll
2014-02-20 10:14 - 2014-02-11 12:53 - 01043456 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-core.dll
2014-02-20 10:14 - 2014-02-11 12:53 - 00094720 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-shared.dll
2014-02-20 10:14 - 2014-02-11 12:53 - 00250368 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-contribs-lib.dll
2014-02-20 10:14 - 2014-03-03 11:46 - 01512752 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wmain14.dll
2014-02-20 10:13 - 2014-02-28 18:49 - 05099312 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae114.dll
2014-02-20 10:13 - 2014-02-28 18:49 - 01690416 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae214.dll
2014-02-20 10:13 - 2014-02-28 18:49 - 01801008 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae314.dll
2014-02-20 10:13 - 2014-02-28 18:49 - 01627952 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae414.dll
2014-02-20 10:14 - 2014-02-28 18:49 - 01115440 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau114.dll
2014-02-20 10:14 - 2014-02-28 18:49 - 01322288 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau214.dll
2014-02-20 10:14 - 2014-02-28 18:49 - 01245488 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wwerb14.dll
2014-02-20 10:14 - 2014-02-28 18:50 - 07319344 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wkont14.dll
2014-02-20 10:14 - 2014-02-28 18:49 - 01277232 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wimp14.dll
2014-02-20 10:13 - 2014-02-28 18:49 - 01330480 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfabu14.dll
2013-12-03 12:44 - 2013-12-03 12:44 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-14 11:04 - 2014-04-07 22:34 - 01246720 ____C () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\npffaddons.dll
2014-05-14 11:04 - 2014-04-07 22:35 - 00851968 ____C () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\npfirefoxprocessor.dll
2014-05-14 11:04 - 2014-04-07 22:33 - 00150528 ____C () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\npsp1.dll
2014-05-14 11:04 - 2014-04-07 22:34 - 00228864 ____C () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\npsurvey.dll
2014-05-14 11:04 - 2014-04-07 22:34 - 00224768 ____C () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\npwmi.dll
2014-05-11 12:53 - 2014-05-11 12:53 - 03839088 ____C () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-15 12:08 - 2014-05-15 12:08 - 16361136 ____C () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:0B9176C0
AlternateDataStreams: C:\ProgramData\TEMP:11590865
AlternateDataStreams: C:\ProgramData\TEMP:12258D63
AlternateDataStreams: C:\ProgramData\TEMP:363E775E
AlternateDataStreams: C:\ProgramData\TEMP:4D066AD2
AlternateDataStreams: C:\ProgramData\TEMP:4E79C4F8
AlternateDataStreams: C:\ProgramData\TEMP:53BA2DF6
AlternateDataStreams: C:\ProgramData\TEMP:5D7E5A8F
AlternateDataStreams: C:\ProgramData\TEMP:762408BA
AlternateDataStreams: C:\ProgramData\TEMP:798A3728
AlternateDataStreams: C:\ProgramData\TEMP:93DE1838
AlternateDataStreams: C:\ProgramData\TEMP:93EB7685
AlternateDataStreams: C:\ProgramData\TEMP:A9056F42
AlternateDataStreams: C:\ProgramData\TEMP:ABE89FFE
AlternateDataStreams: C:\ProgramData\TEMP:B0A727D1
AlternateDataStreams: C:\ProgramData\TEMP:D7D0B4AF
AlternateDataStreams: C:\ProgramData\TEMP:E36F5B57
AlternateDataStreams: C:\ProgramData\TEMP:F68CB1A4

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Security Driver
Description: Security Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: secdrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (06/07/2014 05:44:47 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%126

Error: (06/07/2014 05:44:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Security Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/06/2014 05:41:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%126

Error: (06/06/2014 05:41:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Security Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2012-04-26 18:45:47.461
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-04-26 18:45:47.367
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 42%
Total physical RAM: 3996.93 MB
Available physical RAM: 2314.26 MB
Total Pagefile: 7992.05 MB
Available Pagefile: 6226.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:190.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: A2488D17)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

==================== End Of Log ============================
also an dem Schnelligkeitsproblem hat sich bisher nur bedingt was geändert. Er ist mir gestern Abend wieder nach ner Stunde abgeschmiert (nur zur Info)

cosinus 07.06.2014 12:43
Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Rapunzel 08.06.2014 14:51
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 07.06.2014
Suchlauf-Zeit: 14:31:39
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.06.07.02
Rootkit Datenbank: v2014.06.02.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Porstendörfer

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 326470
Verstrichene Zeit: 15 Min, 58 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=40827b6ac8dffd42a5134a1665ecef3f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-27 11:54:01
# local_time=2012-04-28 01:54:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777214 0 3 107580 107580 0 0
# compatibility_mode=5893 16776574 100 94 26138993 87196255 0 0
# compatibility_mode=8192 67108863 100 0 437 437 0 0
# scanned=216446
# found=0
# cleaned=0
# scan_time=4604
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=40827b6ac8dffd42a5134a1665ecef3f
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-28 12:21:55
# local_time=2012-04-28 02:21:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=5121 16777214 0 3 113631 113631 0 0
# compatibility_mode=5893 16776574 100 94 26145044 87202306 0 0
# compatibility_mode=8192 67108863 100 0 6488 6488 0 0
# scanned=535
# found=0
# cleaned=0
# scan_time=79
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=40827b6ac8dffd42a5134a1665ecef3f
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-26 09:54:52
# local_time=2012-09-26 11:54:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=5893 16776574 100 94 39221922 100279184 0 0
# compatibility_mode=8192 67108863 100 0 13083366 13083366 0 0
# scanned=103131
# found=1
# cleaned=0
# scan_time=4126
C:\Users\Porstendörfer\AppData\Local\temp\SetupDataMngr_Searchqu.exe        multiple threats (unable to clean)        00000000000000000000000000000000        I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=40827b6ac8dffd42a5134a1665ecef3f
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-26 04:12:00
# local_time=2012-09-26 06:12:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=5893 16776574 100 94 39248508 100305770 0 0
# compatibility_mode=8192 67108863 100 0 13109952 13109952 0 0
# scanned=22
# found=0
# cleaned=0
# scan_time=11
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=40827b6ac8dffd42a5134a1665ecef3f
# engine=18558
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-05 04:06:15
# local_time=2014-06-05 06:06:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=782 16777213 100 97 288550 166361665 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 92513763 153571025 0 0
# scanned=221874
# found=7
# cleaned=5
# scan_time=31412
sh=3972109B1974BEA7EAA2CFCAF92269548E9C2E72 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\43WFD7JQ\monetizationLoader[1].js"
sh=710CDC0F01EB25B609E4355FAB810E25344CA26C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AE9X83S7\monetizationLoader[1].js"
sh=9B65A06B630598916A1574E7A16201AAF04B430D ft=1 fh=afff72e543a80d66 vn="Win32/InstallCore.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\FLVPlayer\FLVPlayer.exe"
sh=52F11DD8D8841DC6518E0509E7993B99F9BCA9C6 ft=1 fh=af07e7ddbff033f0 vn="a variant of Win32/InstallCore.D potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\FLVPlayer\Uninstall\Uninstall.exe"
sh=710CDC0F01EB25B609E4355FAB810E25344CA26C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Porstendörfer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3213CFO\monetizationLoader[1].js"
sh=3972109B1974BEA7EAA2CFCAF92269548E9C2E72 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\43WFD7JQ\monetizationLoader[1].js"
sh=710CDC0F01EB25B609E4355FAB810E25344CA26C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AE9X83S7\monetizationLoader[1].js"
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=40827b6ac8dffd42a5134a1665ecef3f
# engine=18609
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-08 07:41:26
# local_time=2014-06-08 09:41:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=782 16777213 100 97 144060 166633776 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 92785874 153843136 0 0
# scanned=214579
# found=0
# cleaned=0
# scan_time=66216
so der Avast hatte mir jetzt grad noch ne Meldung gebracht, aber ich denke das könnte sein weil ESET noch nicht deinstalliert war zu der Zeit (zum Scan hab ich Avast deaktiviert, nach dem Neustart war er aber wieder aktiv).
Er hat als Bedrohung eine Win32:Dropper.gen[Drp] erkannt einmal ein File buscts.exe und buscts3.exe er wollte dann einen Scan beim nochmaligen Neustart und hat dann keine Bedrohungen mehr gefunden (da war ESET aber auch wieder deinstalliert.

