Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Probleme auf Rechner, Dateien werden verstümmelt (https://www.trojaner-board.de/155057-probleme-rechner-dateien-verstuemmelt.html)

cosinus 11.06.2014 22:13
Naja, das wundert mich bei combofix nicht. Richtig effektik bereinigen kann man nur wenn man direkt vor der Kiste ist.

datekk 11.06.2014 22:54
So, ComboFix ist fertig - Remote funzt wieder. Hier der Log:

Code:
ComboFix 14-06-10.01 - SYSADMIN 11.06.2014  22:35:41.1.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.16343.12614 [GMT 2:00]
ausgeführt von:: c:\users\SYSADMIN\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\SYSADMIN\AppData\Local\Adobe\ChromeInstaller.exe
c:\users\SYSADMIN\AppData\Local\Adobe\gccheck.exe
c:\users\SYSADMIN\AppData\Local\Adobe\gtbcheck.exe
c:\users\Thomas\AppData\Roaming\e365923615.prf
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-05-11 bis 2014-06-11  ))))))))))))))))))))))))))))))
.
.
2014-06-11 20:58 . 2014-06-11 20:58        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2014-06-11 20:58 . 2014-06-11 20:58        --------        d-----w-        c:\users\***\AppData\Local\temp
2014-06-11 20:58 . 2014-06-11 20:58        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-06-11 20:58 . 2014-06-11 20:58        --------        d-----w-        c:\users\***\AppData\Local\temp
2014-06-11 20:58 . 2014-06-11 20:58        --------        d-----w-        c:\users\Administrator\AppData\Local\temp
2014-06-11 20:58 . 2014-06-11 20:58        --------        d-----w-        c:\users\***\AppData\Local\temp
2014-06-11 20:58 . 2014-06-11 20:58        --------        d-----w-        c:\users\***\AppData\Local\temp
2014-06-11 20:58 . 2014-06-11 20:58        --------        d-----w-        c:\users\Lars\AppData\Local\temp
2014-06-11 20:58 . 2014-06-11 20:58        --------        d-----w-        c:\users\Assistenz\AppData\Local\temp
2014-06-11 20:56 . 2014-06-11 20:56        --------        d-----w-        c:\users\Thomas\AppData\Local\temp
2014-06-11 20:56 . 2014-06-11 20:56        --------        d-----w-        c:\users\Redaktion_4\AppData\Local\temp
2014-06-11 20:56 . 2014-06-11 20:56        --------        d-----w-        c:\users\Praktikant 1\AppData\Local\temp
2014-06-11 18:12 . 2014-06-11 19:13        --------        d-----w-        C:\FRST
2014-06-11 18:05 . 2014-06-11 18:05        --------        d-----w-        c:\program files (x86)\Neuer Ordner
2014-06-11 16:34 . 2014-06-11 16:58        --------        d-----w-        c:\users\Andreas\AppData\Local\Mozilla
2014-06-11 14:45 . 2014-06-11 14:45        --------        d-----w-        c:\users\SYSADMIN\AppData\Local\O&O
2014-06-11 13:35 . 2014-06-11 19:09        --------        d-----w-        c:\users\SYSADMIN\AppData\Local\Mozilla
2014-06-11 12:08 . 2014-06-11 12:08        --------        d-sh--w-        c:\users\SYSADMIN\AppData\Local\EmieUserList
2014-06-11 12:08 . 2014-06-11 12:08        --------        d-sh--w-        c:\users\SYSADMIN\AppData\Local\EmieSiteList
2014-06-11 11:59 . 2014-06-11 11:59        --------        d-----w-        c:\users\SYSADMIN\AppData\Roaming\Malwarebytes
2014-06-11 11:59 . 2014-06-11 11:59        --------        d-----w-        c:\users\SYSADMIN\AppData\Local\NVIDIA
2014-06-11 11:54 . 2014-06-11 13:51        75888        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B21F339-3045-4515-984F-6E87B61F74DD}\offreg.dll
2014-06-11 11:37 . 2014-06-11 11:37        --------        d-----w-        c:\users\Andreas\AppData\Roaming\Malwarebytes
2014-06-11 11:18 . 2014-04-30 23:20        10702536        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B21F339-3045-4515-984F-6E87B61F74DD}\mpengine.dll
2014-06-11 04:38 . 2014-04-25 02:34        801280        ----a-w-        c:\windows\system32\usp10.dll
2014-06-11 04:32 . 2014-06-08 09:13        506368        ----a-w-        c:\windows\system32\aepdu.dll
2014-06-11 04:32 . 2014-06-08 09:08        424448        ----a-w-        c:\windows\system32\aeinv.dll
2014-06-10 11:16 . 2014-04-30 23:20        10702536        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-05 11:17 . 2014-05-02 06:47        1031560        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{47A84416-F045-492E-AE44-8C91D5DE78C8}\gapaengine.dll
2014-05-21 13:47 . 2014-05-21 13:47        --------        d-----w-        c:\users\***\AppData\Local\NVIDIA
2014-05-19 21:14 . 2014-01-09 02:22        5694464        ----a-w-        c:\windows\SysWow64\mstscax.dll
2014-05-19 21:14 . 2014-01-03 22:44        6574592        ----a-w-        c:\windows\system32\mstscax.dll
2014-05-19 11:17 . 2014-05-19 11:17        --------        d-----w-        c:\users\***\AppData\Local\NVIDIA
2014-05-19 11:14 . 2014-05-19 11:14        --------        d-----w-        c:\users\Andreas\AppData\Local\NVIDIA
2014-05-19 11:08 . 2014-05-19 11:08        --------        d-----w-        c:\users\Thomas\AppData\Local\NVIDIA
2014-05-19 09:38 . 2014-05-19 09:38        --------        d-----w-        c:\users\***\AppData\Local\NVIDIA
2014-05-19 08:24 . 2014-03-04 11:32        599840        ----a-w-        c:\windows\SysWow64\nvStreaming.exe
2014-05-19 08:21 . 2013-09-25 02:23        1030144        ----a-w-        c:\windows\system32\TSWorkspace.dll
2014-05-19 08:21 . 2013-09-25 01:57        792576        ----a-w-        c:\windows\SysWow64\TSWorkspace.dll
2014-05-19 07:41 . 2014-05-19 07:41        --------        d-----w-        c:\programdata\regid.1991-06.com.microsoft
2014-05-15 10:44 . 2014-05-15 10:44        --------        d-----w-        c:\users\***\AppData\Roaming\Realtime Soft
2014-05-15 10:07 . 2014-05-15 10:07        --------        d-----w-        c:\program files (x86)\SplitView 2014
2014-05-14 06:15 . 2014-05-14 06:15        1626280        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\RICHED20.DLL
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-11 18:03 . 2011-02-13 11:16        25640        ----a-w-        c:\windows\gdrv.sys
2014-06-11 17:34 . 2011-02-21 10:26        95414520        ----a-w-        c:\windows\system32\MRT.exe
2014-06-11 12:14 . 2012-06-27 15:42        699056        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-11 12:14 . 2011-06-22 11:35        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-02 06:47 . 2014-01-23 11:21        1031560        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-25 00:16 . 2014-04-25 00:16        1070232        ----a-w-        c:\windows\SysWow64\MSCOMCTL.OCX
2014-03-20 21:03 . 2013-09-17 20:22        18302384        ----a-w-        c:\windows\system32\nvwgf2umx.dll
2014-03-20 21:03 . 2013-09-17 20:22        15783992        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll
2014-03-20 21:03 . 2014-03-20 21:03        9690424        ----a-w-        c:\windows\SysWow64\nvopencl.dll
2014-03-20 21:03 . 2014-03-20 21:03        11589272        ----a-w-        c:\windows\system32\nvopencl.dll
2014-03-20 21:02 . 2014-03-20 21:02        31474976        ----a-w-        c:\windows\system32\nvoglv64.dll
2014-03-20 21:02 . 2014-03-20 21:02        23716640        ----a-w-        c:\windows\SysWow64\nvoglv32.dll
2014-03-20 21:02 . 2014-03-20 21:02        12708128        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2014-03-20 21:02 . 2014-03-20 21:02        892704        ----a-w-        c:\windows\system32\NvIFR64.dll
2014-03-20 21:02 . 2014-03-20 21:02        863064        ----a-w-        c:\windows\SysWow64\NvIFR.dll
2014-03-20 21:02 . 2014-03-20 21:02        877856        ----a-w-        c:\windows\system32\NvFBC64.dll
2014-03-20 21:02 . 2014-03-20 21:02        846168        ----a-w-        c:\windows\SysWow64\NvFBC.dll
2014-03-20 21:02 . 2014-03-20 21:02        1885472        ----a-w-        c:\windows\system32\nvdispco6433523.dll
2014-03-20 21:02 . 2014-03-20 21:02        1516488        ----a-w-        c:\windows\system32\nvdispgenco6433523.dll
2014-03-20 21:02 . 2014-03-20 21:02        3143456        ----a-w-        c:\windows\system32\nvcuvid.dll
2014-03-20 21:02 . 2014-03-20 21:02        17755424        ----a-w-        c:\windows\system32\nvd3dumx.dll
2014-03-20 21:02 . 2014-03-20 21:02        14709720        ----a-w-        c:\windows\SysWow64\nvd3dum.dll
2014-03-20 21:02 . 2014-03-20 21:02        9728064        ----a-w-        c:\windows\SysWow64\nvcuda.dll
2014-03-20 21:02 . 2014-03-20 21:02        2958792        ----a-w-        c:\windows\SysWow64\nvcuvid.dll
2014-03-20 21:02 . 2014-03-20 21:02        2783008        ----a-w-        c:\windows\system32\nvcuvenc.dll
2014-03-20 21:02 . 2014-03-20 21:02        2411976        ----a-w-        c:\windows\SysWow64\nvcuvenc.dll
2014-03-20 21:02 . 2014-03-20 21:02        11636176        ----a-w-        c:\windows\system32\nvcuda.dll
2014-03-20 21:02 . 2014-03-20 21:02        17561544        ----a-w-        c:\windows\SysWow64\nvcompiler.dll
2014-03-20 21:02 . 2014-03-20 21:02        25255256        ----a-w-        c:\windows\system32\nvcompiler.dll
2014-03-20 21:02 . 2010-07-09 22:38        3093280        ----a-w-        c:\windows\system32\nvapi64.dll
2014-03-20 21:02 . 2013-02-25 22:32        2715264        ----a-w-        c:\windows\SysWow64\nvapi.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
[7] 2009-07-14 . 0F05EC2887BFE197AD82A13287D2F404 . 706560 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_ea94336f6df51e09\termsrv.dll
[-] 2011-03-07 . 85AC9E8530C4ACD1170AC76FED9EB3B3 . 680960 . . [6.1.7601.17514] .. c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1926B88C-7FAE-4121-A973-7D51FDD394D5}]
2014-02-20 11:07        255488        ----a-w-        c:\program files (x86)\Keeeb\1.2.17\KangoBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{8B9DB820-C156-4FAA-AEBA-60F10E5D4C0A}"= "c:\program files (x86)\Keeeb\1.2.17\KangoBHO.dll" [2014-02-20 255488]
.
[HKEY_CLASSES_ROOT\clsid\{8b9db820-c156-4faa-aeba-60f10e5d4c0a}]
[HKEY_CLASSES_ROOT\TypeLib\{F9799A86-5892-4C42-BAD0-1A065C943AE8}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-05-14 06:15        1730264        ----a-w-        c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-05-14 06:15        1730264        ----a-w-        c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-05-14 06:15        1730264        ----a-w-        c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]
@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"
[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]
2013-03-23 23:03        198992        ----a-w-        c:\program files (x86)\Gladinet\Gladinet Cloud Desktop\GlOverlayIcon32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]
@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"
[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]
2013-03-23 23:06        194896        ----a-w-        c:\program files (x86)\Gladinet\Gladinet Cloud Desktop\GlOverlayIconU32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-06-28 5587672]
"MSCRM"="c:\program files (x86)\Microsoft Dynamics CRM\Client\ConfigWizard\CrmForOutlookInstaller.exe" [2012-04-26 35432]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"Ulead AutoDetector v2"="c:\program files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"SplitView"="c:\program files (x86)\SplitView 2014\SplitScr.exe" [2014-02-21 311888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"DES2"="c:\program files (x86)\GIGABYTE\EnergySaver2\des2.exe" [2010-03-01 354856]
.
c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Im Verlag.lnk - c:\users\Thomas\AppData\Roaming\Realtime Soft\UltraMon\3.1.0\Profiles\Im Verlag.umprofile [2011-3-22 357]
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-2-10 576000]
UltraMon.lnk - c:\windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico /auto [2011-2-13 29310]
.
c:\users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
An OneNote senden.lnk - c:\program files (x86)\Microsoft Office\Office15\ONENOTEM.EXE /tsr [2014-2-25 193712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp msoidssp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
"StarMoneyRunEntry"="c:\program files (x86)\StarMoney Business 4.0\app\oflagent.exe"
"SMB50StarMoneyRunEntry"="c:\program files (x86)\StarMoney Business 5.0 S-Edition\app\oflagent.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe;c:\program files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [x]
R3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\DRIVERS\cjusb.sys;c:\windows\SYSNATIVE\DRIVERS\cjusb.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys;c:\windows\SYSNATIVE\DRIVERS\TVMonitor.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0151.sys [x]
R4 SQLAgent$MSSMLBIZ;SQL Server-Agent (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL10_50.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10_50.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [x]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys;c:\windows\SYSNATIVE\DRIVERS\hotcore3.sys [x]
S0 MDPMGRNT;MacDrive Partition Driver;c:\windows\system32\DRIVERS\MDPMGRNT.SYS;c:\windows\SYSNATIVE\DRIVERS\MDPMGRNT.SYS [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys;c:\windows\SYSNATIVE\DRIVERS\tdrpm273.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 vcdc;vcdc;c:\windows\system32\DRIVERS\vcdc.sys;c:\windows\SYSNATIVE\DRIVERS\vcdc.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\SysWOW64\cjpcsc.exe;c:\windows\SysWOW64\cjpcsc.exe [x]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [x]
S2 GladFileMonSvc;GladFileMonSvc;c:\program files (x86)\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe;c:\program files (x86)\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [x]
S2 StarMoney Business 4.0 OnlineUpdate;StarMoney Business 4.0 OnlineUpdate;c:\program files (x86)\StarMoney Business 4.0\ouservice\StarMoneyOnlineUpdate.exe;c:\program files (x86)\StarMoney Business 4.0\ouservice\StarMoneyOnlineUpdate.exe [x]
S2 StarMoney Business 5.0 OnlineUpdate;StarMoney Business 5.0 OnlineUpdate;c:\program files (x86)\StarMoney Business 5.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe;c:\program files (x86)\StarMoney Business 5.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [x]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys;SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 isdnusb;ISDN USB Driver;c:\windows\system32\DRIVERS\isdnusb.sys;c:\windows\SYSNATIVE\DRIVERS\isdnusb.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [x]
S3 usbcdc;Serial USB CDC Driver;c:\windows\system32\DRIVERS\usbcdc.sys;c:\windows\SYSNATIVE\DRIVERS\usbcdc.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 12:14]
.
2014-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-17 11:58]
.
2014-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-17 11:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1926B88C-7FAE-4121-A973-7D51FDD394D5}]
2014-02-20 11:07        306688        ----a-w-        c:\program files (x86)\Keeeb\1.2.17\KangoBHO64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8B9DB820-C156-4FAA-AEBA-60F10E5D4C0A}"= "c:\program files (x86)\Keeeb\1.2.17\KangoBHO64.dll" [2014-02-20 306688]
.
[HKEY_CLASSES_ROOT\CLSID\{8B9DB820-C156-4FAA-AEBA-60F10E5D4C0A}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-05-14 06:18        2335960        ----a-w-        c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-05-14 06:18        2335960        ----a-w-        c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-05-14 06:18        2335960        ----a-w-        c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]
@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"
[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]
2013-03-23 23:03        217424        ----a-w-        c:\program files (x86)\Gladinet\Gladinet Cloud Desktop\GlOverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]
@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"
[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]
2013-03-23 23:06        195920        ----a-w-        c:\program files (x86)\Gladinet\Gladinet Cloud Desktop\GlOverlayIconU.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-06-28 395344]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-03-20 1797064]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office15\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office15\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: Interfaces\{892F2CA6-0CB6-4CE5-A993-3B175126C846}: NameServer = 192.168.200.1,8.8.8.8
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOSE06.00.00.01PRO"="A61BCA66DD865C28601714D171652CD08E56B22324BB9DC8B636CFA0E96605DDA05D0FAF28736BC91D6189E2083C5469DB4A575F53C18CC9555D2D87E46A127D3E37037F257EFEC58DBAD17B1881138D164C5BE38054C32A29DF0840852B5D7FD1D14EFB7C52B55E1699AC76ACBD7241503F39E0B478D55518ACB471774BA352B1C93DE298CB96239C6600458DADDFDB24778C9D3CE437860AA7A9D6261E83B7382DBE8429FE887C0EFCD4ED4F3EAB89AD401A74AA08C3CEEDA7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407BA7FD869164D6794C038D530D6EB3452BA7FD869164D67944CE0E62654A76AABC3477AFE514649F481D7B6BAA6297D1932D17118D12F70E5CC34932B1AE7BBA9179CF948E2228DFD4178DCB00B4325E80F07D69B646F51C21727EB8CB2820DF488FBAFF0BE56238B0655E91E795EE60A137C5F0C2F90F51C0CB7196F471A151232B545209869112C43B528C6CE893A37A90E96E6D54667FAAFF60532E2A78BF3D132292C06B9E0E110F4A69FC7249AA1E2ABCA5F6015AFDDAC0A61637A762D8749EA8BA302771FA42781365189E6066C725A90DC3D5960344DA9214661A5BAA89E6DE145EA265D60E6606CBA1C59FE3130323E783A430B630523FDD251AAF82A7B5DE40682A1B27253A626EC685A0DF9185F6E800E524945E6D873B367CBB053AE70128E6F93B8AE91017EAC419A3A494BA200794FDFB5262DBFC0C8A6A52E5CA970AA3CBC7E8C5CED2D5AF457A1948F8B4F97187B16EF4733E0EAA672A7427481BC349ED7B6CD3656015DF1C2C7AE38414E9C47F2729BDD7B58B993941641BBF14676FA9465266B5FE1F3857F3BA01E7A1C3826F949E192AAD93A0CBA0784CA5614FE48A7063C1EBECBCA456CFD8490E3C8DA86B7C06B0208A8BBBDF769E72B33C020B4AB6B3E664FCDD37B4D6678545478386F3A54EABE821FD28EBEF9CCD82CF86E2121385E50108BC6A4491D9F2242E2461AF151124B2A29D7956ACD97C70D02C29FE7E6D258233C1CF2EB209FA3C856BF77325B1924344A659C37CCB0DCC2AEBAFAC742D3F2D12A92CB2441A47B29B02528B46ABBB2F895DDA448B185F35FEB37AF6AED200705352D48C5A6DB3C47E7B90494C73A5A75B5E3E1A08E855918B65D6C5F5CF8EE4B52B136884A79EEAA8383145211576FCB6760392C44264FC721959718D7247BD885299708F9B38EFE1FCE98523C5ABA3F7CFEC8B68C5F0D6CD28EC8EAFBEBED04EC622142D5C48B14EC2A82DE8D117AB8D930DEF1F22F3AA784B84D92391C7EC8B6EF3C1B566B495E2F68F8A122C7DD47F7A70073D694F6BF85C825AD568756C3A52808DBC26921753FA0D62DE5D50B1965DD62B46B95559DB738843EE9059639912454ADBA"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\06\03\0f\08$:?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-06-11  23:03:00
ComboFix-quarantined-files.txt  2014-06-11 21:03
.
Vor Suchlauf: 7.412.654.080 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 12.193.751.040 Bytes frei
.
- - End Of File - - 3F9402E93723C895AE5A46D94E97F593

