Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Avira wird von Gruppenrichtlinie geblockt (https://www.trojaner-board.de/155016-avira-gruppenrichtlinie-geblockt.html)

jean-pauli 10.06.2014 15:44
Avira wird von Gruppenrichtlinie geblockt
 
Hallo Zusammen.
Ich habe mir leider auch einen Fiesling eingefangen und brauche Hilfe.
FRST64 habe ich mir heruntergeladen und hänge die Logfiles an. Vielen Dank schon mal im Voraus.

FRST.txt:

Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-06-2014
Ran by switte (administrator) on SARDELLE on 10-06-2014 16:06:42
Running from C:\Installs
Platform: Windows 7 Professional (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\stacsv64.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\app\Quest Software\Benchmark Factory for Databases\Repository\MySQL\bin\mysqld-max-nt.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
() C:\app\switte\OpenVPN_214\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe
(Stoic Joker's Network) C:\Installs\T-Clock 2010 (build X - Release to DC)\x64\Clock.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
() C:\Program Files (x86)\Assmann\USB Device Server\Control Center.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
() C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\Ntrtscan.exe
() C:\app\switte\oracle\product\11.1.64\BIN\TNSLSNR.EXE
(Oracle Corporation) C:\app\switte\oracle\product\11.1.64\BIN\oracle.exe
() C:\app\switte\oracle\product\11.1.64\BIN\oravssw.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmListen.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmPfw.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Ghisler Software GmbH) C:\Program Files\totalcmd\TOTALCMD.EXE
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1894696 2010-01-08] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-04-07] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [4119920 2010-01-15] (Dell Inc.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896 2009-07-22] ()
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [16416360 2010-05-25] (NVIDIA Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-10-09] (Dell Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [DpAgent] => C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [842816 2009-05-13] (DigitalPersona, Inc.)
HKLM-x32\...\Run: [RemoteControl9] => c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-14] (CyberLink Corp.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [147456 2005-05-27] (shbox.de)
HKLM-x32\...\Run: [openvpn-gui] => C:\app\switte\openVPN_214\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe [265216 2010-05-07] ()
HKLM-x32\...\Run: [vmware-tray] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [103536 2011-11-14] (VMware, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [KCodes UDS Control Center] => C:\Program Files (x86)\Assmann\USB Device Server\Control Center.exe [4910592 2011-05-30] ()
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [OfficeScanNT Monitor] => c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe [1705296 2010-06-25] (Trend Micro Inc.)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
AppInit_DLLs: acaptuser64.dll => C:\Windows\system32\acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)
AppInit_DLLs-x32: acaptuser32.dll => "acaptuser32.dll" File Not Found
Lsa: [Notification Packages] scecli DPPWDFLT
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\switte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\switte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stoic Joker's T-Clock 2010 x64.lnk
ShortcutTarget: Stoic Joker's T-Clock 2010 x64.lnk -> C:\Installs\T-Clock 2010 (build X - Release to DC)\x64\Clock.exe (Stoic Joker's Network)

==================== Internet (Whitelisted) ====================

ProxyServer: 172.16.2.23:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - (No Name) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {9355D0D8-4BF8-4806-9920-403C40F0731F} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=8EDD00FFF93FFD17&affID=119776&tsp=4983
SearchScopes: HKCU - {434883DB-E43C-4C66-BF09-FDAD12DB7BDD} URL =
SearchScopes: HKCU - {9355D0D8-4BF8-4806-9920-403C40F0731F} URL =
SearchScopes: HKCU - {9B496D30-8494-4736-836C-0733B2FA463F} URL = hxxp://de.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20140522,20250,0,GC34,6477
BHO: Plus-HD-2.2 - {11111111-1111-1111-1111-110311301136} - C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bho64.dll No File
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
BHO: DigitalPersona Fingerprint Software Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: DigitalPersona Fingerprint Software Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\app\Quest Software\Toad for Oracle\RNetPin.dll ()
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (Trend Micro Inc.)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.4.36.104 10.4.36.100
Tcpip\..\Interfaces\{6F492E79-597B-42E2-BB2C-979E0743CB83}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{DC0F0ABD-B6BC-49A6-9F0E-549159AD00A8}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\app\switte\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\app\switte\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @MagellanGPS.com/CommunicationPlugin - C:\Program Files (x86)\Magellan\Magellan Communicator\npMgnPlg.dll (Magellan Navigation, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=3 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=9 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\switte\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\switte\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\switte\AppData\Roaming\mozilla\plugins\npMeetingJoinPluginAOCUser.dll ()
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ []
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF Extension: Trend Micro NSC Firefox Extension - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2010-10-09]
FF HKLM-x32\...\Firefox\Extensions: [fe_9.0@nokia.com] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0
FF Extension: Firefox Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012-05-24]
FF HKLM-x32\...\Thunderbird\Extensions: [te_9.0@nokia.com] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012-05-24]
FF HKCU\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2010-10-09]

Chrome:
=======
CHR HomePage: hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=8EDD00FFF93FFD17&affID=119776&tsp=4983
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\switte\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\switte\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\switte\AppData\Local\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Picasa) - C:\app\switte\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll No File
CHR Extension: (Instant Retro) - C:\Users\switte\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlahmeejnbkdnjnckboeglpfmjbfmopp [2011-09-16]
CHR Extension: (Google Wallet) - C:\Users\switte\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-08-26]
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2013-08-26]
CHR StartMenuInternet: Google Chrome - C:\Users\switte\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 BMFMySQL; C:\app\Quest Software\Benchmark Factory for Databases\Repository\MySQL\bin\mysqld-max-nt.exe [4431872 2005-10-23] () [File not signed]
R2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed]
S3 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]
R2 DpHost; C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe [322624 2009-05-13] (DigitalPersona, Inc.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2012-10-12] (Macrovision Europe Ltd.) [File not signed]
R2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [59904 2009-11-30] () [File not signed]
R2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2152152 2011-10-28] (Lavasoft Limited)
R2 ntrtscan; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe [1835912 2010-06-22] (Trend Micro Inc.)
S3 OpenVPNService; C:\app\switte\openVPN_214\Astaro\Astaro SSL VPN Client\bin\openvpnserv.exe [39936 2010-05-07] () [File not signed]
S2 OracleDBConsoleIDGMBH; c:\app\switte\oracle\product\11.1.64\bin\nmesrvc.exe [25600 2007-09-13] (Oracle Corporation) [File not signed]
S3 OracleDEFAULT_HOMEClientCache; C:\oracle\ora81\BIN\ONRSD.EXE [411244 2000-10-19] () [File not signed]
S4 OracleJobSchedulerIDGMBH; c:\app\switte\oracle\product\11.1.64\Bin\extjob.exe [102400 2007-10-03] () [File not signed]
R2 OracleOraDb11g_home2TNSListener; c:\app\switte\oracle\product\11.1.64\ [0 ] () [File not signed]
R2 OracleServiceIDGMBH; c:\app\switte\oracle\product\11.1.64\bin\ORACLE.EXE [89702400 2007-10-03] (Oracle Corporation) [File not signed]
R2 OracleVssWriterIDGMBH; c:\app\switte\oracle\product\11.1.64\bin\OraVSSW.exe [163840 2007-10-03] () [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2013-06-27] (Enigma Software Group USA, LLC.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\STacSV64.exe [247808 2010-04-07] (IDT, Inc.)
R2 svcGenericHost; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [45056 2010-07-05] (Trend Micro Inc.) [File not signed]
R2 tmlisten; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe [2057096 2010-06-22] (Trend Micro Inc.)
R3 TmPfw; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [595960 2009-07-16] (Trend Micro Inc.)
R3 TmProxy; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [917768 2009-07-16] (Trend Micro Inc.)
R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [79872 2011-11-13] (VMware, Inc.) [File not signed]
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [11839488 2011-11-13] () [File not signed]
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-10-09] (Dell Inc.) [File not signed]
S2 OpenVPNAccessClient; C:\app\switte\OpenVPN\core\capiws.exe [X]
S3 Oracle8iClientCache; c:\app\switte\oracle\product\BIN\ONRSD.EXE [X]
S2 OracleMTSRecoveryService; c:\app\switte\oracle\product\11.1.0\bin\omtsreco.exe "OracleMTSRecoveryService" [X]

==================== Drivers (Whitelisted) ====================

R3 AssmannUDSMBus; C:\Windows\SysWow64\Drivers\AssmannUDSMBus.sys [100448 2011-05-06] (Windows (R) Codename Longhorn DDK provider)
S3 AssmannUDSTcpBus; C:\Windows\SysWow64\Drivers\AssmannUDSTcpBus.sys [165472 2011-05-06] (Windows (R) Codename Longhorn DDK provider)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20552 2010-09-06] (Devguru Co., Ltd)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2014-06-05] (GFI Software)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-10-28] (Lavasoft AB)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [9856 2010-12-02] (Padus, Inc.) [File not signed]
S3 tap0801; C:\Windows\System32\DRIVERS\tap0801.sys [30720 2005-04-13] (The OpenVPN Project) [File not signed]
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-08-03] (The OpenVPN Project)
R2 TmFilter; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [265744 2010-05-11] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [200720 2009-07-16] (Trend Micro Inc.)
R2 TmPreFilter; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [42000 2010-05-11] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2009-07-16] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [339984 2009-07-16] (Trend Micro Inc.)
R2 VSApiNt; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys [2007056 2010-05-11] (Trend Micro Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-10 16:00 - 2014-06-10 16:06 - 00000000 ____D () C:\FRST
2014-06-10 15:50 - 2014-06-10 15:50 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_10_15_50_47.dmp
2014-06-10 15:49 - 2014-06-10 15:49 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2014-06-10 15:46 - 2014-06-10 15:46 - 00158176 _____ () C:\Users\switte\Downloads\College_downloader_by_Ffonts.exe.CRYPT
2014-06-05 09:20 - 2014-06-10 16:04 - 00003620 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2014-06-05 09:20 - 2014-06-05 09:20 - 00001062 _____ () C:\Users\Public\Desktop\Ad-Aware.lnk
2014-06-05 09:20 - 2014-06-05 09:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-06-05 09:20 - 2014-06-05 09:20 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-06-05 09:20 - 2014-06-05 09:20 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-06-05 09:20 - 2011-10-28 19:35 - 00069376 _____ (Lavasoft AB) C:\Windows\system32\Drivers\Lbd.sys
2014-06-05 09:05 - 2014-06-05 09:06 - 00020572 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_5_9_5_59.dmp
2014-06-05 09:01 - 2014-06-05 09:01 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_5_9_1_32.dmp
2014-06-05 09:00 - 2014-06-05 09:02 - 00000000 ____D () C:\Users\Installs\AppData\Local\Temp
2014-06-05 09:00 - 2014-06-05 09:02 - 00000000 ____D () C:\Users\Installs
2014-06-05 09:00 - 2014-06-05 09:00 - 00000020 ___SH () C:\Users\Installs\ntuser.ini
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Vorlagen
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Startmenü
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Netzwerkumgebung
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Lokale Einstellungen
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Eigene Dateien
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Druckumgebung
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Documents\Eigene Musik
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Documents\Eigene Bilder
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\AppData\Local\Verlauf
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\AppData\Local\Anwendungsdaten
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Anwendungsdaten
2014-06-05 09:00 - 2013-04-12 16:49 - 00000000 ____D () C:\Users\Installs\Documents\Visual Studio 2010
2014-06-05 09:00 - 2013-04-12 16:46 - 00000000 ____D () C:\Users\Installs\AppData\Local\Microsoft Help
2014-06-05 09:00 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Installs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-05 09:00 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Installs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-04 19:37 - 2014-06-04 19:37 - 00000000 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_19_37_8.dmp
2014-06-04 10:24 - 2014-06-04 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-06-04 09:38 - 2014-06-04 09:38 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_9_38_5.dmp
2014-06-04 08:50 - 2014-06-04 08:50 - 00020572 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_8_50_29.dmp
2014-06-04 08:40 - 2014-06-04 08:40 - 00020474 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_8_40_3.dmp
2014-06-04 08:21 - 2014-06-04 08:21 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_8_21_31.dmp
2014-06-03 16:45 - 2014-06-05 09:13 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe
2014-06-03 16:45 - 2014-06-03 16:45 - 00000000 ____D () C:\Users\switte\AppData\Roaming\Ad-Aware Antivirus
2014-06-03 16:36 - 2014-06-03 16:36 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_3_16_36_54.dmp
2014-06-03 12:50 - 2014-06-03 12:51 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_3_12_50_59.dmp
2014-06-03 10:03 - 2014-06-03 10:03 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_3_10_3_19.dmp
2014-05-27 14:28 - 2014-05-27 14:48 - 00000000 ____D () C:\Users\switte\AppData\Roaming\ICAClient
2014-05-27 14:28 - 2014-05-27 14:28 - 01356664 _____ () C:\Windows\system32\SearchDonkey.E3E38E2B3C8C.2.6.80.dll
2014-05-27 14:28 - 2014-05-27 14:28 - 00000000 ____D () C:\Users\switte\AppData\Local\Citrix
2014-05-27 14:28 - 2014-05-27 14:28 - 00000000 ____D () C:\ProgramData\Citrix
2014-05-27 14:28 - 2014-05-27 14:28 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-05-27 14:23 - 2014-05-27 14:23 - 01161080 _____ () C:\Windows\SysWOW64\SearchDonkey.E3E38E2B3C8C.2.6.80.dll
2014-05-27 14:19 - 2010-03-15 12:31 - 00165376 _____ () C:\Windows\SysWOW64\unrar.dll
2014-05-27 14:18 - 2014-05-27 14:18 - 00000000 ____D () C:\ProgramData\Registry Helper
2014-05-27 14:17 - 2014-05-27 15:28 - 00000000 ____D () C:\ProgramData\SearchDonkey
2014-05-27 14:13 - 2014-05-27 14:13 - 00001918 _____ () C:\Users\switte\Downloads\launch.ica
2014-05-26 08:58 - 2014-05-26 08:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
2014-05-26 08:55 - 2014-05-26 08:55 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_26_8_55_51.dmp
2014-05-22 08:56 - 2014-05-22 08:56 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_22_8_56_14.dmp
2014-05-20 12:50 - 2014-05-20 12:50 - 00000000 ____D () C:\Program Files\7-Zip
2014-05-20 10:49 - 2014-05-20 10:49 - 00000018 _____ () C:\Users\switte\Desktop\testtest.wzip.txt
2014-05-20 09:38 - 2014-05-20 09:38 - 00001674 _____ () C:\Users\Public\Desktop\ProLeiS3_TEST.lnk
2014-05-20 09:36 - 2014-05-21 12:31 - 00000000 ____D () C:\ProLeiS3
2014-05-20 09:36 - 2014-05-20 09:37 - 00000000 ____D () C:\ProLeiS3_TEST
2014-05-20 09:15 - 2014-05-20 09:15 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_20_9_15_36.dmp
2014-05-15 15:15 - 2014-05-15 15:15 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_15_15_15_4.dmp
2014-05-13 09:38 - 2014-05-13 09:38 - 00020572 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_13_9_38_35.dmp