Hm, also das Problem besteht nach wie vor, auch wenn ESET und Mailwarebytes nichts finden. Nach ca. einer Stunde wird der Rechner super langsam. Alles was mir dann bleibt ist den Rechner neu zu starten, wenn ich das mache erscheint erst noch das Fenster Hintergrundprogramme schliessen... Das Fenster ist schwarz, es wird mir also nciht angezeigt was geschlossen wird.
Wenn ich den Task-Manager starte sehe ich auch nur die Fenster die offen sind. Normalerweise kann ich mir ja auch die Prozesse und CPU Auslastung anschaun, diese Fenster sind aber verschwunden.
Was kann das denn sein?

cosinus 08.06.2014 15:53
Mach mal neue Logs mit FRST...vllt entdecke ich in den frischen Logs noch was

Rapunzel 08.06.2014 16:11
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2014
Ran by Porstendörfer at 2014-06-08 17:08:53
Running from C:\Users\Porstendörfer\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
Acer Crystal Eye webcam Ver:1.1.160.210 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.160.210 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3007 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3011 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1) (Version: 6.1.0.2 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.11.1209 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3002 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Bridge 1.0 (x32 Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adressenverwaltung (HKLM-x32\...\{F4A841BD-7E4D-4F6E-9347-68139A80D70A}) (Version: 5.0.08 - VR-Software)
Ahnenblatt 2.64 (HKLM-x32\...\Ahnenblatt_is1) (Version: 2.64.1.3 - Dirk Boettcher)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.17 - Atheros Communications Inc.)
avast! Pro Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - )
Business Contact Manager für Outlook 2007 SP2 (HKLM-x32\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version:  - )
Canon MP260 series Benutzerregistrierung (HKLM-x32\...\Canon MP260 series Benutzerregistrierung) (Version:  - )
Canon MP260 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP260_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.9.0 - Conexant)
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4FE6ABAF-20F3-4F5F-A966-380FDAE9A31A}) (Version:  - Microsoft)
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
Finanzfuchs Haushaltsbuch 2005 2.08  (HKLM-x32\...\Finanzfuchs Haushaltsbuch 2005) (Version: 2.08 - Franzis)
FLV Player Packages (HKCU\...\FLV Player Packages) (Version:  - ) <==== ATTENTION
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version:  - Oberon Media)
Graboid Video 2.03 (HKLM-x32\...\Graboid Video) (Version: 2.03 - Graboid Inc.)
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Inkjet Printer/Scanner Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5.10.75 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.5.10.75 - InterVideo Inc.) Hidden
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.04 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MD Adressbuch 2011 (HKLM-x32\...\MD Adressbuch 2011_is1) (Version:  - Stefan Göppert Softwareentwicklung)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office O MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
Microsoft Office SharePoint Designer MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{7C39E0D1-E138-42B1-B083-213EC2CF7692}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 5.0.0.1168 - MyHeritage.com)
Nielsen (HKLM-x32\...\NetSight) (Version:  - )
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.630 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.630 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6635 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6635 - NewTech Infosystems) Hidden
Oddly Enough: Der Rattenfänger von Hameln (HKLM-x32\...\BFG-Oddly Enough - Der Rattenfaenger von Hameln) (Version:  - )
PDF24 Creator 5.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Pixum Fotobuch (HKLM-x32\...\Pixum Fotobuch) (Version:  - )
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30094 - Realtek Semiconductor Corp.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Softwarenetz Haushaltsbuch5 (HKLM-x32\...\Haushaltsbuch5) (Version:  - Softwarenetz)
Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version:  - Oberon Media)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.6.0 - Synaptics Incorporated)
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Unheimliche Geschichten (HKLM-x32\...\Unheimliche Geschichten) (Version:  - )
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM-x32\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3D1F379C-AA64-4823-90A4-A8DDD4B48C21}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7AC49FC8-F8D2-4DD8-9086-09E52385A21F}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{E6EAF5E1-5E2A-4E4F-847E-97B45179E45B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{17E7B9AB-2DD2-457D-8D8E-CD14ACA973FE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{15058154-469F-4794-ACD5-94F8420F9B80}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{D1688F5A-9A61-42F0-B8D0-2C9DF315A141}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{32E700B9-1A94-48B4-99E1-CB8BD5F7340A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{C8694FF0-8203-483B-A07A-2BC40433167D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{28FAC187-7C0E-413A-B90A-76F19D0FBF30}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4D98EEEA-A31B-42FA-991A-F989594F4DA5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4D98EEEA-A31B-42FA-991A-F989594F4DA5}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{BEBC2484-290C-46AD-9834-6DAD1FA80273}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{0C175ED0-26B9-4B09-AFA9-3F16A03A29B9}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BEBC2484-290C-46AD-9834-6DAD1FA80273}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{FB95DCF2-C3FD-44E4-ABFC-1B082885703F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38990592-F6A1-4A26-96C7-0600E36AE794}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{81CA2EFA-7250-4B1E-B3A6-E0595224E2CD}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebEx Event-Manager für Firefox oder Chrome  (HKLM-x32\...\{3104A47C-6D0F-4221-971E-4723BEB13750}) (Version: 28.12.6.17378 - Cisco WebEx LLC)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.01.3002 - Acer Incorporated)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{BF0EA47F-0ED2-44CE-A8A4-644A85274F0D}) (Version: 21.00.8480 - Buhl Data Service GmbH)