cosinus 12.06.2014 11:07
Hm, ist das eigentlich ein gewerblich genutztes System?
Die ganzen Klarnamen in den Logs willst du doch da auch nicht drinhaben oder?

Bitte lesen => http://www.trojaner-board.de/108422-...-anfragen.html

datekk 12.06.2014 12:03
Ja, ist gewerblich genutzt. Kleinunternehmen (e.K.). Habe Text gelesen und verstanden. Bitte um weitere Hilfe. System wird bei erscheinen einer neuen Windows Version neu aufgesetzt. Möchte die Zeit bis dahin gern durch Reinigungsversuch überbrücken. Backups werden laufend erstellt.

Die Klarnamen... ja, es war späte Nacht gestern und das habe ich gar nicht gesehen. Kann ich das editieren?

Beste Grüße

cosinus 12.06.2014 14:36
Nein, kannst du nicht mehr. Wurde ebenfalls im besagten Artikel geschrieben wie du dazu vorgehen musst.


Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


datekk 12.06.2014 16:54
Los gehts. Kurz zur Info. Nach dem ersten Scan mit adwCleaner habe ich festgestellt, dass noch ein User angemeldet war. Daher zwei Scanns.

1. Scan:

AdwCleaner Logfile:
Code:
# AdwCleaner v3.212 - Bericht erstellt am 12/06/2014 um 16:39:25
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername :
# Gestartet von : C:\Users\SYS***\Desktop\adwcleaner_3.212.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Users\P*****gen\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\T***\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\*****\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\DesktopIconForAmazon
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\905sg94x.default\searchplugins\search.xml

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2736476
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_pdf-xchange-viewer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_pdf-xchange-viewer_RASMANCS
Schlüssel Gelöscht : HKLM\Software\Conduit

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v

[ Datei : C:\Users\A***s\AppData\Roaming\Mozilla\Firefox\Profiles\ht6c804m.default\prefs.js ]


[ Datei : C:\Users\*****l\AppData\Roaming\Mozilla\Firefox\Profiles\6e2nzqq7.default\prefs.js ]


[ Datei : C:\Users\A****z\AppData\Roaming\Mozilla\Firefox\Profiles\tw9nubus.default\prefs.js ]


[ Datei : C:\Users\N*******i\AppData\Roaming\Mozilla\Firefox\Profiles\gh0o3b19.default\prefs.js ]


[ Datei : C:\Users\*******4\AppData\Roaming\Mozilla\Firefox\Profiles\3jpy6waq.default\prefs.js ]


[ Datei : C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\40h3xepj.default\prefs.js ]


[ Datei : C:\Users\T***\AppData\Roaming\Mozilla\Firefox\Profiles\905sg94x.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2764 octets] - [12/06/2014 16:37:47]
AdwCleaner[S0].txt - [2685 octets] - [12/06/2014 16:39:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2745 octets] ##########
--- --- ---


2. Scann:

AdwCleaner Logfile:
Code:
# AdwCleaner v3.212 - Bericht erstellt am 12/06/2014 um 17:26:55
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : ***ADMIN - *****P10****
# Gestartet von : C:\Users\***ADMIN\Desktop\adwcleaner_3.212.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v

[ Datei : C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ht6c804m.default\prefs.js ]


[ Datei : C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\6e2nzqq7.default\prefs.js ]


[ Datei : C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\tw9nubus.default\prefs.js ]


[ Datei : C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\gh0o3b19.default\prefs.js ]


[ Datei : C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\3jpy6waq.default\prefs.js ]


[ Datei : C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\40h3xepj.default\prefs.js ]


[ Datei : C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\905sg94x.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2764 octets] - [12/06/2014 16:37:47]
AdwCleaner[R1].txt - [1560 octets] - [12/06/2014 17:25:37]
AdwCleaner[S0].txt - [2825 octets] - [12/06/2014 16:39:25]
AdwCleaner[S1].txt - [1481 octets] - [12/06/2014 17:26:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1541 octets] ##########
--- --- ---


EIN DRITTER SCAN HAT ERGEBEN; DASS DIE DATEIEN MIT DER ENDUNG .JS NICHT GELÖSCHT WERDEN KONNTEN!