==================== One Month Modified Files and Folders =======

2014-06-10 16:06 - 2014-06-10 16:00 - 00000000 ____D () C:\FRST
2014-06-10 16:06 - 2010-10-14 14:15 - 00000000 ____D () C:\Installs
2014-06-10 16:06 - 2010-10-14 13:50 - 00000000 ____D () C:\Users\switte\AppData\Local\Temp
2014-06-10 16:04 - 2014-06-05 09:20 - 00003620 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2014-06-10 16:04 - 2012-01-11 10:41 - 00000064 _____ () C:\Windows\SysWOW64\rp_stats.dat
2014-06-10 16:04 - 2012-01-11 10:41 - 00000044 _____ () C:\Windows\SysWOW64\rp_rules.dat
2014-06-10 16:00 - 2009-07-14 06:45 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-10 16:00 - 2009-07-14 06:45 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-10 15:54 - 2010-10-14 21:05 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1090607797-461681864-3531138898-1001UA.job
2014-06-10 15:52 - 2010-10-09 02:04 - 00000031 _____ () C:\tmuninst.ini
2014-06-10 15:50 - 2014-06-10 15:50 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_10_15_50_47.dmp
2014-06-10 15:50 - 2010-11-22 12:53 - 00000000 ____D () C:\ProgramData\VMware
2014-06-10 15:49 - 2014-06-10 15:49 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2014-06-10 15:49 - 2013-08-23 11:55 - 00001904 _____ () C:\Windows\Tasks\Plus-HD-2.2-chromeinstaller.job
2014-06-10 15:49 - 2013-08-23 11:55 - 00001828 _____ () C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job
2014-06-10 15:49 - 2013-08-23 11:55 - 00001292 _____ () C:\Windows\Tasks\Plus-HD-2.2-updater.job
2014-06-10 15:49 - 2013-08-23 11:55 - 00001196 _____ () C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job
2014-06-10 15:49 - 2013-08-23 11:55 - 00001096 _____ () C:\Windows\Tasks\Plus-HD-2.2-enabler.job
2014-06-10 15:49 - 2010-10-25 13:33 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-10 15:49 - 2010-10-25 13:00 - 00000000 ____D () C:\Users\switte\AppData\Local\TSVNCache
2014-06-10 15:48 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-10 15:48 - 2009-07-14 06:51 - 00126413 _____ () C:\Windows\setupact.log
2014-06-10 15:46 - 2014-06-10 15:46 - 00158176 _____ () C:\Users\switte\Downloads\College_downloader_by_Ffonts.exe.CRYPT
2014-06-10 15:46 - 2012-08-28 11:07 - 00000000 _____ () C:\Users\switte\Downloads\College_downloader_by_Ffonts.exe
2014-06-05 09:42 - 2009-07-14 07:10 - 02025221 _____ () C:\Windows\WindowsUpdate.log
2014-06-05 09:20 - 2014-06-05 09:20 - 00001062 _____ () C:\Users\Public\Desktop\Ad-Aware.lnk
2014-06-05 09:20 - 2014-06-05 09:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-06-05 09:20 - 2014-06-05 09:20 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-06-05 09:20 - 2014-06-05 09:20 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-06-05 09:13 - 2014-06-03 16:45 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe
2014-06-05 09:13 - 2013-08-23 12:27 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2014-06-05 09:06 - 2014-06-05 09:05 - 00020572 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_5_9_5_59.dmp
2014-06-05 09:02 - 2014-06-05 09:00 - 00000000 ____D () C:\Users\Installs\AppData\Local\Temp
2014-06-05 09:02 - 2014-06-05 09:00 - 00000000 ____D () C:\Users\Installs
2014-06-05 09:01 - 2014-06-05 09:01 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_5_9_1_32.dmp
2014-06-05 09:00 - 2014-06-05 09:00 - 00000020 ___SH () C:\Users\Installs\ntuser.ini
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Vorlagen
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Startmenü
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Netzwerkumgebung
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Lokale Einstellungen
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Eigene Dateien
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Druckumgebung
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Documents\Eigene Musik
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Documents\Eigene Bilder
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\AppData\Local\Verlauf
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\AppData\Local\Anwendungsdaten
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Anwendungsdaten
2014-06-05 08:51 - 2010-10-25 13:33 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-04 19:37 - 2014-06-04 19:37 - 00000000 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_19_37_8.dmp
2014-06-04 19:34 - 2010-10-08 18:34 - 00822200 _____ () C:\Windows\PFRO.log
2014-06-04 13:53 - 2010-10-14 21:05 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1090607797-461681864-3531138898-1001Core.job
2014-06-04 13:51 - 2010-10-20 12:08 - 00000000 ____D () C:\TEMP
2014-06-04 11:18 - 2010-11-02 15:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-04 11:18 - 2010-10-20 09:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-06-04 11:04 - 2013-08-23 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft Ad-Aware SE Personal
2014-06-04 10:31 - 2010-10-14 13:51 - 00000000 ____D () C:\Users\switte\AppData\Local\VirtualStore
2014-06-04 10:24 - 2014-06-04 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-06-04 10:24 - 2013-08-23 13:47 - 00002068 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-06-04 09:38 - 2014-06-04 09:38 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_9_38_5.dmp
2014-06-04 09:07 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-04 08:50 - 2014-06-04 08:50 - 00020572 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_8_50_29.dmp
2014-06-04 08:40 - 2014-06-04 08:40 - 00020474 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_8_40_3.dmp
2014-06-04 08:21 - 2014-06-04 08:21 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_8_21_31.dmp
2014-06-04 08:18 - 2013-08-23 11:55 - 00000000 ____D () C:\Program Files (x86)\Plus-HD-2.2
2014-06-03 16:45 - 2014-06-03 16:45 - 00000000 ____D () C:\Users\switte\AppData\Roaming\Ad-Aware Antivirus
2014-06-03 16:45 - 2013-08-23 12:30 - 00000000 ____D () C:\Users\switte\AppData\Roaming\LavasoftStatistics
2014-06-03 16:41 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-03 16:40 - 2011-05-10 16:37 - 00000179 _____ () C:\Windows\fileinfo.ini
2014-06-03 16:36 - 2014-06-03 16:36 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_3_16_36_54.dmp
2014-06-03 13:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-03 12:58 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-06-03 12:51 - 2014-06-03 12:50 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_3_12_50_59.dmp
2014-06-03 12:46 - 2010-11-22 12:57 - 00000000 ____D () C:\Users\switte\AppData\Roaming\VMware
2014-06-03 12:46 - 2010-11-22 12:57 - 00000000 ____D () C:\Users\switte\AppData\Local\VMware
2014-06-03 11:18 - 2011-01-14 16:09 - 00000033 _____ () C:\Windows\unicon.ini
2014-06-03 10:03 - 2014-06-03 10:03 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_3_10_3_19.dmp
2014-06-02 17:54 - 2010-10-09 02:06 - 00003438 _____ () C:\Windows\TMFilter.log
2014-06-02 14:24 - 2010-11-11 10:18 - 00002064 ____H () C:\Users\switte\Documents\Default.rdp
2014-06-02 14:22 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-05-28 15:12 - 2010-10-14 20:57 - 00000000 ____D () C:\tauschen
2014-05-27 15:29 - 2013-07-22 11:46 - 00000000 ____D () C:\Program Files (x86)\DealPly
2014-05-27 15:28 - 2014-05-27 14:17 - 00000000 ____D () C:\ProgramData\SearchDonkey
2014-05-27 14:48 - 2014-05-27 14:28 - 00000000 ____D () C:\Users\switte\AppData\Roaming\ICAClient
2014-05-27 14:28 - 2014-05-27 14:28 - 01356664 _____ () C:\Windows\system32\SearchDonkey.E3E38E2B3C8C.2.6.80.dll
2014-05-27 14:28 - 2014-05-27 14:28 - 00000000 ____D () C:\Users\switte\AppData\Local\Citrix
2014-05-27 14:28 - 2014-05-27 14:28 - 00000000 ____D () C:\ProgramData\Citrix
2014-05-27 14:28 - 2014-05-27 14:28 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-05-27 14:23 - 2014-05-27 14:23 - 01161080 _____ () C:\Windows\SysWOW64\SearchDonkey.E3E38E2B3C8C.2.6.80.dll
2014-05-27 14:18 - 2014-05-27 14:18 - 00000000 ____D () C:\ProgramData\Registry Helper
2014-05-27 14:13 - 2014-05-27 14:13 - 00001918 _____ () C:\Users\switte\Downloads\launch.ica
2014-05-26 08:58 - 2014-05-26 08:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
2014-05-26 08:55 - 2014-05-26 08:55 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_26_8_55_51.dmp
2014-05-22 16:56 - 2010-10-09 02:04 - 00000000 ____D () C:\ProgramData\Temp
2014-05-22 14:42 - 2010-10-20 09:17 - 00000000 ____D () C:\KUNDEN
2014-05-22 08:56 - 2014-05-22 08:56 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_22_8_56_14.dmp
2014-05-21 12:31 - 2014-05-20 09:36 - 00000000 ____D () C:\ProLeiS3
2014-05-21 08:11 - 2013-03-20 15:46 - 00001639 _____ () C:\Users\Public\Desktop\ProLeiS3.lnk
2014-05-20 17:52 - 2011-01-12 16:28 - 00014837 _____ () C:\Windows\SysWOW64\sqlnet.log
2014-05-20 12:50 - 2014-05-20 12:50 - 00000000 ____D () C:\Program Files\7-Zip
2014-05-20 12:13 - 2009-07-14 19:58 - 00714260 _____ () C:\Windows\system32\perfh007.dat
2014-05-20 12:13 - 2009-07-14 19:58 - 00154056 _____ () C:\Windows\system32\perfc007.dat
2014-05-20 12:13 - 2009-07-14 07:13 - 01659812 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-20 10:49 - 2014-05-20 10:49 - 00000018 _____ () C:\Users\switte\Desktop\testtest.wzip.txt
2014-05-20 09:38 - 2014-05-20 09:38 - 00001674 _____ () C:\Users\Public\Desktop\ProLeiS3_TEST.lnk
2014-05-20 09:37 - 2014-05-20 09:36 - 00000000 ____D () C:\ProLeiS3_TEST
2014-05-20 09:15 - 2014-05-20 09:15 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_20_9_15_36.dmp
2014-05-19 12:29 - 2011-03-22 15:57 - 00000000 ____D () C:\Users\switte\EurekaLog
2014-05-15 15:15 - 2014-05-15 15:15 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_15_15_15_4.dmp
2014-05-15 15:09 - 2013-07-23 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 15:04 - 2010-10-20 10:36 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 10:18 - 2011-04-06 13:53 - 00000000 ____D () C:\IDGmbH
2014-05-13 09:38 - 2014-05-13 09:38 - 00020572 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_13_9_38_35.dmp
2014-05-12 18:01 - 2011-05-18 09:56 - 00000000 ____D () C:\Users\switte\AppData\Roaming\Skype
2014-05-12 08:40 - 2010-10-25 13:33 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-12 08:40 - 2010-10-25 13:33 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\switte\AppData\Local\Temp\15f03156-5b18-4718-9a7d-1f03ae3243a3.exe
C:\Users\switte\AppData\Local\Temp\AskSLib.dll
C:\Users\switte\AppData\Local\Temp\avgnt.exe
C:\Users\switte\AppData\Local\Temp\b19dc7ca-a269-457d-9834-c5687cfbb44d.exe
C:\Users\switte\AppData\Local\Temp\BetterInstaller.exe
C:\Users\switte\AppData\Local\Temp\Del47A5.exe
C:\Users\switte\AppData\Local\Temp\DelayInst.exe
C:\Users\switte\AppData\Local\Temp\FixMyRegistry_20120821.exe
C:\Users\switte\AppData\Local\Temp\GUR6A37.exe
C:\Users\switte\AppData\Local\Temp\hdinst_x64.exe
C:\Users\switte\AppData\Local\Temp\installservice.exe
C:\Users\switte\AppData\Local\Temp\InstHelp.dll
C:\Users\switte\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\switte\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\switte\AppData\Local\Temp\n43fm0n5.dll
C:\Users\switte\AppData\Local\Temp\NEventMessages.dll
C:\Users\switte\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\switte\AppData\Local\Temp\prePatch.exe
C:\Users\switte\AppData\Local\Temp\RunApp.exe
C:\Users\switte\AppData\Local\Temp\s2xcxlcy.dll
C:\Users\switte\AppData\Local\Temp\setup.exe
C:\Users\switte\AppData\Local\Temp\sfamcc00001.dll
C:\Users\switte\AppData\Local\Temp\sfamcc00002.dll
C:\Users\switte\AppData\Local\Temp\sfextra.dll
C:\Users\switte\AppData\Local\Temp\SHSetup.exe
C:\Users\switte\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\switte\AppData\Local\Temp\uninst1.exe
C:\Users\switte\AppData\Local\Temp\Update.exe
C:\Users\switte\AppData\Local\Temp\vpnclient_setup.exe
C:\Users\switte\AppData\Local\Temp\wmpfirefoxplugin.exe
C:\Users\switte\AppData\Local\Temp\WYSIWYG_Web_Builder_7_-_Deutsches_Sprachpaket.exe
C:\Users\switte\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-02 10:49