==================== Restore Points  =========================

01-06-2014 19:51:30 Removed Microsoft Silverlight
07-06-2014 06:00:16 WebEx Event-Manager für Firefox oder Chrome  wird installiert

==================== Hosts content: ==========================

2009-07-14 04:34 - 2012-09-28 07:26 - 00000098 ___AC C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
::1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {118DAEDE-6B0D-406E-B8FC-59D94D580C2F} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {2467DCFC-DACF-48D3-BDCC-8DB1884B0A4C} - System32\Tasks\{22095F36-CBF9-4B5E-83B1-4229C8025218} => C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\Silverlight.Configuration.exe
Task: {246C348E-20A1-4E68-99B4-294CEA2596C4} - System32\Tasks\{F2766D69-96EB-4A68-93C0-47F4BABA3421} => C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\Silverlight.Configuration.exe
Task: {58E04CEE-D69C-492F-96FB-B1422820A054} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {63EC71BD-0843-4D07-A24C-7E9637399B5B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-08] (AVAST Software)
Task: {8124C7DF-66A3-4EF1-8BDB-848F53F8DC6B} - System32\Tasks\{3EF8A789-04EE-42B1-860F-FB41AB790A16} => C:\Program Files\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe
Task: {93C02BEF-B409-4040-8F6D-FE4942334474} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated)
Task: {A85C86D4-ED82-4599-B959-D0E99CBFF70E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1923626264-2341716953-3562644547-1004UA => C:\Users\Porstendörfer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-04] (Facebook Inc.)
Task: {B6B6C620-67CC-48AF-A651-CBCFE6C64676} - System32\Tasks\{3A3207F0-C070-43C4-A3F7-AEAF82B4956E} => C:\Program Files\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe
Task: {C230C4A9-A80A-4A68-9E8B-11B8456B19A4} - System32\Tasks\{650E0D19-B655-434A-A101-8D313D41F4FF} => C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\Silverlight.Configuration.exe
Task: {E53A11DE-35DB-4BFF-859E-01D0A7B284B2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1923626264-2341716953-3562644547-1004Core => C:\Users\Porstendörfer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-04] (Facebook Inc.)
Task: {E85745B3-7DCD-462D-AB0A-F67E7006F719} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1923626264-2341716953-3562644547-1004Core.job => C:\Users\Porstendörfer\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1923626264-2341716953-3562644547-1004UA.job => C:\Users\Porstendörfer\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-03-16 18:00 - 2008-01-22 10:35 - 00103808 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2010-09-25 14:22 - 2010-09-25 14:22 - 00206208 _____ () C:\Windows\PLFSetI.exe
2014-02-20 10:16 - 2014-02-28 18:49 - 01429808 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
2014-06-08 11:27 - 2014-06-08 11:27 - 02775040 _____ () C:\Program Files\AVAST Software\Avast\defs\14060800\algo.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-02-20 10:13 - 2014-02-28 18:49 - 09666864 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wgui14.dll
2014-02-20 10:14 - 2014-02-28 18:48 - 00035120 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsdcom48.dll
2014-02-20 10:14 - 2014-02-28 18:48 - 00309040 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\rscorewinapi48.dll
2014-02-20 10:14 - 2014-02-28 18:48 - 00321840 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsguiwinapi48.dll
2014-02-20 10:13 - 2014-02-28 18:48 - 03786544 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wcore14.dll
2014-02-20 10:14 - 2014-02-28 18:48 - 00136496 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsodbc48.dll
2014-02-20 10:13 - 2014-02-28 18:49 - 02674480 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfvie14.dll
2014-02-20 10:14 - 2014-02-28 18:48 - 01982256 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wsteu14.dll
2014-02-20 10:14 - 2014-02-28 18:48 - 01915184 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wreli14.dll
2014-02-20 10:13 - 2014-03-03 11:46 - 04329776 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wauff14.dll
2014-02-20 10:14 - 2014-02-11 12:53 - 01043456 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-core.dll
2014-02-20 10:14 - 2014-02-11 12:53 - 00094720 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-shared.dll
2014-02-20 10:14 - 2014-02-11 12:53 - 00250368 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-contribs-lib.dll
2014-02-20 10:14 - 2014-03-03 11:46 - 01512752 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wmain14.dll
2014-02-20 10:13 - 2014-02-28 18:49 - 05099312 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae114.dll
2014-02-20 10:13 - 2014-02-28 18:49 - 01690416 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae214.dll
2014-02-20 10:13 - 2014-02-28 18:49 - 01801008 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae314.dll
2014-02-20 10:13 - 2014-02-28 18:49 - 01627952 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae414.dll
2014-02-20 10:14 - 2014-02-28 18:49 - 01115440 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau114.dll
2014-02-20 10:14 - 2014-02-28 18:49 - 01322288 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau214.dll
2014-02-20 10:14 - 2014-02-28 18:49 - 01245488 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wwerb14.dll
2014-02-20 10:14 - 2014-02-28 18:50 - 07319344 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wkont14.dll
2014-02-20 10:14 - 2014-02-28 18:49 - 01277232 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wimp14.dll
2014-02-20 10:13 - 2014-02-28 18:49 - 01330480 ____C () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfabu14.dll
2013-12-03 12:44 - 2013-12-03 12:44 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-14 10:58 - 2014-04-07 22:38 - 00504320 ____C () C:\Program Files (x86)\NetRatingsNetSight\NetSight\nsmmc.dll
2014-05-14 11:04 - 2014-04-07 22:33 - 00504832 ____C () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\communication.dll
2014-05-14 11:04 - 2014-04-07 22:34 - 01246720 ____C () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\npffaddons.dll
2014-05-14 11:04 - 2014-04-07 22:35 - 00851968 ____C () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\npfirefoxprocessor.dll
2014-05-14 11:04 - 2014-04-07 22:33 - 00150528 ____C () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\npsp1.dll
2014-05-14 11:04 - 2014-04-07 22:34 - 00228864 ____C () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\npsurvey.dll
2014-05-14 11:04 - 2014-04-07 22:34 - 00224768 ____C () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\npwmi.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:0B9176C0
AlternateDataStreams: C:\ProgramData\TEMP:11590865
AlternateDataStreams: C:\ProgramData\TEMP:12258D63
AlternateDataStreams: C:\ProgramData\TEMP:363E775E
AlternateDataStreams: C:\ProgramData\TEMP:4D066AD2
AlternateDataStreams: C:\ProgramData\TEMP:4E79C4F8
AlternateDataStreams: C:\ProgramData\TEMP:53BA2DF6
AlternateDataStreams: C:\ProgramData\TEMP:5D7E5A8F
AlternateDataStreams: C:\ProgramData\TEMP:762408BA
AlternateDataStreams: C:\ProgramData\TEMP:798A3728
AlternateDataStreams: C:\ProgramData\TEMP:93DE1838
AlternateDataStreams: C:\ProgramData\TEMP:93EB7685
AlternateDataStreams: C:\ProgramData\TEMP:A9056F42
AlternateDataStreams: C:\ProgramData\TEMP:ABE89FFE
AlternateDataStreams: C:\ProgramData\TEMP:B0A727D1
AlternateDataStreams: C:\ProgramData\TEMP:D7D0B4AF
AlternateDataStreams: C:\ProgramData\TEMP:E36F5B57
AlternateDataStreams: C:\ProgramData\TEMP:F68CB1A4