JRT:

JRT Logfile:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Admin ***  on 12.06.2014 at 17:36:16,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\GTaskMMC_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\GTaskMMC_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\GTaskMMC_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\GTaskMMC_RASMANCS



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.06.2014 at 17:41:39,03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---


FRST Log:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2014 01
Ran by ****** (administrator) on ****** on 12-06-2014 17:43:14
Running from C:\Users\******\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
() C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
(Gladinet, INC) C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\WOSVSSSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney Business 4.0\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney Business 5.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSMLBIZ\MSSQL\Binn\sqlservr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
() C:\Program Files (x86)\SplitView 2014\SplitScr.exe
() C:\Program Files (x86)\SplitView 2014\SplitScrX64.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [395344 2011-06-28] (Acronis)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5587672 2011-06-28] (Acronis)
HKLM-x32\...\Run: [MSCRM] => C:\Program Files (x86)\Microsoft Dynamics CRM\Client\ConfigWizard\CrmForOutlookInstaller.exe [35432 2012-04-26] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [Ulead AutoDetector v2] => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [90112 2004-11-26] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [SplitView] => C:\Program Files (x86)\SplitView 2014\SplitScr.exe [311888 2014-02-21] ()
HKLM-x32\...\RunOnce: [DES2] - C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2.exe state [354856 2010-03-01] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2715938741-4103475793-2943915029-1052\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-07-03] (Google Inc.)
HKU\S-1-5-21-2715938741-4103475793-2943915029-1052\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2715938741-4103475793-2943915029-1052\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Im Verlag.lnk
ShortcutTarget: Im Verlag.lnk -> C:\Users\******\AppData\Roaming\Realtime Soft\UltraMon\3.1.0\Profiles\Im Verlag.umprofile ()
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk
ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico ()
GroupPolicyUsers\S-1-5-21-2715938741-4103475793-2943915029-1040\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3E803ABB6D85CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Keeeb BHO - {1926B88C-7FAE-4121-A973-7D51FDD394D5} - C:\Program Files (x86)\Keeeb\1.2.17\KangoBHO64.dll (Kango)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Keeeb BHO - {1926B88C-7FAE-4121-A973-7D51FDD394D5} - C:\Program Files (x86)\Keeeb\1.2.17\KangoBHO.dll (Kango)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Keeeb  - {8B9DB820-C156-4FAA-AEBA-60F10E5D4C0A} - C:\Program Files (x86)\Keeeb\1.2.17\KangoBHO64.dll (Kango)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Keeeb  - {8B9DB820-C156-4FAA-AEBA-60F10E5D4C0A} - C:\Program Files (x86)\Keeeb\1.2.17\KangoBHO.dll (Kango)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - Keeeb  - {8B9DB820-C156-4FAA-AEBA-60F10E5D4C0A} - C:\Program Files (x86)\Keeeb\1.2.17\KangoBHO64.dll (Kango)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Tcpip\..\Interfaces\{892F2CA6-0CB6-4CE5-A993-3B175126C846}: [NameServer]192.168.200.1,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\40h3xepj.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

==================== Services (Whitelisted) =================

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [498096 2010-05-02] (REINER SCT)
R2 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [68136 2009-06-17] ()
R2 GladFileMonSvc; C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe [30032 2013-03-24] (Gladinet, INC)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-01-12] () [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2078112 2011-09-28] (Microsoft Corp.)
R3 MSSQL$MSSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [123664 2012-08-25] (SANDBOXIE L.T.D)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1326176 2012-07-25] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [681056 2012-07-25] (Secunia)
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]
S4 SQLAgent$MSSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
R2 StarMoney Business 4.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 4.0\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney Business 5.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 5.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R3 TermService; C:\Windows\System32\termsrv.dll [680960 2011-03-07] (Microsoft Corporation) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software)
R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [79872 2011-11-13] (VMware, Inc.) [File not signed]
S3 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [11839488 2011-11-13] () [File not signed]
S2 StarMoney 8.0 OnlineUpdate; "C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe" [X]

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [29184 2010-02-08] (REINER SCT)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2011-06-30] ()
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37392 2010-05-20] (Paragon Software Group)
R3 isdnusb; C:\Windows\System32\DRIVERS\isdnusb.sys [263224 2010-09-22] (Siemens Enterprise Communications GmbH & Co. KG) [File not signed]
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) [File not signed]
R0 MDPMGRNT; C:\Windows\System32\DRIVERS\MDPMGRNT.SYS [32424 2010-10-21] (Mediafour Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202632 2012-08-25] (SANDBOXIE L.T.D)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-09-22] (TuneUp Software)
R3 usbcdc; C:\Windows\System32\DRIVERS\usbcdc.sys [154680 2010-09-22] (Siemens Enterprise Communications GmbH & Co. KG)
R1 vcdc; C:\Windows\System32\DRIVERS\vcdc.sys [153912 2010-09-22] (Siemens Enterprise Communications GmbH & Co. KG)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-12 17:41 - 2014-06-12 17:41 - 00001062 _____ () C:\Users\******\Desktop\JRT.txt
2014-06-12 17:36 - 2014-06-12 17:36 - 00000000 ____D () C:\Windows\ERUNT
2014-06-12 17:35 - 2014-06-12 17:35 - 01016261 _____ (Thisisu) C:\Users\******\Desktop\JRT.exe
2014-06-12 17:32 - 2014-06-12 17:32 - 00001593 _____ () C:\Users\******\Desktop\AdwCleaner[S0]-2.txt
2014-06-12 17:24 - 2014-06-12 17:24 - 00002787 _____ () C:\Users\******\Desktop\AdwCleaner[S0].txt
2014-06-12 16:37 - 2014-06-12 17:33 - 00000000 ____D () C:\AdwCleaner
2014-06-12 16:37 - 2014-06-12 16:37 - 01333465 _____ () C:\Users\******\Desktop\adwcleaner_3.212.exe
2014-06-12 14:26 - 2014-06-12 14:26 - 00000000 ____D () C:\Users\******\AppData\Roaming\Tracker Software
2014-06-12 14:24 - 2014-06-12 14:24 - 00001042 _____ () C:\Users\Public\Desktop\PDF-XChange Editor.lnk
2014-06-12 14:24 - 2014-06-12 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange
2014-06-12 14:24 - 2014-06-12 14:24 - 00000000 ____D () C:\Program Files\Tracker Software
2014-06-12 14:22 - 2014-06-12 14:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-12 14:21 - 2014-06-12 14:21 - 00000000 ____D () C:\Users\******\Downloads\PDFXVE5
2014-06-12 14:13 - 2014-06-12 14:15 - 54047280 _____ () C:\Users\******\Downloads\PDFXVE5.zip
2014-06-12 13:48 - 2014-06-12 13:48 - 00000000 ____D () C:\Users\******\AppData\Roaming\WinRAR
2014-06-12 11:01 - 2014-06-12 11:02 - 00000000 ____D () C:\Users\******\AppData\Roaming\DropboxMaster
2014-06-12 10:40 - 2014-06-12 10:40 - 00039997 _____ () C:\Users\******\AppData\Local\recently-used.xbel
2014-06-12 09:57 - 2014-06-12 17:00 - 00000000 ____D () C:\Users\***\Documents\Anika
2014-06-12 08:39 - 2014-06-12 08:39 - 00003408 ____N () C:\bootsqm.dat
2014-06-12 08:29 - 2014-06-12 08:29 - 00000000 __SHD () C:\found.001
2014-06-11 23:03 - 2014-06-12 17:17 - 00000000 ____D () C:\Users\******\AppData\Local\temp
2014-06-11 23:03 - 2014-06-12 17:05 - 00000000 ____D () C:\Users\******\AppData\Local\temp
2014-06-11 23:03 - 2014-06-12 17:01 - 00000000 ____D () C:\Users\***\AppData\Local\temp
2014-06-11 23:03 - 2014-06-12 16:59 - 00000000 ____D () C:\Users\******\AppData\Local\temp
2014-06-11 23:03 - 2014-06-11 23:03 - 00035484 _____ () C:\ComboFix.txt
2014-06-11 23:03 - 2014-06-11 23:03 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp
2014-06-11 23:03 - 2014-06-11 23:03 - 00000000 ____D () C:\Users\Steffen Woywode\AppData\Local\temp
2014-06-11 23:03 - 2014-06-11 23:03 - 00000000 ____D () C:\Users\Redaktion_4\AppData\Local\temp
2014-06-11 23:03 - 2014-06-11 23:03 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-11 23:03 - 2014-06-11 23:03 - 00000000 ____D () C:\Users\Praktikant 1\AppData\Local\temp
2014-06-11 23:03 - 2014-06-11 23:03 - 00000000 ____D () C:\Users\******\AppData\Local\temp
2014-06-11 23:03 - 2014-06-11 23:03 - 00000000 ____D () C:\Users\Lars\AppData\Local\temp
2014-06-11 23:03 - 2014-06-11 23:03 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-11 23:03 - 2014-06-11 23:03 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-11 23:03 - 2014-06-11 23:03 - 00000000 ____D () C:\Users\Assistenz\AppData\Local\temp
2014-06-11 23:03 - 2014-06-11 23:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-06-11 22:32 - 2014-06-11 23:03 - 00000000 ____D () C:\Qoobox
2014-06-11 22:32 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-11 22:32 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-11 22:32 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-11 22:32 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-11 22:32 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-11 22:32 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-11 22:32 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-11 22:32 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-11 22:31 - 2014-06-11 23:01 - 00000000 ____D () C:\Windows\erdnt
2014-06-11 22:30 - 2014-06-11 22:30 - 05205915 ____R (Swearware) C:\Users\******\Desktop\ComboFix.exe
2014-06-11 21:08 - 2014-06-12 17:43 - 00021949 _____ () C:\Users\******\Desktop\FRST.txt
2014-06-11 20:12 - 2014-06-12 17:43 - 00000000 ____D () C:\FRST
2014-06-11 20:12 - 2014-06-11 20:12 - 02081792 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2014-06-11 20:05 - 2014-06-11 20:05 - 00000000 ____D () C:\Program Files (x86)\Neuer Ordner
2014-06-11 19:22 - 2014-06-11 19:23 - 00000000 ____D () C:\Users\******\Desktop\CALA 2
2014-06-11 18:34 - 2014-06-11 18:58 - 00000000 ____D () C:\Users\******\AppData\Local\Mozilla
2014-06-11 18:34 - 2014-06-11 18:34 - 00000000 ____D () C:\Users\******\AppData\Roaming\Mozilla
2014-06-11 16:45 - 2014-06-11 16:45 - 00000000 ____D () C:\Users\******\Documents\O&O
2014-06-11 16:45 - 2014-06-11 16:45 - 00000000 ____D () C:\Users\******\AppData\Local\O&O
2014-06-11 16:39 - 2014-06-11 21:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-11 15:35 - 2014-06-11 21:09 - 00000000 ____D () C:\Users\******\AppData\Local\Mozilla
2014-06-11 15:35 - 2014-06-11 15:35 - 00000000 ____D () C:\Users\******\AppData\Roaming\Mozilla
2014-06-11 14:08 - 2014-06-11 14:08 - 00000000 __SHD () C:\Users\******\AppData\Local\EmieUserList
2014-06-11 14:08 - 2014-06-11 14:08 - 00000000 __SHD () C:\Users\******\AppData\Local\EmieSiteList
2014-06-11 13:59 - 2014-06-11 13:59 - 00000000 ____D () C:\Users\******\AppData\Roaming\Malwarebytes
2014-06-11 13:59 - 2014-06-11 13:59 - 00000000 ____D () C:\Users\******\AppData\Local\NVIDIA
2014-06-11 13:37 - 2014-06-11 13:37 - 00000000 ____D () C:\Users\******\AppData\Roaming\Malwarebytes
2014-06-11 06:50 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 06:50 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 06:50 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 06:50 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 06:50 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 06:50 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 06:50 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 06:50 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 06:50 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 06:50 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 06:50 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 06:50 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 06:50 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 06:50 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 06:50 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 06:50 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 06:50 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 06:50 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 06:50 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 06:50 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 06:50 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 06:50 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 06:50 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 06:50 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 06:50 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 06:50 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 06:50 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 06:50 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 06:50 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 06:50 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 06:50 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 06:50 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 06:50 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 06:50 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 06:50 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 06:50 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 06:50 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 06:50 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 06:50 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 06:50 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 06:50 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 06:50 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 06:50 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 06:50 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 06:50 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 06:50 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 06:50 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 06:50 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 06:50 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 06:50 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 06:50 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 06:50 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 06:38 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 06:38 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 06:38 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 06:38 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 06:38 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 06:38 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 06:38 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 06:38 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 06:38 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 06:38 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 06:38 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 06:38 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 06:38 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 06:38 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 06:32 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 06:32 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-10 13:40 - 2014-06-10 13:40 - 00000000 ____D () C:\Users\******\AppData\Roaming\WinRAR
2014-06-04 11:27 - 2014-06-04 11:27 - 00002973 _____ () C:\Users\******\Desktop\14-06-029-027.txt
2014-06-03 15:55 - 2014-06-03 15:55 - 00000000 ____D () C:\Users\******\AppData\OICE_15_974FA576_32C1D314_1F16
2014-05-30 14:58 - 2014-05-30 14:58 - 00000054 _____ () C:\Users\******\Desktop\kindertausch.txt
2014-05-30 14:14 - 2014-06-02 09:48 - 00010255 _____ () C:\Users\******\Desktop\HotelsHannover.xlsx
2014-05-29 13:19 - 2014-05-29 13:24 - 00010216 _____ () C:\Users\******\Desktop\TerminanfrageBerlin1.xlsx
2014-05-28 17:00 - 2014-05-28 17:00 - 00001215 _____ () C:\Users\******\Desktop\HotelsHannover.txt
2014-05-28 11:34 - 2014-05-28 11:34 - 00000000 ____D () C:\Users\******\AppData\OICE_15_974FA576_32C1D314_33CE
2014-05-27 15:42 - 2014-05-27 15:42 - 00043008 _____ () C:\Users\******\Desktop\neue Liste.xls
2014-05-26 13:20 - 2014-05-26 10:00 - 373190979 _____ () C:\Users\******\Desktop\ISYbe_Erklaerfilm.mp4
2014-05-26 13:19 - 2014-05-26 10:00 - 175801613 _____ () C:\Users\******\Desktop\ISYbe_Erklaerfilm.mov
2014-05-26 13:08 - 2014-05-26 13:13 - 00000000 ____D () C:\Users\******\Desktop\anhang2
2014-05-22 15:02 - 2014-05-22 15:02 - 00074472 _____ () C:\Users\******\Desktop\anhang2.zip
2014-05-21 15:47 - 2014-05-21 15:47 - 00000000 ____D () C:\Users\******\AppData\Local\NVIDIA
2014-05-20 17:37 - 2014-05-20 17:37 - 00067046 _____ () C:\Users\******\Desktop\Präsentation Auswertung 2014_BadSaarow.pptx
2014-05-19 23:14 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-05-19 23:14 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-05-19 13:48 - 2014-05-19 13:48 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-19 13:39 - 2014-05-19 13:39 - 00088576 _____ () C:\Users\******\Desktop\Kinderläden_1.xls
2014-05-19 13:31 - 2014-05-19 13:31 - 00037376 _____ () C:\Users\******\Desktop\Kopie von Dresden.xls
2014-05-19 13:17 - 2014-05-19 13:17 - 00000000 ____D () C:\Users\******\AppData\Local\NVIDIA
2014-05-19 13:14 - 2014-05-19 13:14 - 00000000 ____D () C:\Users\******\AppData\Local\NVIDIA
2014-05-19 13:08 - 2014-05-19 13:08 - 00000000 ____D () C:\Users\******\AppData\Local\NVIDIA
2014-05-19 11:38 - 2014-05-19 11:38 - 00000000 ____D () C:\Users\***\AppData\Local\NVIDIA
2014-05-19 11:38 - 2014-05-19 11:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-05-19 10:25 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-05-19 10:25 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-05-19 10:25 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-05-19 10:25 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-05-19 10:25 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-05-19 10:25 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-05-19 10:25 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-05-19 10:25 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-05-19 10:25 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-05-19 10:25 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-05-19 10:25 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-05-19 10:25 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-05-19 10:25 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-05-19 10:25 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-05-19 10:25 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-05-19 10:25 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-05-19 10:24 - 2014-03-04 13:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-19 10:21 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-05-19 10:21 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-05-16 13:53 - 2014-06-11 16:15 - 00000000 ___SD () C:\Users\******\Documents\Meine Datenquellen
2014-05-15 14:41 - 2014-05-15 14:41 - 00028672 _____ () C:\Users\******\Desktop\Teilnehmerliste.xls
2014-05-15 12:44 - 2014-05-15 12:44 - 00000000 ____D () C:\Users\******\AppData\Roaming\Realtime Soft
2014-05-15 12:07 - 2014-05-15 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SplitView
2014-05-15 12:07 - 2014-05-15 12:07 - 00000000 ____D () C:\Program Files (x86)\SplitView 2014
2014-05-15 12:02 - 2014-05-15 12:02 - 01190912 _____ () C:\Users\******\Downloads\SplitView.msi
2014-05-15 08:05 - 2014-05-15 08:05 - 00000000 ___RD () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 08:05 - 2014-05-15 08:05 - 00000000 ___RD () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 16:41 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 16:41 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 16:41 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 16:41 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 16:41 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 16:41 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 16:41 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 16:41 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 16:41 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 16:41 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 16:41 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 16:41 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 16:41 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 16:41 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 16:41 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 16:41 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 16:41 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 16:41 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 16:41 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 16:41 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 16:41 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 16:41 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 16:41 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 16:41 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 16:41 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 16:41 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 16:41 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 16:41 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 16:41 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 16:41 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 16:41 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 16:41 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 16:41 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 16:41 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 16:41 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 16:41 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 16:41 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 16:41 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 16:41 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 16:41 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 16:41 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 16:41 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 16:41 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-13 11:11 - 2014-05-13 11:53 - 00011492 _____ () C:\Users\******\Desktop\Immobilien Berlin.xlsx