==================== End Of Log ============================

Adition.txt

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-06-2014
Ran by switte at 2014-06-10 16:07:08
Running from C:\Installs
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Lavasoft Ad-Watch Live! Anti-Virus (Enabled - Up to date) {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Trend Micro Client/Server Security Agent Anti-Spyware (Disabled - Up to date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Lavasoft Ad-Watch Live! (Enabled - Up to date) {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: Trend Micro Personal Firewall (Disabled) {70A91CD9-303D-A217-A80E-6DEE136EDB2B}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Accelerometer (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 1.06.08.33 - STMicroelectronics)
ACDSee 6.0 PowerPack (HKLM-x32\...\{1A20BC22-8F21-4A2A-9F4A-E31FC0E5C7E3}) (Version: 6.0.2 - ACD Systems Ltd.)
Ad-Aware (HKLM-x32\...\{E43196CF-182A-4D9E-9CE7-69616DBEE3B0}) (Version: 9.6.0 - Lavasoft Limited)
Ad-Aware SE Personal (HKLM-x32\...\Ad-Aware SE Personal) (Version:  - Lavasoft)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (x32 Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9 Pro Extended 64-bit Add-On (HKLM\...\{AC76BA86-1033-0000-0064-0003D0000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7761-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin 64-bit (HKLM\...\Adobe Flash Player Plugin 64) (Version: 10.3.162.28 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.6.602.180 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Advanced Installer 9.5 (HKLM-x32\...\{6822D6C3-8056-454D-B40C-80002542877A}) (Version: 9.5 - Caphyon)
AFPL Ghostscript 8.53 (HKLM\...\AFPL Ghostscript 8.53) (Version:  - )
AFPL Ghostscript Fonts (HKLM\...\AFPL Ghostscript Fonts) (Version:  - )
Alternate Pic View 1.418 (HKLM-x32\...\Alternate Pic View_is1) (Version:  - Alternate Tools)
Astaro SSL VPN Client 1.7 (HKLM-x32\...\Astaro SSL VPN Client) (Version: 1.7 - )
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Benchmark Factory for Databases (HKLM-x32\...\InstallShield_{ACC3445D-6354-48AA-A2DD-27958DF3F982}) (Version: 5.5.1.379 - Quest Software)
Benchmark Factory for Databases (x32 Version: 5.5.1.379 - Quest Software) Hidden
CamStudio (HKLM-x32\...\CamStudio) (Version:  - )
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
Citrix Online Plug-in - Web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.1.0.30 - Citrix Systems, Inc.)
Citrix Online Plug-in (DV) (x32 Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Citrix Online Plug-in (HDX) (x32 Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Citrix Online Plug-in (USB) (x32 Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Citrix Online Plug-in (Web) (x32 Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
CodeSite 3.0.1 Client Tools (HKLM-x32\...\CodeSite 3.0.1 Client Tools) (Version: 3.0 - Raize Software, Inc.)
Corel Applications (HKLM-x32\...\Corel Applications) (Version:  - )
CPUID CPU-Z 1.59 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Creative Centrale (HKLM-x32\...\Creative Centrale) (Version: 1.19.02 - Creative Technology Ltd.)
Creative Centrale (x32 Version: 1.19.02 - Creative Technology Ltd.) Hidden
Creative Software Update (x32 Version: 1.03.01 - Creative Technology Ltd.) Hidden
Creative ZEN MX Dokumentation (HKLM-x32\...\ZENMXUG) (Version:  - Creative Technology Ltd.)
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.0.2829 - CyberLink Corp.)
CyberLink PowerDVD 9.5 (x32 Version: 9.5.0.2829 - CyberLink Corp.) Hidden
DAX (HKLM-x32\...\DAX) (Version:  - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version:  - Microsoft)
Dell Backup and Recovery Manager (HKLM\...\{975DFE7C-8E56-45BC-A329-401E6B1F8102}) (Version: 1.3 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 15.0.2.0 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DigitalPersona Personal 4.01 (HKLM\...\{FC09380E-74BE-41F5-8353-E97113969040}) (Version: 4.02.3769 - DigitalPersona, Inc.)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.35 - Dell Inc.)
Exact Audio Copy 0.99pb5 (HKLM-x32\...\Exact Audio Copy) (Version: 0.99pb5 - Andre Wiethoff)
FireArc Arcade (HKLM-x32\...\{8CA9D491-BBEC-4DC7-AC89-1D57640CC8D4}) (Version: 0.3.14 - FireArc.com)
Foto Paradies (HKLM-x32\...\Foto Paradies) (Version:  - )
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: 4.3.0.1110 - Foxit Corporation)
Free YouTube Download version 3.2.5.628 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.5.628 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
FreePDF XP (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
Garmin Communicator Plugin (HKLM-x32\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{AFA301E1-B410-4F1B-B1C0-2E92FDCD94AD}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
GIMP 2.6.10 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.10 - The GIMP Team)
Google Calendar Sync (HKLM-x32\...\Google Calendar Sync) (Version:  - )
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
GPL Ghostscript 8.62 (HKLM\...\GPL Ghostscript 8.62) (Version:  - )
HASP Gerätetreiber (HKLM-x32\...\HASP Gerätetreiber) (Version:  - )
Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Internet Explorer Toolbar 4.6 by SweetPacks (HKLM-x32\...\{774C0434-9948-4DEE-A14E-69CDD316E36C}) (Version: 4.6.0003 - SweetIM Technologies Ltd.) <==== ATTENTION
Java Auto Updater (x32 Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 13 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216013F0}) (Version: 6.0.130 - Sun Microsystems, Inc.)
Java(TM) 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.290 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Knowledge Xpert (HKLM-x32\...\Knowledge Xpert) (Version: 10.0.0.0 - Quest Software)
Knowledge Xpert (x32 Version: 1.0.84 - Quest Software) Hidden
Knowledge Xpert for PLSQL V8.6 (HKLM-x32\...\Knowledge Xpert for PLSQL V8.6) (Version: 8.0 - Quest Software)
KODAK Create@Home Software (für dm) (HKLM-x32\...\{43B8BDF6-13EC-44BE-9EDA-F284C4CA19A6}) (Version: 7.8.1392 - Eastman Kodak Company)
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Logitech Unifying-Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
Magellan Communicator (HKLM-x32\...\InstallShield_{0FD5FD0B-4BA6-47A1-99C3-F8A964C3CCA5}) (Version: 1.15.020 - Magellan Navigation, Inc.)
Magellan Communicator (x32 Version: 1.15.020 - Magellan Navigation, Inc.) Hidden
MakeMsi (HKLM-x32\...\{F000C8AC-F00D-4EE4-923E-D8971B86E6EC}) (Version: 11.0.323.0000 - Dennis Bareis)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Lync 2010 Attendee (HKLM-x32\...\{44228375-A198-489B-B90F-F88A1A78D5F5}) (Version: 4.0.7577.4109 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{E30E7561-A466-4393-B8BF-FD93E733EF3C}) (Version: 8.0.6362.202 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version:  - Microsoft)
Microsoft Office Project 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Project MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Project Professional 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version:  - Microsoft)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Visio MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Facebook 32-bit (HKLM-x32\...\{95140000-007C-0409-0000-0000000FF1CE}) (Version: 14.0.6114.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (x32 Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Miranda IM 0.10.10 (HKLM-x32\...\Miranda IM) (Version: 0.10.10 - Miranda IM Project)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Multifunction Network Server  (HKLM-x32\...\{17DEA3ED-86EA-4D28-849C-20CB030F4963}) (Version: 1.92 - Ihr Firmenname)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
Nokia Connectivity Cable Driver (HKLM-x32\...\{4AA68A73-DB9C-439D-9481-981C82BD008B}) (Version: 7.1.69.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.3.89.0 - Nokia)
Nokia Suite (x32 Version: 3.3.89.0 - Nokia) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.8.7 - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
Nvu 1.0 (HKLM-x32\...\Nvu_is1) (Version: 1.0 - Thorsten Fritz)
Open It! (HKLM-x32\...\OpenIt Open It!) (Version: 1.1.1 - OpenIt)
OpenVPN 2.1.4 (HKLM-x32\...\OpenVPN) (Version: 2.1.4 - )
OpenVPN Client (HKLM-x32\...\{072A5217-8165-4AB7-8366-36CB3245DB60}) (Version: 1.5.6 - OpenVPN Technologies)
OutlookAddInNet3Setup (HKLM-x32\...\{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}) (Version: 1.0.0 - Samsung)
PC Connectivity Solution (HKLM-x32\...\{A2AA4204-C05A-4013-888A-AD153139297F}) (Version: 11.5.29.0 - Nokia)
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
Photomizer (HKLM-x32\...\{A00F8237-F496-44D2-0001-E3CCF8CD58AE}) (Version: 1.0.10.0827 - Engelmann Media GmbH)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plus-HD-2.2 (HKLM-x32\...\Plus-HD-2.2) (Version: 1.28.153.1 - Plus HD) <==== ATTENTION
PokerTH (HKLM-x32\...\PokerTH 1.0.1) (Version: 1.0.1 - www.pokerth.net)
Proleis3 (HKLM-x32\...\{212447CC-9A84-4570-B5E7-8DA6748AF891}) (Version: 1.0.0 - ID GmbH)
Quest Application Integration Tool (HKLM-x32\...\{639DED6D-3C08-4E63-A560-11E317BFD3B6}) (Version: 1.0.5 - Quest Software)
Quest Installer (HKLM-x32\...\Quest Installer) (Version:  - )
Quest Software Toad Data Modeler 3 (HKLM-x32\...\{D7519A32-4784-41B5-83FA-B6067C24B031}) (Version: 3.1.5 - Quest Software, Inc.)
Quest Software Toad for Oracle Version 8.6 (HKLM-x32\...\Quest Software Toad for Oracle Version 8.6) (Version:  - )
Quest SQL Optimizer 7.3 for Oracle (HKLM-x32\...\{FFE5B5D3-DEA8-4EF0-8FE5-56C206EAACEE}) (Version: 7.3.678 - Quest Software)
Quest SQL Tuning for Oracle (HKLM-x32\...\Quest SQL Tuning) (Version: SQL Tuning - Quest Software)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 1.3.3 - Dell Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.42 - Piriform)
RedMon - Druckeranschluß-Umleitungsmonitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Remote Desktop Manager (remove only) (HKLM-x32\...\RemoteDesktopManager) (Version:  - )
Roxio Creator Audio (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE 10.3 (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
Roxio Creator DE 10.3 (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
Sam and Max - Season One - Episode 104 - Abe Lincoln Must Die! (HKLM-x32\...\Episode 104 - Abe Lincoln Must Die!) (Version: 1.1.0.0-free - Telltale Games)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.0.0.11014_49 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.0.0.11014_49 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Schichtplaner 4 (Testversion) (HKLM-x32\...\Schichtplaner 4 (Testversion)_is1) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skat XXL (HKCU\...\Skat XXL) (Version:  - )
Skat24sv (HKLM-x32\...\ST5UNST #1) (Version:  - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sony Mobile Update Service (HKLM-x32\...\Update Service) (Version: 2.12.15.18 - Sony Mobile Communications AB)
Sony PC Companion 2.10.165 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.165 - Sony)
SopCast 3.5.0 (HKLM-x32\...\SopCast) (Version: 3.5.0 - www.sopcast.com)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKCU\...\Spotify) (Version: 0.8.3.222.g317ab79d - Spotify AB)
Spotlight on Oracle (HKLM-x32\...\{DA387D5E-3173-414D-9E1E-A7F248EDDD6A}) (Version: 4.5.2 - Quest Software)
SpyHunter (HKLM\...\{8AE3CFB6-78B2-4F55-A7BE-618FCFF43A03}) (Version: 4.14.5.4268 - Enigma Software Group USA, LLC)
SweetIM for Messenger 3.7 (HKLM-x32\...\{7683B745-6060-41FD-AA75-0BBB383FEAD4}) (Version: 3.7.0005 - SweetIM Technologies Ltd.) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)
TEBIS V3.5 R1 (HKLM-x32\...\{0B594B2A-6397-4855-B6C2-AB7CADCCB4C0}) (Version:  - )
TK-France-Wanderwege (HKLM-x32\...\TK-France-Wanderwege) (Version:  - )
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version:  - Nadeo)
Toad for Oracle (HKLM-x32\...\{0AE70750-326E-4763-947F-ED86CB7BA3AA}) (Version: 9.6 - Quest Software, Inc.)
tools-freebsd (x32 Version: 8.8.1.528992 - VMware, Inc.) Hidden
tools-linux (x32 Version: 8.8.1.528992 - VMware, Inc.) Hidden
tools-netware (x32 Version: 8.8.1.528992 - VMware, Inc.) Hidden
tools-solaris (x32 Version: 8.8.1.528992 - VMware, Inc.) Hidden
tools-windows (x32 Version: 8.8.1.528992 - VMware, Inc.) Hidden
tools-winPre2k (x32 Version: 8.8.1.528992 - VMware, Inc.) Hidden
TortoiseSVN 1.6.12.20536 (32 bit) (HKLM-x32\...\{ACCEB7C3-4F3A-4C43-93CA-644951D08B0D}) (Version: 1.6.20536 - TortoiseSVN)
TortoiseSVN 1.6.12.20536 (64 bit) (HKLM\...\{818AA386-29D5-4DFF-BBB5-3F16133F1409}) (Version: 1.6.20536 - TortoiseSVN)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
Trend Micro Client/Server Security Agent (HKLM-x32\...\{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}) (Version: 3.0.3152 - Trend Micro)
UltraVNC 1.0.6.5 (HKLM\...\Ultravnc2_is1) (Version: 1.0.6.5 - 1.0.6.5)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PRJPRO_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_VISPRO_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update Manager for SweetPacks 1.0 (HKLM-x32\...\{FB697452-8CA4-46B4-98B1-165C922A2EF3}) (Version: 1.0.0005 - SweetIM Technologies Ltd.) <==== ATTENTION
Validity Sensors DDK (HKLM\...\{661DD62F-D0F2-4573-902B-DBCAAD8229AF}) (Version: 3.1.379 - Validity Sensors, Inc.)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VmciSockets (Version: 9.1.54.1 - VMware, Inc.) Hidden
VMware Player (HKLM-x32\...\VMware_Player) (Version: 3.1.3.14951 - VMware, Inc)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 8.0.1.27038 - VMware, Inc)
VMware Workstation (x32 Version: 8.0.1.27038 - VMware, Inc.) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.900 - Broadcom Corporation)
Winamp (HKLM-x32\...\Winamp) (Version: 5.622  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Kaba CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\6F6C771794E23FC61082986CD1F15F9CDC4260AB) (Version: 10/22/2009 2.06.00 - Kaba)
Windows-Treiberpaket - Kaba CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\DD4F173311C1690CE99C3DADF50136065DC38107) (Version: 10/22/2009 2.06.00 - Kaba)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WYSIWYG Web Builder 7  (HKLM-x32\...\WYSIWYG_Web_Builder_7) (Version:  - )
XnView 1.97.8 (HKLM-x32\...\XnView_is1) (Version: 1.97.8 - Gougelet Pierre-e)