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Security Driver
Description: Security Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: secdrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/08/2014 02:02:23 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (06/08/2014 09:19:11 AM) (Source: Google Update) (EventID: 20) (User: Andreas)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (06/08/2014 09:01:16 AM) (Source: Google Update) (EventID: 20) (User: Andreas)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (06/07/2014 11:12:20 PM) (Source: Google Update) (EventID: 20) (User: Andreas)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (06/07/2014 03:16:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/07/2014 03:15:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/07/2014 03:15:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/07/2014 03:10:50 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/07/2014 03:10:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (06/08/2014 03:45:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%126

Error: (06/08/2014 03:45:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Security Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/08/2014 02:31:58 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4866F0D6-4F2B-46AD-AF3C-969AFABEB621}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (06/08/2014 01:29:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%126

Error: (06/08/2014 01:29:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Security Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/07/2014 05:44:47 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%126

Error: (06/07/2014 05:44:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Security Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/06/2014 05:41:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%126

Error: (06/06/2014 05:41:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Security Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2


Microsoft Office Sessions:
=========================
Error: (06/08/2014 02:02:23 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (06/08/2014 09:19:11 AM) (Source: Google Update) (EventID: 20) (User: Andreas)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (06/08/2014 09:01:16 AM) (Source: Google Update) (EventID: 20) (User: Andreas)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (06/07/2014 11:12:20 PM) (Source: Google Update) (EventID: 20) (User: Andreas)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (06/07/2014 03:16:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Porstendörfer\Desktop\esetsmartinstaller_deu.exe

Error: (06/07/2014 03:15:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Porstendörfer\Desktop\esetsmartinstaller_deu.exe

Error: (06/07/2014 03:15:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Porstendörfer\Desktop\esetsmartinstaller_deu.exe

Error: (06/07/2014 03:10:50 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Porstendörfer\Desktop\esetsmartinstaller_deu.exe

Error: (06/07/2014 03:10:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Porstendörfer\Downloads\esetsmartinstaller_deu.exe


CodeIntegrity Errors:
===================================
  Date: 2012-04-26 18:45:47.461
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-04-26 18:45:47.367
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 35%
Total physical RAM: 3996.93 MB
Available physical RAM: 2567.45 MB
Total Pagefile: 7992.05 MB
Available Pagefile: 6444.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:196.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: A2488D17)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

==================== End Of Log ============================

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
Ran by Porstendörfer (administrator) on ANDREAS on 08-06-2014 17:08:16
Running from C:\Users\Porstendörfer\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
() C:\Windows\PLFSetI.exe
(NTI, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
() C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.EXE
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\NielsenOnline64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [503864 2009-07-20] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [818720 2010-02-26] (Acer Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-09-25] ()
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2008-03-03] (CANON INC.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [825864 2009-09-24] (Dritek System Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-06] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [NielsenOnline] => C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe [91688 2014-04-07] (The Nielsen Company)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1923626264-2341716953-3562644547-1004\...\Run: [Facebook Update] => C:\Users\Porstendörfer\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-08-04] (Facebook Inc.)
HKU\S-1-5-21-1923626264-2341716953-3562644547-1004\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\Porstendörfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Porstendörfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stillness Buddy.lnk
ShortcutTarget: Stillness Buddy.lnk -> C:\Stillness Buddy\Start Stillness Buddy.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs-001&type={partner_id}&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com/?&fr=hp-avast&type={partner_id}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5635z&r=27360211b816l0413z135i6741u202
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5635z&r=27360211b816l0413z135i6741u202
URLSearchHook: HKLM-x32 - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs-001&type={partner_id}&p={searchTerms}
SearchScopes: HKCU - {5CFA3734-F2DB-4ECC-B719-1D6C7236F087} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE417DE417
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Porstendörfer\AppData\Roaming\Mozilla\Firefox\Profiles\g7glcx6n.default-1401870923548
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll (Nielsen)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Porstendörfer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Porstendörfer\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: GMX MailCheck - C:\Users\Porstendörfer\AppData\Roaming\Mozilla\Firefox\Profiles\g7glcx6n.default-1401870923548\Extensions\toolbar@gmx.net.xpi [2014-06-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-05-01]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi
FF Extension: Nielsen NetSight - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi [2014-06-08]