==================== One Month Modified Files and Folders =======

2014-06-12 17:43 - 2014-06-11 21:08 - 00021949 _____ () C:\Users\******\Desktop\FRST.txt
2014-06-12 17:43 - 2014-06-11 20:12 - 00000000 ____D () C:\FRST
2014-06-12 17:43 - 2013-10-11 13:57 - 00000000 ____D () C:\Users\******\AppData\Local\Temp
2014-06-12 17:41 - 2014-06-12 17:41 - 00001062 _____ () C:\Users\******\Desktop\JRT.txt
2014-06-12 17:41 - 2011-02-10 19:53 - 01169510 _____ () C:\Windows\WindowsUpdate.log
2014-06-12 17:37 - 2009-07-14 06:45 - 00026000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-12 17:37 - 2009-07-14 06:45 - 00026000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-12 17:36 - 2014-06-12 17:36 - 00000000 ____D () C:\Windows\ERUNT
2014-06-12 17:35 - 2014-06-12 17:35 - 01016261 _____ (Thisisu) C:\Users\******\Desktop\JRT.exe
2014-06-12 17:33 - 2014-06-12 16:37 - 00000000 ____D () C:\AdwCleaner
2014-06-12 17:32 - 2014-06-12 17:32 - 00001593 _____ () C:\Users\******\Desktop\AdwCleaner[S0]-2.txt
2014-06-12 17:30 - 2011-03-23 13:37 - 00000000 ____D () C:\ProgramData\VMware
2014-06-12 17:30 - 2011-03-17 13:58 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-12 17:30 - 2011-02-13 13:16 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-06-12 17:29 - 2011-08-07 09:49 - 00024174 _____ () C:\Windows\setupact.log
2014-06-12 17:29 - 2011-02-14 13:47 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-12 17:29 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-12 17:28 - 2011-09-01 09:26 - 00662776 _____ () C:\Windows\PFRO.log
2014-06-12 17:24 - 2014-06-12 17:24 - 00002787 _____ () C:\Users\******\Desktop\AdwCleaner[S0].txt
2014-06-12 17:22 - 2013-10-11 17:22 - 00129472 _____ () C:\Users\******\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-12 17:20 - 2009-07-14 06:45 - 00483672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-12 17:17 - 2014-06-11 23:03 - 00000000 ____D () C:\Users\******\AppData\Local\temp
2014-06-12 17:14 - 2011-02-10 21:12 - 00000000 ____D () C:\Users\******\Documents\Outlook-Dateien
2014-06-12 17:05 - 2014-06-11 23:03 - 00000000 ____D () C:\Users\******\AppData\Local\temp
2014-06-12 17:05 - 2012-11-14 11:24 - 00000000 ___RD () C:\Users\******\Dropbox
2014-06-12 17:02 - 2013-11-07 17:30 - 00000000 ____D () C:\Users\***\Documents\Outlook-Dateien
2014-06-12 17:01 - 2014-06-11 23:03 - 00000000 ____D () C:\Users\***\AppData\Local\temp
2014-06-12 17:00 - 2014-06-12 09:57 - 00000000 ____D () C:\Users\***\Documents\Anika
2014-06-12 16:59 - 2014-06-11 23:03 - 00000000 ____D () C:\Users\******\AppData\Local\temp
2014-06-12 16:59 - 2011-12-05 11:42 - 00000000 ____D () C:\Users\******\Documents\Outlook-Dateien
2014-06-12 16:58 - 2012-06-27 17:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-12 16:48 - 2011-03-17 13:58 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-12 16:37 - 2014-06-12 16:37 - 01333465 _____ () C:\Users\******\Desktop\adwcleaner_3.212.exe
2014-06-12 16:03 - 2012-10-12 08:08 - 00000000 ____D () C:\Users\******\Desktop\Vorlagen
2014-06-12 14:35 - 2012-07-03 14:15 - 00129472 _____ () C:\Users\******\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-12 14:28 - 2013-11-07 17:15 - 00129472 _____ () C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-12 14:28 - 2011-12-05 11:36 - 00129472 _____ () C:\Users\******\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-12 14:26 - 2014-06-12 14:26 - 00000000 ____D () C:\Users\******\AppData\Roaming\Tracker Software
2014-06-12 14:25 - 2011-02-10 20:11 - 00129472 _____ () C:\Users\******\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-12 14:24 - 2014-06-12 14:24 - 00001042 _____ () C:\Users\Public\Desktop\PDF-XChange Editor.lnk
2014-06-12 14:24 - 2014-06-12 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange
2014-06-12 14:24 - 2014-06-12 14:24 - 00000000 ____D () C:\Program Files\Tracker Software
2014-06-12 14:22 - 2014-06-12 14:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-12 14:21 - 2014-06-12 14:21 - 00000000 ____D () C:\Users\******\Downloads\PDFXVE5
2014-06-12 14:15 - 2014-06-12 14:13 - 54047280 _____ () C:\Users\******\Downloads\PDFXVE5.zip
2014-06-12 14:10 - 2011-02-13 15:59 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-12 14:08 - 2012-11-19 11:13 - 00000000 ____D () C:\Users\******\Desktop\BERLIN
2014-06-12 13:48 - 2014-06-12 13:48 - 00000000 ____D () C:\Users\******\AppData\Roaming\WinRAR
2014-06-12 12:03 - 2013-01-25 15:21 - 00000000 ____D () C:\Users\******\Desktop\einnahmen_online
2014-06-12 11:29 - 2012-11-08 15:50 - 00000000 ____D () C:\Users\******\AppData\Roaming\Dropbox
2014-06-12 11:02 - 2014-06-12 11:01 - 00000000 ____D () C:\Users\******\AppData\Roaming\DropboxMaster
2014-06-12 11:01 - 2012-11-14 11:59 - 00001046 _____ () C:\Users\******\Desktop\Dropbox.lnk
2014-06-12 11:01 - 2012-11-14 11:55 - 00000000 ____D () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-12 10:40 - 2014-06-12 10:40 - 00039997 _____ () C:\Users\******\AppData\Local\recently-used.xbel
2014-06-12 10:40 - 2012-11-14 12:30 - 00000000 ____D () C:\Users\******\.gimp-2.8
2014-06-12 10:11 - 2012-01-05 20:52 - 00018432 _____ () C:\Users\******\Documents\Passwörter.xlsx
2014-06-12 09:26 - 2013-05-22 09:01 - 00005142 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ******-****** ******
2014-06-12 09:17 - 2014-02-10 17:30 - 00005174 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ******-****** ******
2014-06-12 09:05 - 2012-01-03 09:25 - 00000680 __RSH () C:\Users\******\ntuser.pol
2014-06-12 09:05 - 2011-02-10 20:03 - 00000000 ____D () C:\Users\******
2014-06-12 08:45 - 2013-11-07 17:13 - 00000680 __RSH () C:\Users\***\ntuser.pol
2014-06-12 08:45 - 2013-11-07 17:13 - 00000000 ____D () C:\Users\***
2014-06-12 08:42 - 2012-01-03 09:37 - 00004700 __RSH () C:\Users\******\ntuser.pol
2014-06-12 08:42 - 2011-12-05 11:35 - 00000000 ____D () C:\Users\******
2014-06-12 08:39 - 2014-06-12 08:39 - 00003408 ____N () C:\bootsqm.dat
2014-06-12 08:29 - 2014-06-12 08:29 - 00000000 __SHD () C:\found.001
2014-06-12 00:00 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-06-11 23:25 - 2014-02-13 06:02 - 00000000 ____D () C:\Windows\rescache
2014-06-11 23:15 - 2013-10-25 14:12 - 00000000 ____D () C:\Users\******\AppData\Local\Temp
2014-06-11 23:03 - 2014-06-11 23:03 - 00035484 _____ () C:\ComboFix.txt
2014-06-11 23:03 - 2014-06-11 23:03 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp
2014-06-11 23:03 - 2014-06-11 23:03 - 00000000 ____D () C:\Users\Steffen Woywode\AppData\Local\temp
2014-06-11 23:03 - 2014-06-11 23:03 - 00000000 ____D () C:\Users\Redaktion_4\AppData\Local\temp
2014-06-11 23:03 - 2014-06-11 23:03 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-11 23:03 - 2014-06-11 23:03 - 00000000 ____D () C:\Users\Praktikant 1\AppData\Local\temp
2014-06-11 23:03 - 2014-06-11 23:03 - 00000000 ____D () C:\Users\******\AppData\Local\temp
2014-06-11 23:03 - 2014-06-11 23:03 - 00000000 ____D () C:\Users\Lars\AppData\Local\temp
2014-06-11 23:03 - 2014-06-11 23:03 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-11 23:03 - 2014-06-11 23:03 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-11 23:03 - 2014-06-11 23:03 - 00000000 ____D () C:\Users\Assistenz\AppData\Local\temp
2014-06-11 23:03 - 2014-06-11 23:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-06-11 23:03 - 2014-06-11 22:32 - 00000000 ____D () C:\Qoobox
2014-06-11 23:03 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-11 23:01 - 2014-06-11 22:31 - 00000000 ____D () C:\Windows\erdnt
2014-06-11 23:01 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-11 22:56 - 2013-10-11 17:22 - 00000000 ____D () C:\Users\******\AppData\Local\Adobe
2014-06-11 22:30 - 2014-06-11 22:30 - 05205915 ____R (Swearware) C:\Users\******\Desktop\ComboFix.exe
2014-06-11 21:59 - 2013-10-25 14:12 - 00000680 __RSH () C:\Users\******\ntuser.pol
2014-06-11 21:59 - 2013-10-25 14:12 - 00000000 ____D () C:\Users\******
2014-06-11 21:09 - 2014-06-11 16:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-11 21:09 - 2014-06-11 15:35 - 00000000 ____D () C:\Users\******\AppData\Local\Mozilla
2014-06-11 21:05 - 2013-11-06 15:40 - 00007601 _____ () C:\Users\******\AppData\Local\Resmon.ResmonCfg
2014-06-11 20:12 - 2014-06-11 20:12 - 02081792 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2014-06-11 20:05 - 2014-06-11 20:05 - 00000000 ____D () C:\Program Files (x86)\Neuer Ordner
2014-06-11 19:36 - 2013-09-06 09:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 19:34 - 2011-02-21 12:26 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 19:33 - 2013-12-12 04:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-06-11 19:33 - 2011-02-10 20:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-11 19:29 - 2014-04-30 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-11 19:23 - 2014-06-11 19:22 - 00000000 ____D () C:\Users\******\Desktop\CALA 2
2014-06-11 18:58 - 2014-06-11 18:34 - 00000000 ____D () C:\Users\******\AppData\Local\Mozilla
2014-06-11 18:34 - 2014-06-11 18:34 - 00000000 ____D () C:\Users\******\AppData\Roaming\Mozilla
2014-06-11 18:04 - 2012-09-13 17:33 - 00000000 ___RD () C:\Sandbox
2014-06-11 17:21 - 2011-02-14 14:12 - 03236864 _____ () C:\Users\******\Documents\****** Otto.QBW
2014-06-11 17:19 - 2011-02-14 14:12 - 00000000 ____D () C:\Users\******\Documents\Buchhaltung und Rechnungswesen
2014-06-11 16:55 - 2013-10-22 18:10 - 00000000 ____D () C:\Users\******\AppData\Local\Google
2014-06-11 16:55 - 2011-02-13 18:09 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-11 16:49 - 2011-02-13 18:09 - 00000000 ____D () C:\Users\******\AppData\Local\Google
2014-06-11 16:45 - 2014-06-11 16:45 - 00000000 ____D () C:\Users\******\Documents\O&O
2014-06-11 16:45 - 2014-06-11 16:45 - 00000000 ____D () C:\Users\******\AppData\Local\O&O
2014-06-11 16:41 - 2013-10-25 14:25 - 00000000 ____D () C:\Users\******\AppData\Local\Google
2014-06-11 16:32 - 2012-07-30 13:17 - 00000000 ____D () C:\Users\******\AppData\Local\Google
2014-06-11 16:15 - 2014-05-16 13:53 - 00000000 ___SD () C:\Users\******\Documents\Meine Datenquellen
2014-06-11 16:15 - 2014-02-06 10:09 - 00000000 ____D () C:\Users\******\AppData\Local\gladinet
2014-06-11 16:15 - 2013-10-25 14:14 - 00000000 ____D () C:\Users\******\AppData\Roaming\Apple Computer
2014-06-11 16:15 - 2013-10-25 14:12 - 00000000 ____D () C:\Users\******\AppData\Roaming\Adobe
2014-06-11 16:15 - 2013-01-29 17:22 - 00000000 ____D () C:\ProgramData\StarMoney Business 5.0
2014-06-11 16:15 - 2013-01-29 16:36 - 00000000 ____D () C:\ProgramData\StarMoney 8.0
2014-06-11 16:15 - 2011-06-10 11:58 - 00000000 ____D () C:\ProgramData\Skype Extras
2014-06-11 16:15 - 2011-03-07 14:56 - 00000000 ____D () C:\ProgramData\StarMoney Business 4.0
2014-06-11 16:15 - 2011-02-25 14:24 - 00000000 ____D () C:\ProgramData\Skype
2014-06-11 16:15 - 2011-02-22 19:17 - 00000000 ____D () C:\Users\Public\Documents\Lexware
2014-06-11 16:15 - 2011-02-13 14:07 - 00000000 ____D () C:\ProgramData\TAPICall
2014-06-11 15:35 - 2014-06-11 15:35 - 00000000 ____D () C:\Users\******\AppData\Roaming\Mozilla