==================== Restore Points  =========================

02-06-2014 08:56:53 Geplanter Prüfpunkt
02-06-2014 15:53:11 Windows Update
03-06-2014 14:46:37 Installed Ad-Aware
03-06-2014 14:47:03 Installed Ad-Aware
05-06-2014 07:18:59 Installed Ad-Aware
05-06-2014 07:20:08 Installed Ad-Aware

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-02-13 11:26 - 00000990 ____A C:\Windows\system32\Drivers\etc\hosts
10.4.36.186                id-nt
10.6.50.186                subversion.idgmbh.de
11.4.36.53                ideb003
10.6.50.186                IDEX2010
10.6.50.186                IDEX2010.IDGMBH.local


==================== Scheduled Tasks (whitelisted) =============

Task: {0F2730D4-8B06-4B81-ADAE-F9DF1847D39A} - System32\Tasks\Plus-HD-2.2-codedownloader => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-codedownloader.exe [2013-08-23] (Plus HD) <==== ATTENTION
Task: {38B458E5-0B4D-41AF-BE54-1EBD11E880F8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1090607797-461681864-3531138898-1001UA => C:\Users\switte\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-14] (Google Inc.)
Task: {3C70AA24-3561-4BF0-B118-E3C2A5E5AF62} - System32\Tasks\{BA63124B-2F3C-4204-B622-A4B5F6557CAB} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.)
Task: {6CBE7F14-D8F8-449C-A451-B2C26CB89312} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25] (Google Inc.)
Task: {718D39DA-16D5-4BE2-9254-2599F02B4B09} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25] (Google Inc.)
Task: {7DAC6626-F111-4057-918B-BC8AFA5399BB} - System32\Tasks\Plus-HD-2.2-updater => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-updater.exe <==== ATTENTION
Task: {8FC8DD5F-15AF-4537-BBD9-6C67640F0C59} - System32\Tasks\Plus-HD-2.2-enabler => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-enabler.exe <==== ATTENTION
Task: {94F49E9E-0E43-473B-AB24-6C8887DFB8E0} - System32\Tasks\{1316D737-74D5-4A9A-9E92-E923B7B205AB} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/abandoninstall?page=tsProgressBar
Task: {CCD94416-B1D9-408A-9844-5A6BF9D2C22B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1090607797-461681864-3531138898-1001Core => C:\Users\switte\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-14] (Google Inc.)
Task: {D35B12B4-00FF-47E9-8881-EDA87536391E} - System32\Tasks\Plus-HD-2.2-firefoxinstaller => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe [2013-08-23] (Plus HD) <==== ATTENTION
Task: {E8E07ECE-BCAD-408C-9F09-AD22E702D483} - System32\Tasks\Plus-HD-2.2-chromeinstaller => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-chromeinstaller.exe <==== ATTENTION
Task: {E9745680-4C31-4712-B77A-969FBCDA5EA0} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-10-28] (Lavasoft Limited                                                      )
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1090607797-461681864-3531138898-1001Core.job => C:\Users\switte\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1090607797-461681864-3531138898-1001UA.job => C:\Users\switte\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Plus-HD-2.2-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.2-enabler.job => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.2-updater.job => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\scheiss.job => C:\oracle\ora81\bin\EXP.EXE
Task: C:\Windows\Tasks\swz_PROD_DUMP.job => C:\oracle\ora81\bin\EXP.EXE

==================== Loaded Modules (whitelisted) =============

2011-02-09 15:50 - 2005-03-12 02:07 - 00087552 _____ () C:\Windows\System32\redmonnt.dll
2005-10-23 00:35 - 2005-10-23 00:35 - 04431872 _____ () C:\app\Quest Software\Benchmark Factory for Databases\Repository\MySQL\bin\mysqld-max-nt.exe
2009-10-20 17:02 - 2009-10-20 17:02 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-10-09 01:45 - 2009-07-22 14:52 - 02384896 _____ () C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
2010-05-07 09:12 - 2010-05-07 09:12 - 00265216 _____ () C:\app\switte\OpenVPN_214\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe
2011-05-30 16:55 - 2011-05-30 16:55 - 04910592 _____ () C:\Program Files (x86)\Assmann\USB Device Server\Control Center.exe
2010-10-09 01:45 - 2009-11-30 05:41 - 00059904 _____ () C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
2009-03-27 05:36 - 2009-03-27 05:36 - 01489408 _____ () c:\Program Files (x86)\Trend Micro\Client Server Security Agent\LIBEAY32.dll
2009-03-27 05:37 - 2009-03-27 05:37 - 00318464 _____ () c:\Program Files (x86)\Trend Micro\Client Server Security Agent\SSLEAY32.dll
2010-12-09 12:51 - 2007-09-07 15:23 - 00471040 _____ () c:\app\switte\oracle\product\11.1.64\BIN\TNSLSNR.exe
2010-12-09 12:57 - 2007-10-03 16:09 - 00163840 _____ () c:\app\switte\oracle\product\11.1.64\bin\OraVSSW.exe
2012-05-14 12:31 - 2005-04-22 13:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2010-06-25 19:41 - 2010-06-25 19:41 - 00094544 _____ () c:\Program Files (x86)\Trend Micro\Client Server Security Agent\zlibwapi.dll
2011-11-13 23:55 - 2011-11-13 23:55 - 11839488 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2013-08-23 13:47 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-03-04 12:49 - 2011-03-04 12:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2010-12-09 13:00 - 2007-09-06 06:48 - 00057344 _____ () c:\app\switte\oracle\product\11.1.64\BIN\onsclient.dll
2011-11-13 23:43 - 2011-11-13 23:43 - 01222656 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2011-10-28 19:35 - 2011-10-28 19:35 - 00591232 _____ () C:\Program Files (x86)\Lavasoft\Ad-Aware\RPAPI.dll
2011-10-28 19:35 - 2011-10-28 19:35 - 00430568 _____ () C:\Program Files (x86)\Lavasoft\Ad-Aware\viprebridge.dll
2011-10-28 19:35 - 2011-10-28 19:35 - 00308560 _____ () C:\Program Files (x86)\Lavasoft\Ad-Aware\Vipre.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:B606BA34

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: TAP-Win32 Adapter V9 #3
Description: TAP-Win32 Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth-Gerät (PAN)
Description: Bluetooth-Gerät (PAN)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth-Gerät (RFCOMM-Protokoll-TDI)
Description: Bluetooth-Gerät (RFCOMM-Protokoll-TDI)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RFCOMM
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/10/2014 03:50:47 PM) (Source: OracleDBConsoleIDGMBH) (EventID: 4) (User: )
Description: Process exited abnormally during initialization.

Error: (06/05/2014 09:22:51 AM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.

Error: (06/05/2014 09:22:31 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (06/05/2014 09:22:31 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (06/05/2014 09:05:59 AM) (Source: OracleDBConsoleIDGMBH) (EventID: 4) (User: )
Description: Process exited abnormally during initialization.

Error: (06/05/2014 09:01:32 AM) (Source: OracleDBConsoleIDGMBH) (EventID: 4) (User: )
Description: Process exited abnormally during initialization.

Error: (06/05/2014 08:58:29 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x800706b5, Die Schnittstelle ist unbekannt.
.

Error: (06/05/2014 08:58:29 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x800706b5, Die Schnittstelle ist unbekannt.
]

Error: (06/04/2014 07:37:08 PM) (Source: OracleDBConsoleIDGMBH) (EventID: 4) (User: )
Description: Process exited abnormally during initialization.

Error: (06/04/2014 02:57:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.


System errors:
=============
Error: (06/10/2014 03:50:47 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "OracleDBConsoleIDGMBH" wurde mit folgendem dienstspezifischem Fehler beendet: %%2.

Error: (06/10/2014 03:50:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "OracleMTSRecoveryService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/10/2014 03:50:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "OpenVPN Access Client" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/10/2014 03:48:24 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (06/05/2014 09:19:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Andrea ST Filters Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/05/2014 09:05:59 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "OracleDBConsoleIDGMBH" wurde mit folgendem dienstspezifischem Fehler beendet: %%2.

Error: (06/05/2014 09:04:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "OracleMTSRecoveryService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/05/2014 09:04:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "OpenVPN Access Client" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/05/2014 09:03:34 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (06/05/2014 09:03:48 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎05.‎06.‎2014 um 09:02:32 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (11/08/2012 07:00:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 21626 seconds with 1500 seconds of active time.  This session ended with a crash.

Error: (09/10/2012 03:03:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 193 seconds with 120 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-09-30 16:53:51.140
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-30 16:43:58.314
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-30 16:35:51.848
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-30 16:19:31.794
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-30 16:08:32.246
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-30 15:53:30.883
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-30 15:38:51.554
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-03-22 12:55:17.167
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-22 12:55:17.105
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-22 12:55:14.909
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 40%
Total physical RAM: 5942.6 MB
Available physical RAM: 3521.21 MB
Total Pagefile: 11883.33 MB
Available Pagefile: 8090.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:455.94 GB) (Free:98.35 GB) NTFS
Drive r: () (Network) (Total:72.55 GB) (Free:6.45 GB) NTFS
Drive s: () (Network) (Total:72.55 GB) (Free:6.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: FC925462)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=456 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Vielen Dank und einen schönen Gru

schrauber 10.06.2014 16:03
hi,

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM Group Policy restriction on software: C:\Program Files (x86)\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Adware & Co. deinstallieren

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

jean-pauli 11.06.2014 08:50
Vielen Dank für die Hilfe!!!