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-19] (Adobe Systems)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-08] (AVAST Software)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 NielsenUpdate; C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2854952 2014-04-07] (The Nielsen Company)
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-16] (NTI, Inc.)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
S3 TermService; %SystemRoot%\System32\termsrv.dll [X]
S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-08] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-04-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-08] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R1 nnfwdk; C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\nnfwdk64.sys [26664 2014-04-07] (The Nielsen Company)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S2 secdrv; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-08 17:08 - 2014-06-08 17:08 - 00019377 ____C () C:\Users\Porstendörfer\Desktop\FRST.txt
2014-06-07 15:09 - 2014-06-07 15:10 - 02347384 ____C (ESET) C:\Users\Porstendörfer\Desktop\esetsmartinstaller_deu.exe
2014-06-07 15:08 - 2014-06-07 15:08 - 00001163 ____C () C:\Users\Porstendörfer\Desktop\mbam.txt
2014-06-07 14:30 - 2014-06-07 14:30 - 00001110 ____C () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-07 14:23 - 2014-06-07 14:23 - 17292760 ____C (Malwarebytes Corporation ) C:\Users\Porstendörfer\Desktop\mbam-setup-2.0.2.1012(1).exe
2014-06-07 07:58 - 2014-06-07 07:59 - 20084224 ____C () C:\Users\Porstendörfer\Downloads\atecns_DE(2).msi
2014-06-06 20:41 - 2014-06-06 20:41 - 00000000 ___DC () C:\Users\Porstendörfer\Desktop\FRST-OlderVersion
2014-06-06 17:33 - 2014-06-06 17:38 - 00049165 ____C () C:\Users\Porstendörfer\Downloads\FRST.txt
2014-06-06 17:33 - 2014-06-06 17:33 - 02072576 ____C (Farbar) C:\Users\Porstendörfer\Downloads\FRST64.exe
2014-06-06 17:15 - 2014-06-06 17:15 - 01016261 ____C (Thisisu) C:\Users\Porstendörfer\Downloads\JRT.exe
2014-06-06 17:15 - 2014-06-06 17:15 - 00000000 ___DC () C:\Windows\ERUNT
2014-06-06 16:01 - 2014-06-06 17:10 - 00000000 ___DC () C:\AdwCleaner
2014-06-06 15:59 - 2014-06-06 15:59 - 01333465 ____C () C:\Users\Porstendörfer\Desktop\adwcleaner_3.212.exe
2014-06-06 08:02 - 2014-06-06 20:41 - 02072576 ____C (Farbar) C:\Users\Porstendörfer\Desktop\FRST64.exe
2014-06-05 19:55 - 2014-06-08 17:06 - 00001176 ____C () C:\Windows\setupact.log
2014-06-05 19:55 - 2014-06-08 13:27 - 00001556 ____C () C:\Windows\PFRO.log
2014-06-05 19:55 - 2014-06-05 19:55 - 00000000 ____C () C:\Windows\setuperr.log
2014-06-05 08:33 - 2014-06-05 08:33 - 00002788 ____C () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-05 08:33 - 2014-06-05 08:33 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-05 08:33 - 2014-06-05 08:33 - 00000000 ___DC () C:\Program Files\CCleaner
2014-06-05 08:31 - 2014-06-05 08:31 - 04748896 ____C (Piriform Ltd) C:\Users\Porstendörfer\Downloads\ccsetup414.exe
2014-06-05 08:01 - 2014-06-05 08:01 - 00003234 ____C () C:\Windows\System32\Tasks\{FB578874-50DC-4D74-8026-52C72111DE3F}
2014-06-04 10:43 - 2014-06-08 17:07 - 00122584 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-04 10:43 - 2014-06-07 14:30 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-04 10:43 - 2014-06-07 14:30 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-04 10:43 - 2014-05-12 07:26 - 00091352 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-04 10:43 - 2014-05-12 07:26 - 00063704 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-04 10:40 - 2014-06-04 10:41 - 17292760 ____C (Malwarebytes Corporation ) C:\Users\Porstendörfer\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-26 15:05 - 2014-05-26 15:05 - 00003052 ____C () C:\Windows\System32\Tasks\{650E0D19-B655-434A-A101-8D313D41F4FF}
2014-05-26 15:01 - 2014-05-26 15:01 - 00003052 ____C () C:\Windows\System32\Tasks\{F2766D69-96EB-4A68-93C0-47F4BABA3421}
2014-05-26 15:00 - 2014-05-26 15:00 - 00003052 ____C () C:\Windows\System32\Tasks\{22095F36-CBF9-4B5E-83B1-4229C8025218}
2014-05-24 15:46 - 2014-05-24 15:46 - 00003040 ____C () C:\Windows\System32\Tasks\{3EF8A789-04EE-42B1-860F-FB41AB790A16}
2014-05-24 15:45 - 2014-05-24 15:45 - 00003040 ____C () C:\Windows\System32\Tasks\{3A3207F0-C070-43C4-A3F7-AEAF82B4956E}
2014-05-20 12:26 - 2014-05-20 12:26 - 00000000 ___DC () C:\Users\Porstendörfer\Desktop\cars2
2014-05-14 20:14 - 2014-05-14 21:18 - 00000000 ___DC () C:\Users\Porstendörfer\AppData\Roaming\Spuk im Wirtshaus
2014-05-14 20:12 - 2009-09-04 17:44 - 00517960 ____C (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-05-14 20:12 - 2009-09-04 17:44 - 00515416 ____C (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2014-05-14 20:12 - 2009-09-04 17:44 - 00238936 ____C (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-05-14 20:12 - 2009-09-04 17:44 - 00176968 ____C (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-05-14 20:12 - 2009-09-04 17:44 - 00073544 ____C (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-05-14 20:12 - 2009-09-04 17:44 - 00069464 ____C (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2014-05-14 20:12 - 2009-09-04 17:29 - 05554512 ____C (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-05-14 20:12 - 2009-09-04 17:29 - 05501792 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-05-14 20:12 - 2009-09-04 17:29 - 02582888 ____C (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-05-14 20:12 - 2009-09-04 17:29 - 02475352 ____C (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-05-14 20:12 - 2009-09-04 17:29 - 01974616 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-05-14 20:12 - 2009-09-04 17:29 - 01892184 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-05-14 20:12 - 2009-09-04 17:29 - 00523088 ____C (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-05-14 20:12 - 2009-09-04 17:29 - 00453456 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2014-05-14 20:12 - 2009-09-04 17:29 - 00285024 ____C (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-05-14 20:12 - 2009-09-04 17:29 - 00235344 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-05-14 20:12 - 2009-03-16 14:18 - 00521560 ____C (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-05-14 20:12 - 2009-03-16 14:18 - 00517448 ____C (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-05-14 20:12 - 2009-03-16 14:18 - 00235352 ____C (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-05-14 20:12 - 2009-03-16 14:18 - 00174936 ____C (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-05-14 20:12 - 2009-03-16 14:18 - 00024920 ____C (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-05-14 20:12 - 2009-03-16 14:18 - 00022360 ____C (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-05-14 20:12 - 2009-03-09 15:27 - 05425496 ____C (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-05-14 20:12 - 2009-03-09 15:27 - 04178264 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-05-14 20:12 - 2009-03-09 15:27 - 02430312 ____C (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-05-14 20:12 - 2009-03-09 15:27 - 01846632 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2014-05-14 20:12 - 2009-03-09 15:27 - 00520544 ____C (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-05-14 20:12 - 2009-03-09 15:27 - 00453456 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2014-05-14 20:12 - 2008-10-27 10:04 - 00518480 ____C (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-05-14 20:12 - 2008-10-27 10:04 - 00514384 ____C (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-05-14 20:12 - 2008-10-27 10:04 - 00235856 ____C (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-05-14 20:12 - 2008-10-27 10:04 - 00175440 ____C (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-05-14 20:12 - 2008-10-27 10:04 - 00074576 ____C (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-05-14 20:12 - 2008-10-27 10:04 - 00070992 ____C (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-05-14 20:12 - 2008-10-27 10:04 - 00025936 ____C (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-05-14 20:12 - 2008-10-27 10:04 - 00023376 ____C (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-05-14 20:12 - 2008-10-15 06:22 - 05631312 ____C (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-05-14 20:12 - 2008-10-15 06:22 - 04379984 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-05-14 20:12 - 2008-10-15 06:22 - 02605920 ____C (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-05-14 20:12 - 2008-10-15 06:22 - 02036576 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-05-14 20:12 - 2008-10-15 06:22 - 00519000 ____C (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-05-14 20:12 - 2008-10-15 06:22 - 00452440 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-05-14 