2014-06-11 14:14 - 2012-06-27 17:42 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-11 14:14 - 2012-06-27 17:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-11 14:14 - 2011-06-22 13:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-11 14:08 - 2014-06-11 14:08 - 00000000 __SHD () C:\Users\******\AppData\Local\EmieUserList
2014-06-11 14:08 - 2014-06-11 14:08 - 00000000 __SHD () C:\Users\******\AppData\Local\EmieSiteList
2014-06-11 13:59 - 2014-06-11 13:59 - 00000000 ____D () C:\Users\******\AppData\Roaming\Malwarebytes
2014-06-11 13:59 - 2014-06-11 13:59 - 00000000 ____D () C:\Users\******\AppData\Local\NVIDIA
2014-06-11 13:57 - 2013-10-25 14:13 - 00000000 ___RD () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-11 13:37 - 2014-06-11 13:37 - 00000000 ____D () C:\Users\******\AppData\Roaming\Malwarebytes
2014-06-11 11:52 - 2013-11-29 09:47 - 00239104 _____ () C:\Users\***\Desktop\adressen_berlin.xls
2014-06-10 13:42 - 2013-12-20 10:05 - 00000280 ____H () C:\Users\Public\Documents\~$Vertrags und Umsatzübersicht 2013.xlsx
2014-06-10 13:40 - 2014-06-10 13:40 - 00000000 ____D () C:\Users\******\AppData\Roaming\WinRAR
2014-06-10 08:14 - 2012-09-13 17:32 - 00002362 _____ () C:\Windows\Sandboxie.ini
2014-06-08 11:13 - 2014-06-11 06:32 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-11 06:32 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-04 14:05 - 2014-02-21 15:21 - 00000000 ____D () C:\Users\***\Desktop\GbR Aufträge
2014-06-04 11:27 - 2014-06-04 11:27 - 00002973 _____ () C:\Users\******\Desktop\14-06-029-027.txt
2014-06-03 15:55 - 2014-06-03 15:55 - 00000000 ____D () C:\Users\******\AppData\OICE_15_974FA576_32C1D314_1F16
2014-06-03 12:05 - 2011-02-13 15:56 - 00000000 ___RD () C:\Users\******\Desktop\Kribbelbunt
2014-06-03 09:04 - 2013-11-18 15:01 - 00968704 _____ () C:\Users\***\Desktop\Archiv_60plusminus_Stand_April_2013.xls
2014-06-02 16:25 - 2013-12-02 10:42 - 00000000 ____D () C:\Users\******\Desktop\angebotsbanner
2014-06-02 09:48 - 2014-05-30 14:14 - 00010255 _____ () C:\Users\******\Desktop\HotelsHannover.xlsx
2014-05-30 14:58 - 2014-05-30 14:58 - 00000054 _____ () C:\Users\******\Desktop\kindertausch.txt
2014-05-30 12:21 - 2014-06-11 06:50 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-11 06:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-11 06:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-11 06:50 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-11 06:50 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-11 06:50 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-11 06:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-11 06:50 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-11 06:50 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-11 06:50 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-11 06:50 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-11 06:50 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-11 06:50 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-11 06:50 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-11 06:50 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-11 06:50 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-11 06:50 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-11 06:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-11 06:50 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-11 06:50 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-11 06:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-11 06:50 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-11 06:50 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-11 06:50 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-11 06:50 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-11 06:50 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-11 06:50 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-11 06:50 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-11 06:50 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-11 06:50 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-11 06:50 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-11 06:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-11 06:50 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-11 06:50 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-11 06:50 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-11 06:50 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-11 06:50 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:07 - 2013-03-26 12:09 - 00038062 _____ () C:\Users\******\Desktop\internetagenturen.xlsx
2014-05-30 10:06 - 2014-06-11 06:50 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-11 06:50 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-11 06:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-11 06:50 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-11 06:50 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-11 06:50 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-11 06:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-11 06:50 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-11 06:50 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-11 06:50 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-11 06:50 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-11 06:50 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-11 06:50 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-11 06:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-11 06:50 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-30 08:12 - 2013-12-09 10:31 - 00000000 ____D () C:\Users\******\steffen
2014-05-29 14:19 - 2013-09-05 09:27 - 00000000 ____D () C:\Users\******\Desktop\Potential
2014-05-29 14:18 - 2014-02-10 10:17 - 00000000 ____D () C:\Users\******\Desktop\Excel
2014-05-29 13:24 - 2014-05-29 13:19 - 00010216 _____ () C:\Users\******\Desktop\TerminanfrageBerlin1.xlsx
2014-05-29 11:09 - 2013-08-09 14:54 - 00014332 _____ () C:\Users\******\Desktop\schönheitschirurgie_berlin.xlsx
2014-05-28 17:00 - 2014-05-28 17:00 - 00001215 _____ () C:\Users\******\Desktop\HotelsHannover.txt
2014-05-28 11:34 - 2014-05-28 11:34 - 00000000 ____D () C:\Users\******\AppData\OICE_15_974FA576_32C1D314_33CE
2014-05-28 08:10 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-05-27 15:42 - 2014-05-27 15:42 - 00043008 _____ () C:\Users\******\Desktop\neue Liste.xls
2014-05-27 13:45 - 2014-01-13 10:41 - 00000000 ____D () C:\Users\***\Desktop\KIDS UND CO VERTRÄGE
2014-05-26 13:48 - 2014-04-17 13:55 - 00000000 ____D () C:\Users\******\AppData\Roaming\vlc
2014-05-26 13:13 - 2014-05-26 13:08 - 00000000 ____D () C:\Users\******\Desktop\anhang2
2014-05-26 10:49 - 2013-01-28 10:20 - 00000000 ____D () C:\Users\******\texte_linkpartner, teliad, anschreiben
2014-05-26 10:33 - 2013-06-14 09:51 - 00000000 ____D () C:\Users\******\Desktop\Anzeigen
2014-05-26 10:00 - 2014-05-26 13:20 - 373190979 _____ () C:\Users\******\Desktop\ISYbe_Erklaerfilm.mp4
2014-05-26 10:00 - 2014-05-26 13:19 - 175801613 _____ () C:\Users\******\Desktop\ISYbe_Erklaerfilm.mov
2014-05-22 15:02 - 2014-05-22 15:02 - 00074472 _____ () C:\Users\******\Desktop\anhang2.zip
2014-05-22 13:01 - 2012-05-07 14:12 - 00000000 ____D () C:\Users\******\AppData\Local\FreePDF_XP
2014-05-21 15:47 - 2014-05-21 15:47 - 00000000 ____D () C:\Users\******\AppData\Local\NVIDIA
2014-05-20 17:37 - 2014-05-20 17:37 - 00067046 _____ () C:\Users\******\Desktop\Präsentation Auswertung 2014_BadSaarow.pptx
2014-05-19 13:48 - 2014-05-19 13:48 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-19 13:39 - 2014-05-19 13:39 - 00088576 _____ () C:\Users\******\Desktop\Kinderläden_1.xls
2014-05-19 13:31 - 2014-05-19 13:31 - 00037376 _____ () C:\Users\******\Desktop\Kopie von Dresden.xls
2014-05-19 13:17 - 2014-05-19 13:17 - 00000000 ____D () C:\Users\******\AppData\Local\NVIDIA
2014-05-19 13:14 - 2014-05-19 13:14 - 00000000 ____D () C:\Users\******\AppData\Local\NVIDIA
2014-05-19 13:08 - 2014-05-19 13:08 - 00000000 ____D () C:\Users\******\AppData\Local\NVIDIA
2014-05-19 11:38 - 2014-05-19 11:38 - 00000000 ____D () C:\Users\***\AppData\Local\NVIDIA
2014-05-19 11:38 - 2014-05-19 11:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-05-19 10:25 - 2011-02-14 13:39 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-19 10:25 - 2011-02-14 13:38 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-05-19 10:13 - 2013-10-25 14:14 - 00129864 _____ () C:\Users\******\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-19 09:42 - 2011-02-10 20:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-05-19 09:42 - 2009-07-14 20:18 - 00000000 ____D () C:\Windows\ShellNew
2014-05-19 09:35 - 2009-07-14 04:34 - 00000478 _____ () C:\Windows\win.ini
2014-05-15 16:21 - 2014-05-12 10:37 - 00011958 _____ () C:\Users\******\Desktop\Kochloft 13.05.-Zusagen.xlsx
2014-05-15 14:41 - 2014-05-15 14:41 - 00028672 _____ () C:\Users\******\Desktop\Teilnehmerliste.xls
2014-05-15 14:14 - 2011-12-05 11:35 - 00000000 ___RD () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 14:14 - 2011-12-05 11:35 - 00000000 ___RD () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 14:10 - 2013-10-11 17:22 - 00000000 ___RD () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 14:10 - 2013-10-11 17:22 - 00000000 ___RD () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 14:10 - 2013-10-11 17:21 - 00000680 __RSH () C:\Users\******\ntuser.pol
2014-05-15 14:10 - 2013-10-11 13:57 - 00000000 ____D () C:\Users\******
2014-05-15 12:52 - 2011-02-14 14:19 - 00000000 ____D () C:\Users\******\AppData\Roaming\UseNeXT
2014-05-15 12:44 - 2014-05-15 12:44 - 00000000 ____D () C:\Users\******\AppData\Roaming\Realtime Soft
2014-05-15 12:34 - 2011-02-13 15:38 - 00002334 ____H () C:\Users\******\Documents\Default.rdp
2014-05-15 12:07 - 2014-05-15 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SplitView
2014-05-15 12:07 - 2014-05-15 12:07 - 00000000 ____D () C:\Program Files (x86)\SplitView 2014
2014-05-15 12:02 - 2014-05-15 12:02 - 01190912 _____ () C:\Users\******\Downloads\SplitView.msi
2014-05-15 09:45 - 2013-10-25 14:13 - 00000000 ___RD () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 08:54 - 2011-02-10 20:03 - 00000000 ___RD () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 08:54 - 2011-02-10 20:03 - 00000000 ___RD () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 08:05 - 2014-05-15 08:05 - 00000000 ___RD () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 08:05 - 2014-05-15 08:05 - 00000000 ___RD () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 08:05 - 2013-11-07 17:14 - 00000000 ___RD () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 08:05 - 2013-11-04 09:56 - 00000000 ___RD () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 08:04 - 2012-07-03 14:14 - 00000680 __RSH () C:\Users\******\ntuser.pol
2014-05-15 08:04 - 2012-07-03 14:14 - 00000000 ____D () C:\Users\******
2014-05-15 03:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-13 11:53 - 2014-05-13 11:11 - 00011492 _____ () C:\Users\******\Desktop\Immobilien Berlin.xlsx