Hier das Logfile:

[CODE]
Combofix Logfile:
Code:
ComboFix 14-06-10.01 - switte 11.06.2014  9:02.1.4 - x64
Microsoft Windows 7 Professional  6.1.7600.0.1252.49.1031.18.5943.3431 [GMT 2:00]
ausgeführt von:: c:\users\switte\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Avira Desktop *Enabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Trend Micro Client/Server Security Agent Anti-Spyware *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Im Speicher befindliches AV aktiv.
.
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\uninst.exe
c:\users\switte\AppData\Local\assembly\tmp
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\system32\config\systemprofile\AppData\Local\Temp\feb59f87-baa7-4a0a-902c-c33cfc0feb21\CliSecureRT.dll
c:\windows\system32\config\systemprofile\AppData\Local\Temp\NEventMessages.dll
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
c:\windows\SysWow64\UNWISE.EXE
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-05-11 bis 2014-06-11  ))))))))))))))))))))))))))))))
.
.
2014-06-11 07:14 . 2014-06-11 07:14        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-06-11 07:14 . 2014-06-11 07:14        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-06-10 15:14 . 2014-06-11 06:52        --------        d-----w-        c:\program files (x86)\VS Revo Group
2014-06-10 14:00 . 2014-06-10 14:07        --------        d-----w-        C:\FRST
2014-06-05 07:20 . 2014-06-11 06:55        --------        d-----w-        c:\programdata\Lavasoft
2014-06-05 07:00 . 2014-06-05 07:02        --------        d-----w-        c:\users\Installs
2014-06-03 14:45 . 2014-06-05 07:13        47496        ----a-w-        c:\windows\system32\sbbd.exe
2014-06-03 14:45 . 2014-06-03 14:45        --------        d-----w-        c:\users\switte\AppData\Roaming\Ad-Aware Antivirus
2014-06-02 15:53 . 2014-04-30 23:20        10702536        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{4B7FADAB-6622-4EE0-A15F-EB4FA890C9EA}\mpengine.dll
2014-05-27 12:28 . 2014-05-27 12:28        --------        d-----w-        c:\programdata\Citrix
2014-05-27 12:28 . 2014-05-27 12:28        1356664        ----a-w-        c:\windows\system32\SearchDonkey.E3E38E2B3C8C.2.6.80.dll
2014-05-27 12:28 . 2014-05-27 12:48        --------        d-----w-        c:\users\switte\AppData\Roaming\ICAClient
2014-05-27 12:28 . 2014-05-27 12:28        --------        d-----w-        c:\users\switte\AppData\Local\Citrix
2014-05-27 12:28 . 2014-05-27 12:28        --------        d-----w-        c:\program files (x86)\Citrix
2014-05-27 12:23 . 2014-05-27 12:23        1161080        ----a-w-        c:\windows\SysWow64\SearchDonkey.E3E38E2B3C8C.2.6.80.dll
2014-05-27 12:19 . 2010-03-15 10:31        165376        ----a-w-        c:\windows\SysWow64\unrar.dll
2014-05-27 12:18 . 2014-05-27 12:18        --------        d-----w-        c:\programdata\Registry Helper
2014-05-27 12:17 . 2014-05-27 13:28        --------        d-----w-        c:\programdata\SearchDonkey
2014-05-20 10:50 . 2014-05-20 10:50        --------        d-----w-        c:\program files\7-Zip
2014-05-20 07:36 . 2014-05-21 10:31        --------        d-----w-        C:\ProLeiS3
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-05 07:13 . 2013-08-23 10:27        14456        ----a-w-        c:\windows\system32\drivers\gfibto.sys
2014-05-15 13:04 . 2010-10-20 08:36        93223848        ----a-w-        c:\windows\system32\MRT.exe
2014-03-31 20:46 . 2014-03-31 20:46        130712        ----a-w-        c:\windows\SysWow64\MSSTDFMT.DLL
2014-03-31 07:35 . 2010-10-14 19:02        270496        ------w-        c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-05-12 842816]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-14 50472]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2005-05-27 147456]
"openvpn-gui"="c:\app\switte\openVPN_214\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe" [2010-05-07 265216]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-11-13 103536]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"KCodes UDS Control Center"="c:\program files (x86)\Assmann\USB Device Server\Control Center.exe" [2011-05-30 4910592]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" [2010-06-25 1705296]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-21 689744]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-20 1082144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
R2 BMFMySQL;BMFMySQL;c:\app\Quest Software\Benchmark Factory for Databases\Repository\MySQL\bin\mysqld-max-nt.exe;c:\app\Quest Software\Benchmark Factory for Databases\Repository\MySQL\bin\mysqld-max-nt.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 OpenVPNAccessClient;OpenVPN Access Client;c:\app\switte\OpenVPN\core\capiws.exe;c:\app\switte\OpenVPN\core\capiws.exe [x]
R2 OracleDBConsoleIDGMBH;OracleDBConsoleIDGMBH;c:\app\switte\oracle\product\11.1.64\bin\nmesrvc.exe;c:\app\switte\oracle\product\11.1.64\bin\nmesrvc.exe [x]
R2 OracleOraDb11g_home2TNSListener;OracleOraDb11g_home2TNSListener;c:\app\switte\oracle\product\11.1.64\BIN\TNSLSNR ;c:\app\switte\oracle\product\11.1.64\BIN\TNSLSNR  [x]
R2 OracleVssWriterIDGMBH;Oracle IDGMBH VSS Writer Service;c:\app\switte\oracle\product\11.1.64\bin\OraVSSW.exe IDGMBH;c:\app\switte\oracle\product\11.1.64\bin\OraVSSW.exe IDGMBH [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x]
R3 AssmannUDSTcpBus;AssmannUDSTcpBus;SysWOW64\Drivers\AssmannUDSTcpBus.sys;SysWOW64\Drivers\AssmannUDSTcpBus.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 CTUPnPSv;Creative Centrale Media Server;c:\program files (x86)\Creative\Creative Centrale\CTUPnPSv.exe;c:\program files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 Oracle8iClientCache;Oracle8iClientCache;c:\app\switte\oracle\product\BIN\ONRSD.EXE;c:\app\switte\oracle\product\BIN\ONRSD.EXE [x]
R3 OracleDEFAULT_HOMEClientCache;OracleDEFAULT_HOMEClientCache;c:\oracle\ora81\BIN\ONRSD.EXE;c:\oracle\ora81\BIN\ONRSD.EXE [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys;c:\windows\SYSNATIVE\DRIVERS\tap0801.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 OracleJobSchedulerIDGMBH;OracleJobSchedulerIDGMBH;c:\app\switte\oracle\product\11.1.64\Bin\extjob.exe IDGMBH;c:\app\switte\oracle\product\11.1.64\Bin\extjob.exe IDGMBH [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys;c:\windows\SYSNATIVE\DRIVERS\stdflt.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys;c:\windows\SYSNATIVE\DRIVERS\tmlwf.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe [x]
S2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys;c:\windows\SYSNATIVE\DRIVERS\aksdf.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe;c:\windows\SYSNATIVE\hasplms.exe [x]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [x]
S2 OracleServiceIDGMBH;OracleServiceIDGMBH;c:\app\switte\oracle\product\11.1.64\bin\ORACLE.EXE IDGMBH;c:\app\switte\oracle\product\11.1.64\bin\ORACLE.EXE IDGMBH [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [x]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [x]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\tmwfp.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys;SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys;c:\windows\SYSNATIVE\DRIVERS\Acceler.sys [x]
S3 AssmannUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;SysWOW64\Drivers\AssmannUDSMBus.sys;SysWOW64\Drivers\AssmannUDSMBus.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [x]
S3 TmProxy;Trend Micro Client/Server Security Agent Proxy-Dienst;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 11:33]
.
2014-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 11:33]
.
2014-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1090607797-461681864-3531138898-1001Core.job
- c:\users\switte\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-14 19:05]
.
2014-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1090607797-461681864-3531138898-1001UA.job
- c:\users\switte\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-14 19:05]
.
2014-06-11 c:\windows\Tasks\Plus-HD-2.2-codedownloader.job
- c:\program files (x86)\Plus-HD-2.2\Plus-HD-2.2-codedownloader.exe [2013-08-23 09:55]
.
2014-06-11 c:\windows\Tasks\Plus-HD-2.2-firefoxinstaller.job
- c:\program files (x86)\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe [2013-08-23 09:55]
.
2013-04-09 c:\windows\Tasks\scheiss.job
- c:\oracle\ora81\bin\EXP.EXE [2000-11-05 20:27]
.
2013-04-09 c:\windows\Tasks\swz_PROD_DUMP.job
- c:\oracle\ora81\bin\EXP.EXE [2000-11-05 20:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55        99080        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55        99080        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55        99080        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55        99080        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55        99080        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55        99080        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55        99080        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55        99080        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55        99080        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-08 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-08 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-08 414744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-05-24 16416360]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-10-08 5712896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 172.16.2.23:8080
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{9FB232C5-6909-4F81-99B4-BAB4998940F2}
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 10.4.36.104 10.4.36.100
TCP: Interfaces\{6F492E79-597B-42E2-BB2C-979E0743CB83}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{DC0F0ABD-B6BC-49A6-9F0E-549159AD00A8}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
.
.