20:12 - 2008-07-31 10:41 - 00238088 ____C (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-05-14 20:12 - 2008-07-31 10:41 - 00177672 ____C (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-05-14 20:12 - 2008-07-31 10:41 - 00072200 ____C (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-05-14 20:12 - 2008-07-31 10:41 - 00068616 ____C (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-05-14 20:12 - 2008-07-31 10:40 - 00513544 ____C (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-05-14 20:12 - 2008-07-31 10:40 - 00509448 ____C (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-05-14 20:12 - 2008-07-10 11:01 - 00467984 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-05-14 20:12 - 2008-07-10 11:00 - 04992520 ____C (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-05-14 20:12 - 2008-07-10 11:00 - 03851784 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-05-14 20:12 - 2008-07-10 11:00 - 01942552 ____C (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-05-14 20:12 - 2008-07-10 11:00 - 01493528 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-05-14 20:12 - 2008-07-10 11:00 - 00540688 ____C (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-05-14 20:12 - 2008-05-30 14:19 - 00511496 ____C (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-05-14 20:12 - 2008-05-30 14:19 - 00507400 ____C (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2014-05-14 20:12 - 2008-05-30 14:18 - 00238088 ____C (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2014-05-14 20:12 - 2008-05-30 14:18 - 00177672 ____C (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-05-14 20:12 - 2008-05-30 14:17 - 00068104 ____C (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-05-14 20:12 - 2008-05-30 14:17 - 00065032 ____C (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2014-05-14 20:12 - 2008-05-30 14:17 - 00025608 ____C (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2014-05-14 20:12 - 2008-05-30 14:16 - 00028168 ____C (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-05-14 20:12 - 2008-05-30 14:11 - 04991496 ____C (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-05-14 20:12 - 2008-05-30 14:11 - 03850760 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2014-05-14 20:12 - 2008-05-30 14:11 - 01941528 ____C (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-05-14 20:12 - 2008-05-30 14:11 - 01491992 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2014-05-14 20:12 - 2008-05-30 14:11 - 00540688 ____C (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-05-14 20:12 - 2008-05-30 14:11 - 00467984 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2014-05-14 20:12 - 2008-03-05 16:04 - 00489480 ____C (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-05-14 20:12 - 2008-03-05 16:03 - 00479752 ____C (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2014-05-14 20:12 - 2008-03-05 16:03 - 00238088 ____C (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2014-05-14 20:12 - 2008-03-05 16:03 - 00177672 ____C (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-05-14 20:12 - 2008-03-05 16:00 - 00028168 ____C (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-05-14 20:12 - 2008-03-05 16:00 - 00025608 ____C (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2014-05-14 20:12 - 2008-03-05 15:56 - 04910088 ____C (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-05-14 20:12 - 2008-03-05 15:56 - 03786760 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2014-05-14 20:12 - 2008-03-05 15:56 - 01860120 ____C (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-05-14 20:12 - 2008-03-05 15:56 - 01420824 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2014-05-14 20:12 - 2008-02-05 23:07 - 00529424 ____C (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-05-14 20:12 - 2008-02-05 23:07 - 00462864 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2014-05-14 20:12 - 2007-10-22 03:40 - 00411656 ____C (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-05-14 20:12 - 2007-10-22 03:39 - 00267272 ____C (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2014-05-14 20:12 - 2007-10-22 03:37 - 00021000 ____C (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-05-14 20:12 - 2007-10-22 03:37 - 00017928 ____C (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2014-05-14 20:12 - 2007-10-12 15:14 - 05081608 ____C (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-05-14 20:12 - 2007-10-12 15:14 - 03734536 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2014-05-14 20:12 - 2007-10-12 15:14 - 02006552 ____C (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-05-14 20:12 - 2007-10-12 15:14 - 01374232 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2014-05-14 20:12 - 2007-10-02 09:56 - 00508264 ____C (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-05-14 20:12 - 2007-10-02 09:56 - 00444776 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2014-05-14 20:12 - 2007-07-20 00:57 - 00411496 ____C (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-05-14 20:12 - 2007-07-20 00:57 - 00267112 ____C (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2014-05-14 20:12 - 2007-07-19 18:14 - 05073256 ____C (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-05-14 20:12 - 2007-07-19 18:14 - 03727720 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2014-05-14 20:12 - 2007-07-19 18:14 - 01985904 ____C (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-05-14 20:12 - 2007-07-19 18:14 - 01358192 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2014-05-14 20:12 - 2007-07-19 18:14 - 00508264 ____C (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-05-14 20:12 - 2007-07-19 18:14 - 00444776 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2014-05-14 20:12 - 2007-06-20 20:49 - 00409960 ____C (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-05-14 20:12 - 2007-06-20 20:46 - 00266088 ____C (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2014-05-14 20:12 - 2007-05-16 16:45 - 04496232 ____C (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-05-14 20:12 - 2007-05-16 16:45 - 03497832 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2014-05-14 20:12 - 2007-05-16 16:45 - 01401200 ____C (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-05-14 20:12 - 2007-05-16 16:45 - 01124720 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2014-05-14 20:12 - 2007-05-16 16:45 - 00506728 ____C (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-05-14 20:12 - 2007-05-16 16:45 - 00443752 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2014-05-14 20:12 - 2007-04-04 18:55 - 00403304 ____C (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-05-14 20:12 - 2007-04-04 18:55 - 00261480 ____C (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2014-05-14 20:12 - 2007-04-04 18:54 - 00107368 ____C (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-05-14 20:12 - 2007-04-04 18:53 - 00081768 ____C (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-05-14 20:12 - 2007-03-15 16:57 - 00506728 ____C (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-05-14 20:12 - 2007-03-15 16:57 - 00443752 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2014-05-14 20:12 - 2007-03-12 16:42 - 04494184 ____C (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-05-14 20:12 - 2007-03-12 16:42 - 03495784 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2014-05-14 20:12 - 2007-03-12 16:42 - 01400176 ____C (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-05-14 20:12 - 2007-03-12 16:42 - 01123696 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2014-05-14 20:11 - 2007-03-05 12:42 - 00017688 ____C (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-05-14 20:11 - 2007-03-05 12:42 - 00015128 ____C (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2014-05-14 20:08 - 2014-05-14 20:08 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unheimliche Geschichten
2014-05-14 20:06 - 2014-05-14 20:08 - 00000000 ___DC () C:\Program Files (x86)\Unheimliche Geschichten
2014-05-14 11:04 - 2014-05-14 11:04 - 00000000 ___HC () C:\Windows\system32\Drivers\Msft_Kernel_nnfwdk64_01009.Wdf
2014-05-14 10:58 - 2014-05-14 10:58 - 00000890 ____C () C:\nsinst.log
2014-05-14 10:58 - 2014-05-14 10:58 - 00000000 ___DC () C:\Program Files (x86)\NetRatingsNetSight
2014-05-11 12:52 - 2014-05-11 12:53 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 12:33 - 2014-05-09 12:33 - 00264616 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-09 12:33 - 2014-05-09 12:33 - 00096168 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-09 12:33 - 2014-05-09 12:32 - 00175528 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-09 12:33 - 2014-05-09 12:32 - 00175016 ____C (Oracle Corporation) C:\Windows\SysWOW64\java.exe