Files to move or delete:
====================
C:\Users\Public\OutlookConfigurator.exe


Some content of TEMP:
====================
C:\Users\******\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxu1s5q.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 00:53

==================== End Of Log ============================
--- --- ---

--- --- ---

datekk 12.06.2014 16:56
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-06-2014 01
Ran by ****** at 2014-06-12 17:44:03
Running from C:\Users\******\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.08 - GIGABYTE)
Acronis*True*Image*Home 2011 (HKLM-x32\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6868 - Acronis)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoGreen B09.1014.2 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B09.1014.2 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Business Contact Manager for Microsoft Outlook (x32 Version: 4.0.12006.0 - Microsoft Corporation) Hidden
Business Contact Manager für Microsoft Outlook (HKLM-x32\...\Business Contact Manager) (Version: 4.0.12006.0 - Microsoft Corporation)
Business Contact Manager-Datenbanktool für Outlook 2013 (HKLM-x32\...\{2BB0BA87-5047-4573-B955-717801C7ABC4}) (Version: 4.0.12124.0 - Microsoft Corporation)
CallBridge Collection (HKLM\...\{0F9DA620-7664-4E37-8F79-6D24A9E61609}) (Version: 2.3.00.00 - Siemens Enterprise Communications GmbH & Co. KG)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.9.6 - REINER SCT)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{2BC398D2-11C8-43B1-AB84-675D33EB28C2}) (Version:  - Microsoft)
DES 2.0 (HKLM-x32\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte)
D-Link SmartConsole Utility (x32 Version: 3.00.10 - D-Link) Hidden
Easy Tune 6 B10.0521.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B10.0521.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
Fahrtenbuch.de Version 10 (HKLM-x32\...\{B1F0FE76-83C6-47F2-BD0D-40FF96E47508}_is1) (Version:  - Dipl.-Ing. Mey Mark Meyer)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
Gigaset QuickSync (HKLM\...\{b49e8cfb-f094-4467-925a-97c23972cb50}) (Version: 8.3.0868.3 - Gigaset Communications GmbH)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Gladinet Cloud Desktop (HKLM-x32\...\{E940323D-C6B8-4E71-979D-0D476EDB0D63}) (Version: 4.0.1027 - Gladinet)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.05) (Version: 9.05 - Artifex Software Inc.)
HiPath 3000 Manager E  68.50.652.0 (HKLM-x32\...\{4736607E-57BF-11D4-9881-005004EDBBBD}) (Version:  - )
HiPath TAPI 120 SP V2 (HKLM\...\{42C95128-4207-4516-B4FF-12DBDADC58E0}) (Version: 2.0.66.0000 - Siemens Enterprise Communications GmbH & Co. KG)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation)
iCloud (HKLM\...\{D0CB24F4-084F-40DE-B6B9-A03626E682F0}) (Version: 2.1.1.3 - Apple Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)
Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 13 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416013FF}) (Version: 6.0.130 - Sun Microsystems, Inc.)
Java(TM) 6 Update 2 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160020}) (Version: 1.6.0.20 - Sun Microsystems, Inc.)
Java(TM) 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Keeeb  (HKLM-x32\...\{1926B88C-7FAE-4121-A973-7D51FDD394D5}) (Version: 1.2.17 - Keeeb GmbH (Powered by kangoextensions.com)) <==== ATTENTION
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
Lexware Abschreibungsrechner (HKLM-x32\...\{25F5FB5A-5BFF-4E13-ADCD-A450DF51018C}) (Version: 10.00.04.0001 - Haufe-Lexware GmbH & Co.KG)
Lexware Abschreibungsrechner (x32 Version: 4.60.00.0000 - Lexware) Hidden
Lexware büro easy 2011 (HKLM-x32\...\{4451CEE8-8904-44B4-BADD-90878F269063}) (Version: 24.00.04.0033 - Haufe-Lexware GmbH & Co.KG)
Lexware Elster (HKLM-x32\...\{41102DB9-776E-40FA-9085-4554C93A3719}) (Version: 10.20.00.0134 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (HKLM-x32\...\{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}) (Version: 2.70.00.0081 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (HKLM-x32\...\{6BC4DC1E-3798-4CF4-9088-A6864DFAE1B2}) (Version: 13.00.00.0040 - Haufe-Lexware GmbH & Co.KG)
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware Version 1.70.0.1100 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
map&guide 2010 (HKLM-x32\...\{DE42A372-C79F-4DB7-9E53-529E632E5919}) (Version: 2010.00.000 - PTV AG)
MaxBulk Mailer 7.7.0 (HKLM-x32\...\MaxBulk Mailer_is1) (Version:  - Max Programming LLC)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access database engine 2010 (German) (HKLM-x32\...\{90140000-00D1-0407-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Access MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft AutoRoute 2013 (HKLM-x32\...\{C82185E8-C27B-4EF4-2013-3333BC2C2B6D}) (Version: 19.0.21.0500 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 Language Pack - deu (HKLM-x32\...\{742D41A9-B3BF-3A65-806E-F8372FB3E492}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft DCF MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 64-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Access database engine 2007 (German) (HKLM-x32\...\{90120000-00D1-0407-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Korrekturhilfen 2013 - Deutsch (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Language Pack – Deutsch (Business Contact Manager für Microsoft Outlook) (x32 Version: 4.0.12006.0 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Online Services-Anmeldeassistent (HKLM\...\{E20B2752-0909-4B28-B8A9-A9BE519CA1A1}) (Version: 7.250.4287.0 - Microsoft Corporation)
Microsoft Outlook MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Facebook 32-bit (HKLM-x32\...\{95140000-007C-0409-0000-0000000FF1CE}) (Version: 14.0.5117.5000 - Microsoft Corporation)
Microsoft PowerPoint MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft ReportViewer 2010 Redistributable (HKLM-x32\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Management Studio (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Policies (HKLM-x32\...\{695E67B6-8B95-4160-9650-92974980CDC1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64 Bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64 Bit) (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{8798322F-74EC-479B-BC02-33EB50519F1C}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2-Setup (Deutsch) (HKLM\...\{857B51DF-ECF0-44D1-B51E-66DCF3FF59C7}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{8DD113A8-811A-404E-A4D7-443D014946AC}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1-Abfragetools (Deutsch) (HKLM-x32\...\{0DD2DCC6-21AE-4678-8629-1084B17BE077}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{F0DA699A-5279-49F2-AC5C-1BA58B3CC613}) (Version: 3.5.8082.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{419A1C86-B998-4395-A848-AA95E8869E13}) (Version: 3.5.8082.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{FBBA9369-3A6B-4EE3-9C53-DA0D29C2FC95}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable Package (x32 Version: 1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Word MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 30.0 (x86 de) (HKCU\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
MSI Afterburner 2.0.0 Beta 4 (HKLM-x32\...\Afterburner) (Version: 2.0.0 Beta 4 - MSI Co., LTD)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.0.1 - Vitalwerks Internet Solutions LLC)
NVIDIA 3D Vision Controller-Treiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.145.1024 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.4.0 - NVIDIA Corporation) Hidden
O&O SafeErase Professional (HKLM\...\{12DA3057-6836-4C8B-A44D-A447474E302B}) (Version: 6.0.267 - O&O Software GmbH)
ON_OFF Charge B10.0427.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Paragon Partition Manager™ 11 Professional (HKLM-x32\...\{A35001F0-F1E4-11DD-A38B-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF-XChange Editor (HKLM-x32\...\{432fd021-e5dc-49cc-95fb-779d69f492ca}) (Version: 5.5.308.1 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Editor (Version: 5.5.308.1 - Tracker Software Products (Canada) Ltd.) Hidden
PL-2303 Vista Driver Installer (HKLM-x32\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.2.0.0 - Prolific)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6077 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Sandboxie 3.74 (64-bit) (HKLM\...\Sandboxie) (Version: 3.74 - SANDBOXIE L.T.D)
SaxoTrader 2 (HKLM-x32\...\{024D66E9-D50C-44A7-92B4-2DFDDD95D228}) (Version: 2.102.26.0 - Saxo Bank)
Secunia PSI (3.0.0.3001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.3001 - Secunia)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Service Pack 1 für SQL Server 2008 R2 (KB2528583) (64-bit) (HKLM\...\KB2528583) (Version: 10.51.2500.0 - Microsoft Corporation)
Service Pack 3 für SQL Server 2008 (KB2546951) (HKLM-x32\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Hidden
Siemens USB Driver V2 R1.2.0 (HKLM\...\{9CD6D175-052D-4D70-9467-C2F209012E7F}) (Version: 2.1.2 - Siemens Enterprise Communications GmbH & Co. KG)
SIW version 2011.07.07 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.07.07 - Topala Software Solutions)
Smart 6 B10.0422.1 (HKLM-x32\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE)
SmartFTP Client (HKLM\...\{C64CD0D9-32D0-4514-982B-A69EB1C73F51}) (Version: 4.1.1307.0 - SmartSoft Ltd.)
SmartFTP Client German (Germany) MUI (HKLM\...\{2ED5E434-7321-4B62-9EC9-8732871BBB2B}) (Version: 4.1.1307.0 - SmartSoft Ltd.)
SplitView 2014 (HKLM-x32\...\{A9A577BC-7793-4BE3-8D3F-8D15E2AE09D5}) (Version: 14.2 - Vyooh)
SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
StarMoney (x32 Version: 2.0 - StarFinanz) Hidden
StarMoney (x32 Version: 3.0.5.8 - StarFinanz) Hidden
StarMoney Business 4.0  (HKLM-x32\...\{4F7970E7-5E16-44A8-BD59-C4E8C4EDDAE8}) (Version: 4.0 - Star Finanz GmbH)
StarMoney Business 5.0 S-Edition (HKLM-x32\...\{0E8531EE-2B57-418C-9102-EE477F2F9369}) (Version: 5.0 - Star Finanz GmbH)
TAPICall 4.2.45 (HKLM-x32\...\{5122769F-C328-4604-9A4A-35AEE5FD05D6}) (Version: 4.2.45 - CONVERGIT GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)
tools-freebsd (x32 Version: 8.8.1.528992 - VMware, Inc.) Hidden
tools-linux (x32 Version: 8.8.1.528992 - VMware, Inc.) Hidden
tools-netware (x32 Version: 8.8.1.528992 - VMware, Inc.) Hidden
tools-solaris (x32 Version: 8.8.1.528992 - VMware, Inc.) Hidden
tools-windows (x32 Version: 8.8.1.528992 - VMware, Inc.) Hidden
tools-winPre2k (x32 Version: 8.8.1.528992 - VMware, Inc.) Hidden
TuneUp Utilities 2012 (HKLM-x32\...\TuneUp Utilities 2012) (Version: 12.0.3600.73 - TuneUp Software)
TuneUp Utilities 2012 (x32 Version: 12.0.3600.73 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.171 - TuneUp Software) Hidden
Ulead PhotoImpact 12 (HKLM-x32\...\{11AFE21E-B193-430D-B57A-DFF7815BB962}) (Version: 12.0 - Ulead System)
UltraMon (HKLM\...\{537056B7-32A4-4408-9B54-0341963C7C9C}) (Version: 3.1.0 - Realtime Soft Ltd)
Unterstützungsdateien für Microsoft SQL Server 2008-Setup  (HKLM\...\{D8125A39-ADEE-4187-B04D-DB6CF489AF61}) (Version: 10.3.5500.0 - Microsoft Corporation)