------- Dateityp-Verknüpfung -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
Toolbar-Locked - (no file)
BHO-{11111111-1111-1111-1111-110311301136} - c:\program files (x86)\Plus-HD-2.2\Plus-HD-2.2-bho64.dll
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-Ad-Aware SE Personal - c:\progra~2\Lavasoft\AD-AWA~1\UNWISE.EXE
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-DAX - c:\windows\IsUn0407.exe
AddRemove-HASP Gerätetreiber - c:\windows\system32\UNWISE.EXE
AddRemove-Knowledge Xpert - c:\program files\quest software\Quest Installer\qi.exe
AddRemove-Knowledge Xpert for PLSQL V8.6 - c:\app\QUESTS~1\KNOWLE~1\PLSQL\UNWISE.EXE
AddRemove-WYSIWYG_Web_Builder_7 - c:\windows\iun6002.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\OracleOraDb11g_home2TNSListener]
"ImagePath"="c:\app\switte\oracle\product\11.1.64\BIN\TNSLSNR "
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1090607797-461681864-3531138898-1001\Software\AppDataLow\SOFTWARE\MarkAny\ContentSAFER\DomainProfiles\* C*]
"profile"="40A60F00C5321883FA723A21F5CE49A381FF37CD2BD2289B46F7000848B9B64786BBBAFD32A28BE981B4647D37E1882AE4F7E3ACA1C6D2A8DEDADCF60C06203221952AF7AEA71B6899B3E7705B46A2850B853334D2C7AEB26318B82CEEED015F38C33B039B19BFF8C77767ED99DBDD98A7EF023995CE6FE244294983A8E6D324ADB81AE9C9FB96A13A3AC971457D4D9215AB7A39E64D5B0EF71C44D722FEF6E5A33F069614A27C91E9D0790E8714AE1F7EB88E9CC46A9F954141EF9A5B6E9568A71EDE91F6EB1A19EF99E54D16C34085C8B9454BF321249BE422BD71C1142FF0F86F745E073CFD52B0545155B0FCBBB2C6C00B38C0253B6F1A2D47850E9FE663B2D4389ACFC93114A85D4A2EE0C4662FB880C0E73D13F5D60836F8D70084D85218A899AE37EA14AF826DDFCDE776ED0DB03D31FE7547DB31CDBA911EB57415FE268A6924DE537B571BB235404FB5F8A83FE3864B588569DDE9EA83A030C754D921A58EF6DC8223AAB8CD69B47FDDCD04BEDB220B6D8DBE1519737DE36B9DAF8F3951A84F8D412518B42AB855F47B3692551E2C4DB88EB5A557491F1FB7851C4E010237198C43B4601CA6413590397DE0FB439DB8AB0E86983FFCAB78E8D9138402E3225304ECC69B133E0F991E7F4ED866C2AF3360C3F13FF13B0C57A231953EFBFBB8A6F9065249CB431C0EE416C6E1BC969962C47AC76D1B9AB10F388BFF400F1C128819FB6B67D2C421A195E1B406EC764A89175D863942B6725FF68DA4310BF62C25D65AEB3CD11530CEA7DDE72988439833B3ACD7981791301AF208193DB4D1AC0B0FA1332C1026DF7CA613BF8E7BCAFA710D334CC6692808F02A44209DA6CE143689F24177D653BCAB0E531AE484E903487C7F608A37AD333B32BB069E924AAD4E95E2D33E3E7700863E2B5F900E0270D90D9DEBC7844220CF46095635D4765C6F110FCEFA813B44A1445A433FAAC074A0E53121E09314FEF99D7135105301EFC6E486D284AB9A8CDF30929C634EDAB7737C8A373D5F18ABF2F0BA2C0FE4E89DFEEEA8859785E84DB65AC1328678127CCC82FA08BAD3080571A1FAE909DBF1BC126607BFBD369BB41064F476C7D415146D1C840E4B4890322C47D4296E9F62E60EB8F53C0C1E8DE7A01AA7D0D89805AC8666F0C7AABEA152B364AD2E708E6484B4E93139A04C837B32E6C5A147422ED704BBDF055BBB024F2D22642CEBECAE7ACC8E4156DC04A716408354D62C2B75BA440861ECB3630AFA2EB521C83F3750DE9338C10B4250607733041B4CBCB778427DF662073F416E0A8B556233A6AB9E8ADFCFC449C8C7C2CF5D1C1B26A6CBB06DF11C9C95BFF395816CF01F8EAAEDFDB3E95B5889622FF95A69CBFE6E94E7295307F15C68534632C26D1E54D869DB2D3CC7031DA20089072C6A518526D34EDAB7737C8A373D5F18ABF2F0BA2C0F1311E06B616F0206BC6B3F7351473A8593004CF4A643910D108F054986600CA8EDFDB3E95B5889622FF95A69CBFE6E94269F872DBA650AE9C0416370225559E6433E57E44BBD451110092BA454A978D19462CF91E30FF2EDBB6E7D9358702791EDFDB3E95B5889622FF95A69CBFE6E944207B59775739BD8E9A5E8DC9E787C2BB2D4389ACFC93114A85D4A2EE0C4662FB880C0E73D13F5D60836F8D70084D85257495EE7727795240C61298F2077F16AACA65A7B9B1C28EE0B428932CC95627EC86E86DB3082034EAE15FA5DA81CD33CAC36AE36EF2DD45BB50CB4A2214CBF758744D9D181313910230D734F6F49B24954D96912A4624333841BAE2EE97E66D246B01644FCBF1090D19558BDD9BA79B4AC36AE36EF2DD45BB50CB4A2214CBF75E0D9C78CB8E627467DD212DBD6B59AEEFC32AA6296980261A3B827F89860FFDA299751BA9848CAD706ED536B9C00FA2E41C124FD0822DC917AB3F33B4656DD253BEB5C27C099BC0F376A3145B412CB5CEDFDB3E95B5889622FF95A69CBFE6E9450F71274E461D9964EEC43722D8B4AA34B3A8FD34AC77B08F117FD45C23CDA3F811D076BE115DB9986BBCCC5B37B83DC1E8868296E0921A338F1BD2DA717DE0CE3669DEBB7C1EC410F81F7F8ABF556C463D612AB0AE8995DFC14BE3EEB814661ED9387C4740EF7A92B9D8C327611C46DBFAC9924259490CE5172D3B7EEBFF8A0EDFDB3E95B5889622FF95A69CBFE6E94E3238AAA1F0D40AA3AE65447536C7514FEB3597816C430E7D342C07A662F0F23EDFDB3E95B5889622FF95A69CBFE6E9404BE98F5A3B944C25A7D37C39554B6A9D0C86C59304670378D928D5CFCB77EE19026F1321475971DD868D4684432C929F11D397728D3120D36A4565DE39E8483DC4CCCCA20C58E4AD6E91768DBED1AE5B23600003D2D70DD3621920252CEE481EDFDB3E95B5889622FF95A69CBFE6E9484E903487C7F608A37AD333B32BB069EEDFDB3E95B5889622FF95A69CBFE6E94924AAD4E95E2D33E3E7700863E2B5F900E0270D90D9DEBC7844220CF46095635EDFDB3E95B5889622FF95A69CBFE6E94444A1DAABC90510C79D560AD800CCDF75CA3526455AB8EB3551D86A5E33CB2B6EDFDB3E95B5889622FF95A69CBFE6E94EDFDB3E95B5889622FF95A69CBFE6E94DB9CCDB20D4DF79905BF45690EAB237931848ED36E49BBBA55BC1A9DF71D4F7E3D84058F146092D4721E11F8B80768EDEDFDB3E95B5889622FF95A69CBFE6E9441330EFAE65C921E6189C60352B18C68637946006C0690F5323D5BC4B158258AEDFDB3E95B5889622FF95A69CBFE6E94A0EFAD3240A974932CCE81350A9836D243488A5715CD37C212C5F833C37AE82475FA45E130D7FEF0AF247192A3ABC3591D42C5C77C12490D315642564B1A27A28ACCED825A18DFAE2EF06A1AF50189FBFD7157228620110633D080AF395718BE210C2FF3B70464F719E078133A0EBD2CFE3231733854C7D44D25EFB37507FD0415ADD03855A7D772C055FCEEEDE51815AC36AE36EF2DD45BB50CB4A2214CBF75EDFDB3E95B5889622FF95A69CBFE6E94B0268AC2386F00B4B70F4E4821FEBB0FEDFDB3E95B5889622FF95A69CBFE6E947F2C7C524F723C52B54CB96678899403EDFDB3E95B5889622FF95A69CBFE6E94EDFDB3E95B5889622FF95A69CBFE6E94C4E729972F307E6352C63212A0966BA421C933E99EC51462982A88583AFF97F2EDFDB3E95B5889622FF95A69CBFE6E948FAF25E439C45191C7C02941F440190A6DB30118535FD407630CC7E81BD9308FAD0389B9915A3C3D318B2B7A8AF6FC2D8CF4FED3E82FFB8A9F6FC1D2D3337753EDFDB3E95B5889622FF95A69CBFE6E94EDFDB3E95B5889622FF95A69CBFE6E9482F756E81C7FBA904FB7CA77B14CE806EDFDB3E95B5889622FF95A69CBFE6E94924AAD4E95E2D33E3E7700863E2B5F90A91FE63FB1C76630B8E65407DA818BDF6B3E187E2D7E61710E925542104F8273DF2BA1FE26F3448CA2F289952CC47F95AC36AE36EF2DD45BB50CB4A2214CBF75EDFDB3E95B5889622FF95A69CBFE6E94B0268AC2386F00B4B70F4E4821FEBB0FEDFDB3E95B5889622FF95A69CBFE6E947F2C7C524F723C52B54CB96678899403EDFDB3E95B5889622FF95A69CBFE6E94EDFDB3E95B5889622FF95A69CBFE6E94C4E729972F307E6352C63212A0966BA4A5C7BEFF5E89546505AE90D622FAD0F2663B879FDB5B64E0A30688766F6944AE4BD3802E4400469B6C63D5F6CB26177EEDFDB3E95B5889622FF95A69CBFE6E948B451AEDB568D4B9872052D53C981BB7C228C82843E61C4F030750B40CBDCB225923B0480352BBF77A3BE64EE732008CEDFDB3E95B5889622FF95A69CBFE6E944F19BF66B5E15C239BB2851249C674ED95125E6DB83949E8B5D0F6750D3D87E222C2359CBAE095E39DADDAEE47508DA8C4C9BA28FFF814CE7A965D8C61A6401B8BDFC0746F984CF522C1F67B8FB518CC0A4C541D9EF538D2AAB0DE1D0B8C1DB9EDFDB3E95B5889622FF95A69CBFE6E9441330EFAE65C921E6189C60352B18C68637946006C0690F5323D5BC4B158258AEDFDB3E95B5889622FF95A69CBFE6E9485C4D1C17704D659B5825A9F358F3A3FEDFDB3E95B5889622FF95A69CBFE6E94BAB4E4A538FCA6A744E59A6D80CA82B6EDFDB3E95B5889622FF95A69CBFE6E94C9764A31593A2B57FD21600B7164C25EEDFDB3E95B5889622FF95A69CBFE6E946AA484F46207ECC13D99877D19FC03188B451AEDB568D4B9872052D53C981BB7DF42ADBEFEB2D746AC32C2F285C1057DA6E1F2A86DA8E82CDDCAD6488E6EC11EF5B5F79F214129879C7426123AB167398B55BFBBA273563D7EADC314367D6153AF19FA55E2B74D69E95B692B2AF95E70E4BB26AF73DEAA08387DAE97ADB5137BB5A921DE80B201D36793F17DB93535FC55C62D105976835FC39A08304B79CA9AE35AAD8F5AFDEA1F849328D83ADD442DCCB124028E451984EC94EE9D6B9263BE637946006C0690F5323D5BC4B158258AA0EFAD3240A974932CCE81350A9836D2F76A2A17864A785F745FFCEEA122FC4971D84E3095D69EBAF0C133A70DE742321A0C00D42828D6B5351D8B0242A6EF5FD1E921A4312632A142E55E5CC4C60A282EFB386C0F76691C4EEFCFE4A55FB2623A3AEB2EC6C5CA1A737A54C536125D8F5809784168A5205024916B42D19988B6637946006C0690F5323D5BC4B158258AA0EFAD3240A974932CCE81350A9836D20B64F34D175DC2A68CACEB909EEF67CA71D84E3095D69EBAF0C133A70DE742321A0C00D42828D6B5351D8B0242A6EF5FD1E921A4312632A142E55E5CC4C60A282EFB386C0F76691C4EEFCFE4A55FB2623A3AEB2EC6C5CA1A737A54C536125D8F5809784168A5205024916B42D19988B6637946006C0690F5323D5BC4B158258AA0EFAD3240A974932CCE81350A9836D2AEA067CB84ABB81237633FF0C16DD0BF71D84E3095D69EBAF0C133A70DE742321A0C00D42828D6B5351D8B0242A6EF5FD1E921A4312632A142E55E5CC4C60A282EFB386C0F76691C4EEFCFE4A55FB2623A3AEB2EC6C5CA1A737A54C536125D8F5809784168A5205024916B42D19988B6637946006C0690F5323D5BC4B158258A85C4D1C17704D659B5825A9F358F3A3F0C22405ED1A4DA363CA4D010FBA46579EDFDB3E95B5889622FF95A69CBFE6E94370892E41D73F292A2C988B6DF5800AB637946006C0690F5323D5BC4B158258A84A6BED2C2575EEDFCD104117F43177C07659D31018D2D9B1ED1056E61025A0BF2F71661CF6B1E9BD3405089DF0EEA78AEB65285258C3D291A748D97A915A67BBF72C1CA4E2FB4A5E05A6E0A3F819E8CEDFDB3E95B5889622FF95A69CBFE6E94B2CBA73E853FDFB0BE83A4B143099661EDFDB3E95B5889622FF95A69CBFE6E94EDFDB3E95B5889622FF95A69CBFE6E948AA297C7826B25321C46550E6FDB4D6EEDFDB3E95B5889622FF95A69CBFE6E9468A69505C322C062696EA472AD2BE38D0EDED3EB902BE63D33749F1FFEF9ECDF71D84E3095D69EBAF0C133A70DE742321A0C00D42828D6B5351D8B0242A6EF5FD1E921A4312632A142E55E5CC4C60A282EFB386C0F76691C4EEFCFE4A55FB2623A3AEB2EC6C5CA1A737A54C536125D8F5809784168A5205024916B42D19988B6637946006C0690F5323D5BC4B158258AEDFDB3E95B5889622FF95A69CBFE6E94A0EFAD3240A974932CCE81350A9836D275C3D42E34A50D22112F336E78D5EBDDEDFDB3E95B5889622FF95A69CBFE6E94EDFDB3E95B5889622FF95A69CBFE6E940C6C69073C696D6720737263"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Creative\Shared Files\CTDevSrv.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\hasplms.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\app\switte\oracle\product\11.1.64\bin\ORACLE.EXE
c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\program files (x86)\TeamViewer\Version8\TeamViewer.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\TeamViewer\Version8\tv_w32.exe
c:\program files (x86)\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-06-11  09:41:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-06-11 07:41
.
Vor Suchlauf: 36 Verzeichnis(se), 103.710.003.200 Bytes frei
Nach Suchlauf: 40 Verzeichnis(se), 118.600.085.504 Bytes frei
.
- - End Of File - - 2EC32A2C8A3D38436720394A228DE4FF
--- --- ---