==================== One Month Modified Files and Folders =======

2014-06-08 17:08 - 2014-06-08 17:08 - 00019377 ____C () C:\Users\Porstendörfer\Desktop\FRST.txt
2014-06-08 17:08 - 2012-04-27 01:40 - 00000000 ___DC () C:\FRST
2014-06-08 17:08 - 2012-04-26 20:19 - 00000000 ___DC () C:\Users\Porstendörfer\AppData\Local\temp
2014-06-08 17:07 - 2014-06-04 10:43 - 00122584 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-08 17:06 - 2014-06-05 19:55 - 00001176 ____C () C:\Windows\setupact.log
2014-06-08 17:06 - 2012-08-29 07:34 - 00000884 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-08 16:24 - 2010-09-25 14:07 - 01925868 ____C () C:\Windows\WindowsUpdate.log
2014-06-08 15:52 - 2009-07-14 06:45 - 00009696 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-08 15:52 - 2009-07-14 06:45 - 00009696 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-08 15:44 - 2009-07-14 07:08 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2014-06-08 15:19 - 2013-08-04 15:14 - 00000960 ____C () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1923626264-2341716953-3562644547-1004UA.job
2014-06-08 15:19 - 2013-08-04 15:14 - 00000938 ____C () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1923626264-2341716953-3562644547-1004Core.job
2014-06-08 13:30 - 2013-04-04 11:45 - 00000000 ___DC () C:\Users\Porstendörfer\Documents\Mein Steuer-Sparbuch Heute
2014-06-08 13:27 - 2014-06-05 19:55 - 00001556 ____C () C:\Windows\PFRO.log
2014-06-08 09:02 - 2012-07-11 17:33 - 00004182 ____C () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-07 15:10 - 2014-06-07 15:09 - 02347384 ____C (ESET) C:\Users\Porstendörfer\Desktop\esetsmartinstaller_deu.exe
2014-06-07 15:08 - 2014-06-07 15:08 - 00001163 ____C () C:\Users\Porstendörfer\Desktop\mbam.txt
2014-06-07 14:30 - 2014-06-07 14:30 - 00001110 ____C () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-07 14:30 - 2014-06-04 10:43 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-07 14:30 - 2014-06-04 10:43 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-07 14:23 - 2014-06-07 14:23 - 17292760 ____C (Malwarebytes Corporation ) C:\Users\Porstendörfer\Desktop\mbam-setup-2.0.2.1012(1).exe
2014-06-07 08:01 - 2013-07-01 17:07 - 00000000 ___DC () C:\ProgramData\WebEx
2014-06-07 07:59 - 2014-06-07 07:58 - 20084224 ____C () C:\Users\Porstendörfer\Downloads\atecns_DE(2).msi
2014-06-06 20:41 - 2014-06-06 20:41 - 00000000 ___DC () C:\Users\Porstendörfer\Desktop\FRST-OlderVersion
2014-06-06 20:41 - 2014-06-06 08:02 - 02072576 ____C (Farbar) C:\Users\Porstendörfer\Desktop\FRST64.exe
2014-06-06 17:38 - 2014-06-06 17:33 - 00049165 ____C () C:\Users\Porstendörfer\Downloads\FRST.txt
2014-06-06 17:33 - 2014-06-06 17:33 - 02072576 ____C (Farbar) C:\Users\Porstendörfer\Downloads\FRST64.exe
2014-06-06 17:15 - 2014-06-06 17:15 - 01016261 ____C (Thisisu) C:\Users\Porstendörfer\Downloads\JRT.exe
2014-06-06 17:15 - 2014-06-06 17:15 - 00000000 ___DC () C:\Windows\ERUNT
2014-06-06 17:10 - 2014-06-06 16:01 - 00000000 ___DC () C:\AdwCleaner
2014-06-06 15:59 - 2014-06-06 15:59 - 01333465 ____C () C:\Users\Porstendörfer\Desktop\adwcleaner_3.212.exe
2014-06-06 07:17 - 2012-06-14 09:37 - 00000000 ___DC () C:\Users\Porstendörfer\Desktop\Sicherheit
2014-06-05 19:55 - 2014-06-05 19:55 - 00000000 ____C () C:\Windows\setuperr.log
2014-06-05 08:42 - 2011-02-02 11:45 - 00000000 ___DC () C:\Users\Porstendörfer\AppData\Local\Google
2014-06-05 08:42 - 2010-04-08 17:15 - 00000000 ___DC () C:\Program Files (x86)\Google
2014-06-05 08:34 - 2007-07-12 03:49 - 00000000 ___DC () C:\Windows\Panther
2014-06-05 08:33 - 2014-06-05 08:33 - 00002788 ____C () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-05 08:33 - 2014-06-05 08:33 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-05 08:33 - 2014-06-05 08:33 - 00000000 ___DC () C:\Program Files\CCleaner
2014-06-05 08:31 - 2014-06-05 08:31 - 04748896 ____C (Piriform Ltd) C:\Users\Porstendörfer\Downloads\ccsetup414.exe
2014-06-05 08:01 - 2014-06-05 08:01 - 00003234 ____C () C:\Windows\System32\Tasks\{FB578874-50DC-4D74-8026-52C72111DE3F}
2014-06-05 06:05 - 2013-01-13 15:38 - 00000000 ___DC () C:\Program Files (x86)\FLVPlayer
2014-06-04 10:43 - 2012-04-26 20:24 - 00000000 ___DC () C:\Users\Porstendörfer\AppData\Roaming\Malwarebytes
2014-06-04 10:43 - 2012-04-26 20:23 - 00000000 ___DC () C:\ProgramData\Malwarebytes
2014-06-04 10:41 - 2014-06-04 10:40 - 17292760 ____C (Malwarebytes Corporation ) C:\Users\Porstendörfer\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-04 10:35 - 2013-05-23 15:32 - 00000000 ___DC () C:\Users\Porstendörfer\Desktop\Alte Firefox-Daten
2014-06-04 10:09 - 2013-07-08 20:35 - 00000000 ___DC () C:\Users\Porstendörfer\AppData\Roaming\Skype
2014-06-04 06:24 - 2013-09-06 11:48 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
2014-06-01 21:55 - 2011-03-16 18:00 - 00000000 ___DC () C:\ProgramData\CanonIJPLM
2014-05-26 15:05 - 2014-05-26 15:05 - 00003052 ____C () C:\Windows\System32\Tasks\{650E0D19-B655-434A-A101-8D313D41F4FF}
2014-05-26 15:01 - 2014-05-26 15:01 - 00003052 ____C () C:\Windows\System32\Tasks\{F2766D69-96EB-4A68-93C0-47F4BABA3421}
2014-05-26 15:00 - 2014-05-26 15:00 - 00003052 ____C () C:\Windows\System32\Tasks\{22095F36-CBF9-4B5E-83B1-4229C8025218}
2014-05-24 15:46 - 2014-05-24 15:46 - 00003040 ____C () C:\Windows\System32\Tasks\{3EF8A789-04EE-42B1-860F-FB41AB790A16}
2014-05-24 15:45 - 2014-05-24 15:45 - 00003040 ____C () C:\Windows\System32\Tasks\{3A3207F0-C070-43C4-A3F7-AEAF82B4956E}
2014-05-23 09:15 - 2012-04-25 08:44 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-21 12:00 - 2012-04-28 18:56 - 00002441 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-21 11:12 - 2010-09-25 23:58 - 00716208 ____C () C:\Windows\system32\perfh007.dat
2014-05-21 11:12 - 2010-09-25 23:58 - 00156302 ____C () C:\Windows\system32\perfc007.dat
2014-05-21 11:12 - 2009-07-14 07:13 - 01659858 ____C () C:\Windows\system32\PerfStringBackup.INI
2014-05-20 12:26 - 2014-05-20 12:26 - 00000000 ___DC () C:\Users\Porstendörfer\Desktop\cars2
2014-05-15 19:52 - 2014-03-29 21:16 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox.bak
2014-05-15 13:42 - 2014-01-10 19:10 - 00085328 ____C (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-15 13:42 - 2012-05-01 20:24 - 01039096 ____C (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 13:42 - 2012-05-01 20:24 - 00423240 ____C (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-15 12:08 - 2012-08-29 07:34 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-15 12:08 - 2012-04-28 19:05 - 00692400 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 12:08 - 2011-06-11 06:25 - 00070832 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 21:18 - 2014-05-14 20:14 - 00000000 ___DC () C:\Users\Porstendörfer\AppData\Roaming\Spuk im Wirtshaus
2014-05-14 20:08 - 2014-05-14 20:08 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unheimliche Geschichten
2014-05-14 20:08 - 2014-05-14 20:06 - 00000000 ___DC () C:\Program Files (x86)\Unheimliche Geschichten
2014-05-14 11:04 - 2014-05-14 11:04 - 00000000 ___HC () C:\Windows\system32\Drivers\Msft_Kernel_nnfwdk64_01009.Wdf
2014-05-14 10:58 - 2014-05-14 10:58 - 00000890 ____C () C:\nsinst.log
2014-05-14 10:58 - 2014-05-14 10:58 - 00000000 ___DC () C:\Program Files (x86)\NetRatingsNetSight
2014-05-12 07:26 - 2014-06-04 10:43 - 00091352 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-04 10:43 - 00063704 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2012-04-26 20:23 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 12:53 - 2014-05-11 12:52 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 20:28 - 2011-03-27 16:35 - 00000000 ___DC () C:\Users\Porstendörfer\Desktop\Andreas
2014-05-09 13:14 - 2011-04-12 13:44 - 00000000 ___DC () C:\Program Files (x86)\Buhl finance
2014-05-09 13:14 - 2010-04-08 16:31 - 00000000 __HDC () C:\Program Files (x86)\InstallShield Installation Information
2014-05-09 13:13 - 2009-07-14 05:20 - 00000000 __RDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-09 12:39 - 2013-07-01 17:14 - 00001074 ____C () C:\Users\Public\Desktop\VLC media player.lnk
2014-05-09 12:38 - 2013-09-26 11:52 - 00000000 ___DC () C:\ProgramData\Oracle
2014-05-09 12:33 - 2014-05-09 12:33 - 00264616 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-09 12:33 - 2014-05-09 12:33 - 00096168 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-09 12:32 - 2014-05-09 12:33 - 00175528 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-09 12:32 - 2014-05-09 12:33 - 00175016 ____C (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-09 12:32 - 2012-04-28 17:13 - 00000000 ___DC () C:\Program Files (x86)\Java