Update for Microsoft Excel 2013 (KB2881014) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{33BAD262-B737-4DFA-8527-02961A9CE7BB}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881014) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.PROPLUS_{33BAD262-B737-4DFA-8527-02961A9CE7BB}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881014) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0407-0000-0000000FF1CE}_Office15.PROPLUS_{33BAD262-B737-4DFA-8527-02961A9CE7BB}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881014) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0407-0000-0000000FF1CE}_Office15.PROPLUS_{33BAD262-B737-4DFA-8527-02961A9CE7BB}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881014) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.PROPLUS_{33BAD262-B737-4DFA-8527-02961A9CE7BB}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2850074) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUS_{968E82F6-FAF7-45E0-BCC0-EF8AA31A4EB3}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{45B7D395-EB9B-414F-9E46-5849B42326E2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{66421820-D3CA-450A-898C-78D7E40108E6}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.PROPLUS_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{B7EA8070-C37F-4617-82F4-52CF3304595A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{9BC5FF1D-9626-44D7-BC7F-EB44BD8BDB9F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2878313) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{1FB43AFB-8112-41B9-B9A6-A43474F46123}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880457) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{D27F6360-AE1E-4C8C-8ECD-C0375E20B923}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.PROPLUS_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880464) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{06EF2BF7-7351-4D70-A0D5-588FCCF9808D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880476) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{DDF64A37-8E32-406E-A94C-9F5B03661A21}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880476) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DDF64A37-8E32-406E-A94C-9F5B03661A21}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7C5CEE0F-6823-4BB7-A28F-76FEC14EB6AC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880991) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0407-0000-0000000FF1CE}_Office15.PROPLUS_{071A9ED9-C72F-4CDA-9A88-F100C5EF9EE1}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880991) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0409-0000-0000000FF1CE}_Office15.PROPLUS_{3365FE58-896F-45DE-8051-E48F6D8069FD}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880991) 32-Bit Edition (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}_Office15.PROPLUS_{A2D4D766-14AE-46CA-BD99-801FB1523626}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880991) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0410-0000-0000000FF1CE}_Office15.PROPLUS_{FE13BE31-2B5B-4D4E-8538-B3BB9B370C66}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.PROPLUS_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{90150000-0090-0407-0000-0000000FF1CE}_Office15.PROPLUS_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881018) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{D3CFB57E-39C0-4D2F-96D2-EC8BB1DB369D}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881018) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D3CFB57E-39C0-4D2F-96D2-EC8BB1DB369D}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881018) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0407-1000-0000000FF1CE}_Office15.PROPLUS_{D3CFB57E-39C0-4D2F-96D2-EC8BB1DB369D}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881018) 32-Bit Edition (HKLM-x32\...\{90150000-00BA-0407-0000-0000000FF1CE}_Office15.PROPLUS_{D3CFB57E-39C0-4D2F-96D2-EC8BB1DB369D}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2880458) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{E102B907-56A0-476E-9D7F-D74C7C42527F}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2880458) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E102B907-56A0-476E-9D7F-D74C7C42527F}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2880458) 32-Bit Edition (HKLM-x32\...\{90150000-00A1-0407-0000-0000000FF1CE}_Office15.PROPLUS_{E102B907-56A0-476E-9D7F-D74C7C42527F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0407-0000-0000000FF1CE}_Office15.PROPLUS_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881000) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{4F3B2C6F-B7F9-431F-84ED-C29F47B31DB7}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881000) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0407-0000-0000000FF1CE}_Office15.PROPLUS_{4F3B2C6F-B7F9-431F-84ED-C29F47B31DB7}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2726952) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{173C8CEB-B73E-4C38-AF3A-05EA5BB860D4}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2726952) 32-Bit Edition (HKLM-x32\...\{90150000-0019-0407-0000-0000000FF1CE}_Office15.PROPLUS_{173C8CEB-B73E-4C38-AF3A-05EA5BB860D4}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.PROPLUS_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{A7CD05CC-CA85-428C-91FD-74A908D126E1}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2880455) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{BCF1F149-B9D9-49D9-B829-FCDA37F7FF0C}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2880455) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0407-0000-0000000FF1CE}_Office15.PROPLUS_{BCF1F149-B9D9-49D9-B829-FCDA37F7FF0C}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2880455) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0407-0000-0000000FF1CE}_Office15.PROPLUS_{BCF1F149-B9D9-49D9-B829-FCDA37F7FF0C}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2880455) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUS_{BCF1F149-B9D9-49D9-B829-FCDA37F7FF0C}) (Version:  - Microsoft)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
VmciSockets (Version: 9.1.54.1 - VMware, Inc.) Hidden
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 8.0.1.27038 - VMware, Inc)
VMware Workstation (x32 Version: 8.0.1.27038 - VMware, Inc.) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
Wireshark 1.10.5 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.5 - The Wireshark developer community, hxxp://www.wireshark.org)
XING Connector 1.2 (HKLM-x32\...\XING Connector) (Version: 1.2 - XING AG)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2012-05-02 14:45 - 2014-06-11 23:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0E7B7F8E-53D0-470B-B67D-85E54523FD04} - System32\Tasks\Sun Microsystems-Online-Aktualisierungsprogramm => C:\Program Files\Java\jre6\bin\jusched.exe [2012-10-05] (Sun Microsystems, Inc.)
Task: {1292FB3D-4E1F-4CB7-A830-CE6C2B584389} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ******-****** ****** => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2014-04-08] (Microsoft Corporation)
Task: {2DACBF4B-3EDB-4C77-AA25-46CBAF0FADE8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {2EF21452-ABC7-4042-8B5C-AEF15CE8DB5B} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe
Task: {3B8B9F1D-DABE-444A-A8B9-880FED9B1060} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ******-****** ****** => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2014-04-08] (Microsoft Corporation)
Task: {3F1D4E80-19DB-4D22-AF14-6423F387D29F} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2012-05-29] (TuneUp Software)
Task: {4442CA7E-CF63-4F51-A7FA-8A1CC7C129E6} - System32\Tasks\InstallShield Software-Aktualisierungsdienst => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2005-02-17] (InstallShield Software Corporation)
Task: {4ED46889-BD0F-40E7-9C4D-E9268705A898} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => Rundll32.exe url.dll,OpenURL hxxp://go.microsoft.com/fwlink/?LinkID=130646
Task: {715680B2-B0C5-4133-A167-D0CF0CC21F57} - System32\Tasks\task21169382 => C:\Users\******\AppData\Local\Temp\cgs8h1.exe <==== ATTENTION
Task: {7A80B477-6970-4B69-87EE-37B38A0C2DAD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {7DF757C9-ABC9-4BEE-9026-E37BA74D0516} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-11] (Adobe Systems Incorporated)
Task: {873E2C43-4606-4593-BDF9-B3E974AF5495} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRFilter => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SRFilter.exe" /GBSMART6 -kdl
Task: {981ABEBC-5FC7-4117-AA1E-9DF4EEB935E1} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRCreate => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SrCmdCLR.exe" -c 1
Task: {98900681-B0E4-4EE3-9C77-10BC24FD4E78} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-17] (Google Inc.)
Task: {9F9BFA24-8610-480D-B484-31214F204E7C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-17] (Google Inc.)
Task: {A29344A6-5770-4F92-892D-F65AA20E2B11} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {BA788D52-7855-411A-BAC2-A903471115D2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C4BF34A6-7E73-465D-93DA-ECA7B7639828} - System32\Tasks\InstallShield Software-Online-Aktualisierungsprogramm => c:\Program Files (x86)\Common Files\InstallShield\UpdateService\isuspm.exe [2005-02-17] (InstallShield Software Corporation)
Task: {D3F7D2DC-94AF-463D-A599-693D2C1A8B69} - System32\Tasks\{AE65A8D8-F601-46AE-9FD7-BF5365601039} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {D95E3CE4-DA82-4621-9918-3C98D6DE192A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-09-18 09:28 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-06-03 11:43 - 2012-12-06 13:09 - 00136704 _____ () C:\Windows\System32\ZLHP1600.DLL
2012-05-07 14:09 - 2010-06-17 21:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2011-02-13 13:07 - 2009-06-17 17:13 - 00068136 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
2013-03-24 00:42 - 2013-03-24 00:42 - 00222544 _____ () C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\WOSVSSSvr.exe
2014-02-21 21:59 - 2014-02-21 21:59 - 00342608 _____ () C:\Program Files (x86)\SplitView 2014\SplatX64.dll
2014-02-21 21:59 - 2014-02-21 21:59 - 00311888 _____ () C:\Program Files (x86)\SplitView 2014\SplitScr.exe
2014-02-21 21:59 - 2014-02-21 21:59 - 00285776 _____ () C:\Program Files (x86)\SplitView 2014\SplitScrX64.exe
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-04-20 15:15 - 2007-05-31 08:38 - 00167936 _____ () C:\Windows\SysWOW64\SerialXP.dll
2011-02-13 13:07 - 2009-05-04 18:56 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\ycc.dll
2013-03-24 00:32 - 2013-03-24 00:32 - 00293200 _____ () C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\sqlite3.dll
2013-03-24 00:32 - 2013-03-24 00:32 - 00080208 _____ () C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\zlib125.dll
2013-03-24 00:32 - 2013-03-24 00:32 - 00015696 _____ () C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\WOSMui.dll
2011-11-10 18:03 - 2009-10-06 15:36 - 00205312 _____ () C:\Program Files (x86)\StarMoney Business 4.0\ouservice\PATCHW32.dll
2013-02-05 09:38 - 2011-01-13 12:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney Business 5.0 S-Edition\ouservice\PATCHW32.dll
2011-02-13 12:55 - 2009-10-02 14:18 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2011-11-13 23:43 - 2011-11-13 23:43 - 01222656 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2014-02-21 21:59 - 2014-02-21 21:59 - 00319056 _____ () C:\Program Files (x86)\SplitView 2014\Splat.dll
2011-06-28 02:45 - 2011-06-28 02:45 - 11204400 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll
2011-02-21 19:05 - 2004-07-26 18:11 - 00028672 ____N () C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-06-11 16:39 - 2014-06-11 16:39 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^Users^******^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^VServer - Verknüpfung.lnk => C:\Windows\pss\VServer - Verknüpfung.lnk.Startup
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe Acrobat Synchronizer => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCU => "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
MSCONFIG\startupreg: LexwareInfoService => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: SAOB Monitor => C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: vmware-tray => "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
MSCONFIG\startupreg: Wevivo => C:\Users\******\AppData\Roaming\Ryoraf\usiv.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/12/2014 05:44:05 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.