schönen Gruß

schrauber 12.06.2014 05:53
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

jean-pauli 12.06.2014 10:35
Hi
NOchmal vielen Dank für die Hilfe - hier die gewünschten Logs:

mbam
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 12.06.2014
Suchlauf-Zeit: 10:47:13
Logdatei: 3.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.03.04.09
Rootkit Datenbank: v2014.02.20.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7
CPU: x64
Dateisystem: NTFS
Benutzer: switte

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 328426
Verstrichene Zeit: 14 Min, 14 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 104
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\APPID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}, In Quarantäne, [8dbc6f90c2b81c1a2d316311f210f50b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc, In Quarantäne, [8dbc6f90c2b81c1a2d316311f210f50b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0, In Quarantäne, [8dbc6f90c2b81c1a2d316311f210f50b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc, In Quarantäne, [8dbc6f90c2b81c1a2d316311f210f50b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0, In Quarantäne, [8dbc6f90c2b81c1a2d316311f210f50b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}, In Quarantäne, [8dbc6f90c2b81c1a2d316311f210f50b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}, In Quarantäne, [8dbc6f90c2b81c1a2d316311f210f50b],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [95b40af5b0ca072f15eef57fb34f7a86],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [95b40af5b0ca072f15eef57fb34f7a86],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\APPID\{F48FC5B2-094A-44C7-B48C-289738C9582D}, In Quarantäne, [054449b652281e1875ead0a4768ce51b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3COMClassService, In Quarantäne, [054449b652281e1875ead0a4768ce51b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3COMClassService.1.0, In Quarantäne, [054449b652281e1875ead0a4768ce51b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3COMClassService, In Quarantäne, [054449b652281e1875ead0a4768ce51b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3COMClassService.1.0, In Quarantäne, [054449b652281e1875ead0a4768ce51b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{F48FC5B2-094A-44C7-B48C-289738C9582D}, In Quarantäne, [054449b652281e1875ead0a4768ce51b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}, In Quarantäne, [054449b652281e1875ead0a4768ce51b],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [66e3cc33b0cae551a5062d124db5d42c],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [66e3cc33b0cae551a5062d124db5d42c],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}, In Quarantäne, [0e3bb44b7802d660253bc7ad1de58b75],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0, In Quarantäne, [0e3bb44b7802d660253bc7ad1de58b75],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback, In Quarantäne, [0e3bb44b7802d660253bc7ad1de58b75],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback, In Quarantäne, [0e3bb44b7802d660253bc7ad1de58b75],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0, In Quarantäne, [0e3bb44b7802d660253bc7ad1de58b75],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}, In Quarantäne, [cb7e758ad3a7ff378fd286eefc067b85],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine.1.0, In Quarantäne, [cb7e758ad3a7ff378fd286eefc067b85],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine, In Quarantäne, [cb7e758ad3a7ff378fd286eefc067b85],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine, In Quarantäne, [cb7e758ad3a7ff378fd286eefc067b85],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine.1.0, In Quarantäne, [cb7e758ad3a7ff378fd286eefc067b85],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}, In Quarantäne, [a4a58976adcd2b0b78eab5bfee146e92],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoCreateAsync.1.0, In Quarantäne, [a4a58976adcd2b0b78eab5bfee146e92],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoCreateAsync, In Quarantäne, [a4a58976adcd2b0b78eab5bfee146e92],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoCreateAsync, In Quarantäne, [a4a58976adcd2b0b78eab5bfee146e92],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoCreateAsync.1.0, In Quarantäne, [a4a58976adcd2b0b78eab5bfee146e92],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}, In Quarantäne, [2722708f6a103303c69d254f5ba751af],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback.1.0, In Quarantäne, [2722708f6a103303c69d254f5ba751af],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback, In Quarantäne, [2722708f6a103303c69d254f5ba751af],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback, In Quarantäne, [2722708f6a103303c69d254f5ba751af],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback.1.0, In Quarantäne, [2722708f6a103303c69d254f5ba751af],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}, In Quarantäne, [5dec23dc651536000a5a9cd82dd5e61a],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreMachineClass.1, In Quarantäne, [5dec23dc651536000a5a9cd82dd5e61a],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreMachineClass, In Quarantäne, [5dec23dc651536000a5a9cd82dd5e61a],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreMachineClass, In Quarantäne, [5dec23dc651536000a5a9cd82dd5e61a],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreMachineClass.1, In Quarantäne, [5dec23dc651536000a5a9cd82dd5e61a],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}, In Quarantäne, [4efbe6194d2d44f281e43341867cda26],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.ProcessLauncher.1.0, In Quarantäne, [4efbe6194d2d44f281e43341867cda26],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.ProcessLauncher, In Quarantäne, [4efbe6194d2d44f281e43341867cda26],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.ProcessLauncher, In Quarantäne, [4efbe6194d2d44f281e43341867cda26],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.ProcessLauncher.1.0, In Quarantäne, [4efbe6194d2d44f281e43341867cda26],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}, In Quarantäne, [b0995ea1c0ba1e18fb6b92e2ed1549b7],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0, In Quarantäne, [b0995ea1c0ba1e18fb6b92e2ed1549b7],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine, In Quarantäne, [b0995ea1c0ba1e18fb6b92e2ed1549b7],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine, In Quarantäne, [b0995ea1c0ba1e18fb6b92e2ed1549b7],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0, In Quarantäne, [b0995ea1c0ba1e18fb6b92e2ed1549b7],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}, In Quarantäne, [61e808f7bac02f07cf981064a85a29d7],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}, In Quarantäne, [61e808f7bac02f07cf981064a85a29d7],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}, In Quarantäne, [292057a8e19959ddbdab88ece61ca35d],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}, In Quarantäne, [292057a8e19959ddbdab88ece61ca35d],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.OneClickCtrl.9, In Quarantäne, [292057a8e19959ddbdab88ece61ca35d],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.OneClickCtrl.9, In Quarantäne, [292057a8e19959ddbdab88ece61ca35d],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}, In Quarantäne, [292057a8e19959ddbdab88ece61ca35d],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}, In Quarantäne, [292057a8e19959ddbdab88ece61ca35d],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.Update3WebControl.3, In Quarantäne, [292057a8e19959ddbdab88ece61ca35d],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.Update3WebControl.3, In Quarantäne, [292057a8e19959ddbdab88ece61ca35d],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}, In Quarantäne, [292057a8e19959ddbdab88ece61ca35d],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}, In Quarantäne, [292057a8e19959ddbdab88ece61ca35d],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}, In Quarantäne, [2e1be31c1b5f3ef8a6c30f652ad8d32d],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}, In Quarantäne, [07422ed180fab97d1f4b0173f2108a76],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine.1.0, In Quarantäne, [07422ed180fab97d1f4b0173f2108a76],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine, In Quarantäne, [07422ed180fab97d1f4b0173f2108a76],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine, In Quarantäne, [07422ed180fab97d1f4b0173f2108a76],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine.1.0, In Quarantäne, [07422ed180fab97d1f4b0173f2108a76],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C536F080-57B7-46D6-8894-C647553F2889}, In Quarantäne, [07422ed180fab97d1f4b0173f2108a76],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}, In Quarantäne, [ad9cbb448bef4aecf378b8bc13ef728e],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreClass.1, In Quarantäne, [ad9cbb448bef4aecf378b8bc13ef728e],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreClass, In Quarantäne, [ad9cbb448bef4aecf378b8bc13ef728e],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreClass, In Quarantäne, [ad9cbb448bef4aecf378b8bc13ef728e],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreClass.1, In Quarantäne, [ad9cbb448bef4aecf378b8bc13ef728e],
PUP.Optional.SweetPacks, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}, In Quarantäne, [301906f93b3fdc5a5219152c2ad8c937],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}, In Quarantäne, [74d537c8047686b0105ccba9778bba46],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebSvc.1.0, In Quarantäne, [74d537c8047686b0105ccba9778bba46],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebSvc, In Quarantäne, [74d537c8047686b0105ccba9778bba46],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebSvc, In Quarantäne, [74d537c8047686b0105ccba9778bba46],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebSvc.1.0, In Quarantäne, [74d537c8047686b0105ccba9778bba46],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}, In Quarantäne, [9bae1ce3cfab4cea0469c3b18c7648b8],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachine.1.0, In Quarantäne, [9bae1ce3cfab4cea0469c3b18c7648b8],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachine, In Quarantäne, [9bae1ce3cfab4cea0469c3b18c7648b8],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachine, In Quarantäne, [9bae1ce3cfab4cea0469c3b18c7648b8],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachine.1.0, In Quarantäne, [9bae1ce3cfab4cea0469c3b18c7648b8],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\APPID\DealPlyLive.exe, In Quarantäne, [7ecbd32ca0dab58190a2208cc24155ab],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\DealPlyLive.exe, In Quarantäne, [9aaf3fc0c3b7cb6bc66c525ad2318c74],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.dpliveupdate.com/DealPlyLive Update;version=3, In Quarantäne, [1435fa055624350187afcce057acc739],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.dpliveupdate.com/DealPlyLive Update;version=9, In Quarantäne, [15343cc3186286b0ca6c4d5f8b7837c9],
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, In Quarantäne, [c584c53aadcda19569553f6c867dfc04],
PUP.Optional.DealPly.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\DealPlyLive, Löschen bei Neustart, [064355aa8ceedd590731783450b3bd43],
PUP.Optional.PlusHD.A, HKU\S-1-5-21-1090607797-461681864-3531138898-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-2.2, Löschen bei Neustart, [a8a14ab59edcd75f04b947487b8750b0],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110311301136}, In Quarantäne, [1d2c3ec12654ba7c02ff4ce6ed171ae6],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110311301136}, In Quarantäne, [1d2c3ec12654ba7c02ff4ce6ed171ae6],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440344304436}, In Quarantäne, [1d2c3ec12654ba7c02ff4ce6ed171ae6],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550355305536}, In Quarantäne, [1d2c3ec12654ba7c02ff4ce6ed171ae6],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660366306636}, In Quarantäne, [1d2c3ec12654ba7c02ff4ce6ed171ae6],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550355305536}, In Quarantäne, [1d2c3ec12654ba7c02ff4ce6ed171ae6],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660366306636}, In Quarantäne, [1d2c3ec12654ba7c02ff4ce6ed171ae6],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440344304436}, In Quarantäne, [1d2c3ec12654ba7c02ff4ce6ed171ae6],
PUP.Optional.CrossRider.M, HKU\S-1-5-21-1090607797-461681864-3531138898-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110311301136}, Löschen bei Neustart, [1d2c3ec12654ba7c02ff4ce6ed171ae6],

Registrierungswerte: 2
PUP.Optional.BrowserProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|bProtectTabs, hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=8EDD00FFF93FFD17&affID=119776&tsp=4983, In Quarantäne, [e56415ea6b0f1422b1756f3f748f2cd4]
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, {D9471B7B-F0EF-11E1-B31B-005056C00008}, In Quarantäne, [c584c53aadcda19569553f6c867dfc04]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 14
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive, In Quarantäne, [d0791ce3b9c10036a4adee9841c12bd5],
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive\Update, In Quarantäne, [d0791ce3b9c10036a4adee9841c12bd5],
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive\Update\Log, In Quarantäne, [d0791ce3b9c10036a4adee9841c12bd5],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\CrashReports, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Download, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Install, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Offline, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Offline\{52B30197-65F0-4326-9CCA-27F2D8AAB8C1}, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Users\switte\AppData\Local\DealPlyLive, In Quarantäne, [c287f30c39413ff7d0d9add90ef4c53b],
PUP.Optional.DealPly.A, C:\Users\switte\AppData\Local\DealPlyLive\CrashReports, In Quarantäne, [c287f30c39413ff7d0d9add90ef4c53b],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-2.2, In Quarantäne, [c4855ca357232b0b62917e085ea4d12f],

Dateien: 81
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\psmachine.dll, In Quarantäne, [61e808f7bac02f07cf981064a85a29d7],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll, In Quarantäne, [292057a8e19959ddbdab88ece61ca35d],
PUP.Optional.OneClickDownloader.A, C:\Users\switte\Downloads\FTDownloader_setup(18_4)_ch (1).exe, In Quarantäne, [95b4aa557505a78ffdfa2132966b728e],
PUP.Optional.OneClickDownloader.A, C:\Users\switte\Downloads\FTDownloader_setup(18_4)_ch.exe, In Quarantäne, [56f3fd0202780b2bfef93122ba4708f8],
Hacktool.Agent, C:\Users\switte\Downloads\Loader (W-7).rar, In Quarantäne, [f851728d71091e18b71b7912867b39c7],
PUP.Optional.Bandoo, C:\Users\switte\Downloads\iLividSetup-r390-n-bc.exe, In Quarantäne, [56f316e93c3e57df4f54d378fe03ea16],
PUP.Optional.BundleInstaller.A, C:\Users\switte\Downloads\Java.exe, In Quarantäne, [de6b09f6e59511255724dbacc63b14ec],
PUP.Optional.OpenCandy, C:\Users\switte\Downloads\winamp5622_full_emusic-7plus_de-de.exe, In Quarantäne, [0d3cfc03c8b284b28660bb96e420a45c],
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive\Update\Log\DealPlyLive.log, In Quarantäne, [d0791ce3b9c10036a4adee9841c12bd5],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLive.exe, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveHandler.exe, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveHelper.msi, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_bn.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ca.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_cs.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_da.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_de.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_el.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_en-GB.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_en.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_es-419.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_es.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_et.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fa.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fi.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fil.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fr.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_gu.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hr.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hu.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_id.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_is.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_it.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_iw.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ja.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_kn.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ko.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_lt.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_lv.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ml.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_mr.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ms.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_nl.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_no.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_am.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ar.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pt-BR.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pt-PT.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ro.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ru.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sk.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sl.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sr.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sv.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sw.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ta.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_te.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_th.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_tr.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_uk.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ur.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_vi.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_zh-CN.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_zh-TW.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\psuser.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_bg.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hi.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pl.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-codedownloader.exe, In Quarantäne, [c4855ca357232b0b62917e085ea4d12f],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-2.2\33036.crx, In Quarantäne, [c4855ca357232b0b62917e085ea4d12f],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-2.2\33036.xpi, In Quarantäne, [c4855ca357232b0b62917e085ea4d12f],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-2.2\Installer.log, In Quarantäne, [c4855ca357232b0b62917e085ea4d12f],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bg.exe, In Quarantäne, [c4855ca357232b0b62917e085ea4d12f],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-buttonutil.exe, In Quarantäne, [c4855ca357232b0b62917e085ea4d12f],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-buttonutil64.dll, In Quarantäne, [c4855ca357232b0b62917e085ea4d12f],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-buttonutil64.exe, In Quarantäne, [c4855ca357232b0b62917e085ea4d12f],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe, In Quarantäne, [c4855ca357232b0b62917e085ea4d12f],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-helper.exe, In Quarantäne, [c4855ca357232b0b62917e085ea4d12f],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2.ico, In Quarantäne, [c4855ca357232b0b62917e085ea4d12f],