Some content of TEMP:
====================
C:\Users\Porstendörfer\AppData\Local\temp\BuenoSearchTB[1].exe
C:\Users\Porstendörfer\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-08 13:56

==================== End Of Log ============================
--- --- ---


Was kann es denn sonst noch sein, wenn es kein Trojaner oder Virus ist?

cosinus 08.06.2014 16:28
Ich seh dort nichts. Lies mal http://www.trojaner-board.de/71631-p...tml#post425616

Rapunzel 12.06.2014 20:37
Hallo Cosinus, erst mal schon mal herzlichen Dank für deine Hilfe bisher. Ich habe auch nach den 5 Schritten im letzten Link immer noch ein Problem. Der Rechner läuft ganz normal wenn ich ihn hochfahre. Wenn ich dann ne Stunde dran arbeite fangen die Programme an langsam zu werden. Z.b. Word, ich kann einen Text tippen und plötzlich erscheinen die Buchstaben nur noch im Abstand von 10 Sekunden. Genauso beim Firefox oder auch heute bei einem Webseminar (das Seminar lief prima, ich konnte dem Redner super folgen, aber wenn ich eine Frage im Chat stellen wollte hatte ich das gleiche Problem wie bei Word). Wenn ich den Rechner dann Neu starte läuft alles wieder ganz prima. Kann das ein Hardwareproblem sein? Oder was kann es sein?

cosinus 13.06.2014 09:37
Zitat:
Oder was kann es sein?
Versuch mal über den Taskmanager oder Process Explorer herauszufinden, ob es einen Prozess gibt, der die Last verursacht wenn dein Rechner gerade wieder zickig ist


Zitat:
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\NielsenOnline64.exe
Ist dir dieses Programm bekannt und ist es auch von dir gewollt?

Rapunzel 13.06.2014 20:21
Ja das Nielsen Program ist mir bekannt und ist auch gewollt.
Hab mir den Process Explorer runtergeladen und werde mal abwarten was es mir beim nächsten Zicken so zeigt. Melde mich dann nochmal.


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:41 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22