Vorgang:
  Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
  Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
  Schattenkopien abfragen

Kontext:
  Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
  Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
  Snapshotkontext: 13
  Snapshotkontext: 13
  Ausführungskontext: Coordinator

Error: (06/12/2014 05:44:05 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
  Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
  Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
  Schattenkopien abfragen

Kontext:
  Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
  Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
  Snapshotkontext: 13
  Snapshotkontext: 13
  Ausführungskontext: Coordinator


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (06/12/2014 05:44:05 PM) (Source: VSS) (EventID: 12292) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
  Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
  Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
  Schattenkopien abfragen

Kontext:
  Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
  Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
  Snapshotkontext: 13
  Snapshotkontext: 13
  Ausführungskontext: Coordinator

Error: (06/12/2014 05:44:05 PM) (Source: VSS) (EventID: 13) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
  Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
  Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
  Schattenkopien abfragen

Kontext:
  Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
  Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
  Snapshotkontext: 13
  Snapshotkontext: 13
  Ausführungskontext: Coordinator


CodeIntegrity Errors:
===================================
  Date: 2014-06-12 16:55:09.565
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-12 16:34:38.802
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-12 16:02:18.814
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-12 15:35:46.670
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-12 15:18:58.175
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-12 15:01:03.905
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-12 14:44:00.010
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-12 14:22:59.634
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-12 13:08:15.406
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-12 12:54:11.172
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 16343.48 MB
Available physical RAM: 13315.52 MB
Total Pagefile: 32685.15 MB
Available Pagefile: 29500.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:176.6 GB) (Free:14.3 GB) NTFS
Drive d: () (Fixed) (Total:289.06 GB) (Free:254.57 GB) NTFS
Drive f: (CALA_Serverfestplatte) (Fixed) (Total:931.51 GB) (Free:6.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: FB26582B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=177 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=289 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 932 GB) (Disk ID: EFFFF7C4)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================
So, Aufgabenliste abgearbeitet. :)

cosinus 13.06.2014 10:23
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
GroupPolicyUsers\S-1-5-21-2715938741-4103475793-2943915029-1040\User: Group Policy restriction detected <======= ATTENTION
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-01-12] () [File not signed]
C:\Windows\SysWOW64\srvany.exe
c:\windows\system32\srvany.exe
C:\found.001

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


datekk 13.06.2014 11:32
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-06-2014 01
Ran by SYSADMIN at 2014-06-13 11:39:24 Run:1
Running from C:\Users\ADMIN\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicyUsers\S-1-5-21-2715938741-4103475793-2943915029-1040\User: Group Policy restriction detected <======= ATTENTION
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-01-12] () [File not signed]
C:\Windows\SysWOW64\srvany.exe
c:\windows\system32\srvany.exe
C:\found.001
       
*****************

C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2715938741-4103475793-2943915029-1040\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
KMService => Service deleted successfully.
C:\Windows\SysWOW64\srvany.exe => Moved successfully.
"c:\windows\system32\srvany.exe" => File/Directory not found.
C:\found.001 => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====

cosinus 13.06.2014 13:21
Okay, dann jetzt Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


datekk 13.06.2014 18:59
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 13.06.2014
Suchlauf-Zeit: 14:44:19
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.06.13.05
Rootkit Datenbank: v2014.06.02.01
Lizenz: Premium
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: SYSADMIN

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 716639
Verstrichene Zeit: 18 Min, 56 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 2
PUP.Optional.Softonic.A, HKU\S-1-5-21-2715938741-4103475793-2943915029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [b346ea8d3348a1952f161b93e1219c64],
PUP.Optional.Softonic.A, HKU\S-1-5-21-2715938741-4103475793-2943915029-1040-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [c930afc891ea81b5b4917737907254ac],

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 2
PUP.Optional.Conduit.A, HKU\S-1-5-21-2715938741-4103475793-2943915029-1047-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://search.conduit.com/?SearchSource=10&ctid=CT2736476, Gut: (hxxp://www.google.com), Schlecht: (hxxp://search.conduit.com/?SearchSource=10&ctid=CT2736476),Ersetzt,[c2375225ed8e1b1be7fcf5760ef62ad6]
PUM.Hijack.StartMenu, HKU\S-1-5-21-2715938741-4103475793-2943915029-1053-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowMyComputer, 0, Gut: (1), Schlecht: (0),Ersetzt,[9a5f3b3c1e5d7cbac7ef86eb62a253ad]

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=30c9d295f89ebf4c834bae35ce066d2d
# engine=18705
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-13 05:47:32
# local_time=2014-06-13 07:47:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 5359628 25662046 0 0
# scanned=420127
# found=23
# cleaned=0
# scan_time=11144
sh=FDB54C10C8D089089B7F15B6C3D648104BDB2B47 ft=1 fh=2a54c5f257844841 vn="Variante von Win32/BitCoinMiner.BJ potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Bitcoin\bitcoin-qt.exe"
sh=5E98A0ED1F0CECFE781677EA8016111B7742233E ft=1 fh=cadaaf2da9285186 vn="Variante von Win32/BitCoinMiner.BJ potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Bitcoin\daemon\bitcoind.exe"
sh=BFFA2AEDB5F7966D97F6862B518C5866C76AA2CA ft=1 fh=350403531d578b18 vn="Variante von Win32/RemoteAdmin.RemoteExec.AA potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\SIW\siw.exe"
sh=594C2C887642D6CD71CC1560FCB0517D08B57C74 ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen Virus" ac=I fn="C:\Users\*****\AppData\Local\Mozilla\Firefox\Profiles\6e2nzqq7.default\Cache\0\AF\0AA56d01"
sh=54B3CE6E49A37C6778BD8A00DC449A51887581EC ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen Virus" ac=I fn="C:\Users\****\AppData\Local\Mozilla\Firefox\Profiles\6e2nzqq7.default\Cache\7\37\3823Ed01"
sh=8F6388E123E68BF05C6F9BA3336BBBEC2253BA67 ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen Virus" ac=I fn="C:\Users\****\AppData\Local\Mozilla\Firefox\Profiles\6e2nzqq7.default\Cache\7\6D\67802d01"
sh=2D11EFC53D1E29E276137400D7AE894631FC142E ft=0 fh=0000000000000000 vn="Variante von Java/JShrink.A potenziell unsichere Anwendung" ac=I fn="C:\Users\*****ski\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\4b87730a-2be10465"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\P*****en\AppData\LocalLow\Freeware.de\ldrtbFree.dll"
sh=42C28E041EA5F8B06D4857E8E6FCA75ABD4BCF2F ft=1 fh=b55fe72874790c5f vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\P****n\AppData\LocalLow\Freeware.de\tbFre1.dll"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****n\AppData\LocalLow\Freeware.de\tbFree.dll"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\AppData\LocalLow\Freeware.de\ldrtbFree.dll"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\AppData\LocalLow\Freeware.de\tbFree.dll"
sh=827F97A7EE6FF923D692CA6F9D089BCE9D29FD6C ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.Agent.OBF Trojaner" ac=I fn="C:\Users\Th****s\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\777d252f-2449d3fb"
sh=35BB94C733A88EC98AFE0E411E6D2231DCBFCF31 ft=1 fh=d5ebefa6e57f7b67 vn="Variante von Win32/BitCoinMiner.AF potenziell unsichere Anwendung" ac=I fn="C:\Users\T****s\Desktop\50Miner\Miners\Cgminer\cgminer-nogpu.exe"
sh=596736B2B950813E2E6745B985CFE6D556330DA2 ft=1 fh=e174d87b6e9801ed vn="Variante von Win32/BitCoinMiner.AF potenziell unsichere Anwendung" ac=I fn="C:\Users\Th****s\Desktop\50Miner\Miners\Cgminer\cgminer.exe"
sh=C6ECB5C1447C57FC0BE4C69C4F300FB9FB41ADF0 ft=1 fh=c9f6b45ef331d56c vn="Variante von Win32/BitCoinMiner.BJ potenziell unsichere Anwendung" ac=I fn="C:\Users\Thomas\Downloads\bitcoin-0.8.5-win32-setup.exe"
sh=686FFA84B518F63667B17939C4F8B475226C06C6 ft=1 fh=ef34117524fb94cb vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Thomas\Downloads\cbsidlm-cbsi176-Gladinet_Cloud_Desktop_Starter_Edition_64bit-BP-10907413.exe"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ApnIC[1].0"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[1].0"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ApnIC[1].0"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ApnIC[1].0"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[1].0"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ApnIC[1].0"

cosinus 13.06.2014 19:53
Zitat:
C:\Program Files (x86)\Bitcoin\bitcoin-qt.exe
C:\Program Files (x86)\Bitcoin\daemon\bitcoind.exe
C:\Users\T****s\Desktop\50Miner\Miners\Cgminer\cgminer-nogpu.exe
C:\Users\Th****s\Desktop\50Miner\Miners\Cgminer\cgminer.exe
C:\Users\Thomas\Downloads\bitcoin-0.8.5-win32-setup.exe
Was machst du mit Bitcoinf aufm Rechner :wtf: :balla: ist das echt gewollt?

Zitat:
C:\Program Files (x86)\SIW\siw.exe"
SIW ist ebenfalls gewollt?

datekk 13.06.2014 21:09
Also Bitcoin hatte ich tatsächlich mal drauf, SIW hingegen sagt mir nix. Beides kann weg.

cosinus 13.06.2014 21:13
Dann deinstallieren! :D

datekk 14.06.2014 09:53
So, deinstalliert bzw. gelöscht. :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:51 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58