Physische Sektoren: 0
(No malicious items detected)


(end)

awdcleaner
AdwCleaner Logfile:
Code:
# AdwCleaner v3.212 - Bericht erstellt am 12/06/2014 um 11:12:08
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Professional  (64 bits)
# Benutzername : switte - SARDELLE
# Gestartet von : C:\tauschen\adwcleaner_3.212.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\blekko toolbars
Ordner Gelöscht : C:\ProgramData\Registry Helper
Ordner Gelöscht : C:\Users\switte\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\switte\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\switte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
Datei Gelöscht : C:\Users\switte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\switte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\lgnbhdnimikkoodkogjlcllngimhlapp
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FTDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ftdownloader v4_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ftdownloader v4_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\plus-hd-2_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\plus-hd-2_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE

***** [ Browser ] *****

-\\ Internet Explorer v8.0.7600.17267


-\\ Mozilla Firefox v5.0 (de)

[ Datei : C:\Users\switte\AppData\Roaming\Mozilla\Firefox\Profiles\iknf3a13.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\switte\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Homepage] : hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=8EDD00FFF93FFD17&affID=119776&tsp=4983
Gelöscht [Extension] : eooncjejnppfjjklapaamhcdmjbilmde
Gelöscht [Extension] : oejkcgajlodefenbbjdnaiahmbnnoole

*************************

AdwCleaner[R0].txt - [7443 octets] - [12/06/2014 11:10:46]
AdwCleaner[S0].txt - [7179 octets] - [12/06/2014 11:12:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7239 octets] ##########
--- --- ---



jrt
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by switte on 12.06.2014 at 11:19:49,57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1090607797-461681864-3531138898-1001\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\searchdonkey"
Successfully deleted: [Folder] "C:\Users\switte\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\switte\AppData\Roaming\software"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.06.2014 at 11:26:30,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST:
[CODE]

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 01
Ran by switte (administrator) on SARDELLE on 12-06-2014 11:27:28
Running from C:\Users\switte\Desktop
Platform: Windows 7 Professional (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\stacsv64.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\app\Quest Software\Benchmark Factory for Databases\Repository\MySQL\bin\mysqld-max-nt.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\Ntrtscan.exe
() C:\app\switte\oracle\product\11.1.64\BIN\TNSLSNR.EXE
(Oracle Corporation) C:\app\switte\oracle\product\11.1.64\BIN\oracle.exe
() C:\app\switte\oracle\product\11.1.64\BIN\oravssw.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmListen.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\app\switte\OpenVPN_214\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Stoic Joker's Network) C:\Installs\T-Clock 2010 (build X - Release to DC)\x64\Clock.exe
() C:\Program Files (x86)\Assmann\USB Device Server\Control Center.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Intel Corporation) C:\Windows\System32\GfxUI.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmPfw.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1894696 2010-01-08] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-04-07] (IDT, Inc.)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [16416360 2010-05-25] (NVIDIA Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-10-09] (Dell Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [DpAgent] => C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [842816 2009-05-13] (DigitalPersona, Inc.)
HKLM-x32\...\Run: [RemoteControl9] => c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-14] (CyberLink Corp.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [147456 2005-05-27] (shbox.de)
HKLM-x32\...\Run: [openvpn-gui] => C:\app\switte\openVPN_214\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe [265216 2010-05-07] ()
HKLM-x32\...\Run: [vmware-tray] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [103536 2011-11-14] (VMware, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [KCodes UDS Control Center] => C:\Program Files (x86)\Assmann\USB Device Server\Control Center.exe [4910592 2011-05-30] ()
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [OfficeScanNT Monitor] => c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe [1705296 2010-06-25] (Trend Micro Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
AppInit_DLLs: C:\Windows\System32\acaptuser64.dll => C:\Windows\System32\acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\switte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\switte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stoic Joker's T-Clock 2010 x64.lnk
ShortcutTarget: Stoic Joker's T-Clock 2010 x64.lnk -> C:\Installs\T-Clock 2010 (build X - Release to DC)\x64\Clock.exe (Stoic Joker's Network)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {434883DB-E43C-4C66-BF09-FDAD12DB7BDD} URL =
SearchScopes: HKCU - {9355D0D8-4BF8-4806-9920-403C40F0731F} URL =
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
BHO: DigitalPersona Fingerprint Software Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: DigitalPersona Fingerprint Software Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\app\Quest Software\Toad for Oracle\RNetPin.dll ()
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (Trend Micro Inc.)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.4.36.104 10.4.36.100
Tcpip\..\Interfaces\{6F492E79-597B-42E2-BB2C-979E0743CB83}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{DC0F0ABD-B6BC-49A6-9F0E-549159AD00A8}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Users\switte\AppData\Roaming\Mozilla\Firefox\Profiles\iknf3a13.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\app\switte\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\app\switte\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @MagellanGPS.com/CommunicationPlugin - C:\Program Files (x86)\Magellan\Magellan Communicator\npMgnPlg.dll (Magellan Navigation, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\switte\AppData\Roaming\mozilla\plugins\npMeetingJoinPluginAOCUser.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ []
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF Extension: Trend Micro NSC Firefox Extension - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2010-10-09]
FF HKLM-x32\...\Firefox\Extensions: [fe_9.0@nokia.com] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0
FF Extension: Firefox Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012-05-24]
FF HKLM-x32\...\Thunderbird\Extensions: [te_9.0@nokia.com] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012-05-24]
FF HKCU\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2010-10-09]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\switte\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\switte\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\switte\AppData\Local\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Picasa) - C:\app\switte\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll No File
CHR Extension: (Instant Retro) - C:\Users\switte\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlahmeejnbkdnjnckboeglpfmjbfmopp [2011-09-16]
CHR Extension: (Google Wallet) - C:\Users\switte\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 BMFMySQL; C:\app\Quest Software\Benchmark Factory for Databases\Repository\MySQL\bin\mysqld-max-nt.exe [4431872 2005-10-23] () [File not signed]
R2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed]
S3 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]
R2 DpHost; C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe [322624 2009-05-13] (DigitalPersona, Inc.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2012-10-12] (Macrovision Europe Ltd.) [File not signed]
R2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 ntrtscan; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe [1835912 2010-06-22] (Trend Micro Inc.)
S3 OpenVPNService; C:\app\switte\openVPN_214\Astaro\Astaro SSL VPN Client\bin\openvpnserv.exe [39936 2010-05-07] () [File not signed]
S2 OracleDBConsoleIDGMBH; c:\app\switte\oracle\product\11.1.64\bin\nmesrvc.exe [25600 2007-09-13] (Oracle Corporation) [File not signed]
S3 OracleDEFAULT_HOMEClientCache; C:\oracle\ora81\BIN\ONRSD.EXE [411244 2000-10-19] () [File not signed]
S4 OracleJobSchedulerIDGMBH; c:\app\switte\oracle\product\11.1.64\Bin\extjob.exe [102400 2007-10-03] () [File not signed]
R2 OracleOraDb11g_home2TNSListener; c:\app\switte\oracle\product\11.1.64\ [0 ] () [File not signed]
R2 OracleServiceIDGMBH; c:\app\switte\oracle\product\11.1.64\bin\ORACLE.EXE [89702400 2007-10-03] (Oracle Corporation) [File not signed]
R2 OracleVssWriterIDGMBH; c:\app\switte\oracle\product\11.1.64\bin\OraVSSW.exe [163840 2007-10-03] () [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2013-06-27] (Enigma Software Group USA, LLC.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\STacSV64.exe [247808 2010-04-07] (IDT, Inc.)
R2 svcGenericHost; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [45056 2010-07-05] (Trend Micro Inc.) [File not signed]
R2 tmlisten; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe [2057096 2010-06-22] (Trend Micro Inc.)
R3 TmPfw; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [595960 2009-07-16] (Trend Micro Inc.)
R3 TmProxy; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [917768 2009-07-16] (Trend Micro Inc.)
R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [79872 2011-11-13] (VMware, Inc.) [File not signed]
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [11839488 2011-11-13] () [File not signed]
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-10-09] (Dell Inc.) [File not signed]
S2 OpenVPNAccessClient; C:\app\switte\OpenVPN\core\capiws.exe [X]
S3 Oracle8iClientCache; c:\app\switte\oracle\product\BIN\ONRSD.EXE [X]
S2 OracleMTSRecoveryService; c:\app\switte\oracle\product\11.1.0\bin\omtsreco.exe "OracleMTSRecoveryService" [X]

==================== Drivers (Whitelisted) ====================

R3 AssmannUDSMBus; C:\Windows\SysWow64\Drivers\AssmannUDSMBus.sys [100448 2011-05-06] (Windows (R) Codename Longhorn DDK provider)
S3 AssmannUDSTcpBus; C:\Windows\SysWow64\Drivers\AssmannUDSTcpBus.sys [165472 2011-05-06] (Windows (R) Codename Longhorn DDK provider)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20552 2010-09-06] (Devguru Co., Ltd)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2014-06-05] (GFI Software)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [9856 2010-12-02] (Padus, Inc.) [File not signed]
S3 PORTMON; C:\Installs\Sysinternals\PORTMSYS.SYS [28656 2014-06-11] (Systems Internals) [File not signed]
S3 tap0801; C:\Windows\System32\DRIVERS\tap0801.sys [30720 2005-04-13] (The OpenVPN Project) [File not signed]
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-08-03] (The OpenVPN Project)
R2 TmFilter; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [265744 2010-05-11] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [200720 2009-07-16] (Trend Micro Inc.)
R2 TmPreFilter; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [42000 2010-05-11] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2009-07-16] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [339984 2009-07-16] (Trend Micro Inc.)
R2 VSApiNt; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys [2007056 2010-05-11] (Trend Micro Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-12 11:27 - 2014-06-12 11:27 - 00032870 _____ () C:\Users\switte\Desktop\FRST.txt
2014-06-12 11:27 - 2014-06-12 11:27 - 00000000 ____D () C:\Users\switte\Desktop\FRST-OlderVersion
2014-06-12 11:26 - 2014-06-12 11:26 - 00001103 _____ () C:\Users\switte\Desktop\JRT.txt
2014-06-12 11:17 - 2014-06-12 11:17 - 00000000 ____D () C:\Windows\ERUNT
2014-06-12 11:16 - 2014-06-12 11:16 - 00007399 _____ () C:\Users\switte\Desktop\AdwCleaner[S0].txt
2014-06-12 11:15 - 2014-06-12 11:16 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2014-06-12 11:14 - 2014-06-12 11:15 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_12_11_14_59.dmp
2014-06-12 11:10 - 2014-06-12 11:12 - 00000000 ____D () C:\AdwCleaner
2014-06-12 11:09 - 2014-06-12 11:09 - 00030874 _____ () C:\Users\switte\Desktop\3.txt
2014-06-12 11:05 - 2014-06-12 11:05 - 00020474 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_12_11_5_41.dmp
2014-06-12 10:15 - 2014-06-12 11:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-12 10:15 - 2014-06-12 10:15 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-12 10:15 - 2014-06-12 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-12 10:15 - 2014-06-12 10:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-12 10:15 - 2014-06-12 10:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-12 10:15 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-12 10:15 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-12 10:15 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-12 10:13 - 2014-06-12 10:11 - 01016261 _____ (Thisisu) C:\Users\switte\Desktop\JRT.exe
2014-06-11 17:27 - 2014-06-11 17:27 - 00000000 ___SD () C:\ComboFix
2014-06-11 16:15 - 2014-06-11 16:15 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_16_15_20.dmp
2014-06-11 16:10 - 2014-06-11 16:10 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macrovision
2014-06-11 16:09 - 2014-06-11 16:13 - 00000000 ____D () C:\Users\Administrator\AppData\Local\TSVNCache
2014-06-11 16:09 - 2014-06-11 16:09 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ICAClient
2014-06-11 16:09 - 2014-06-11 16:09 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\DigitalPersona
2014-06-11 16:09 - 2014-06-11 16:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\DigitalPersona
2014-06-11 16:09 - 2014-06-11 16:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Citrix
2014-06-11 16:08 - 2014-06-11 16:08 - 00001441 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-11 16:08 - 2014-06-11 16:08 - 00001407 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-06-11 16:08 - 2014-06-11 16:08 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-11 16:08 - 2014-06-11 16:08 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-06-11 16:07 - 2014-06-11 16:07 - 00020474 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_16_7_31.dmp
2014-06-11 16:06 - 2014-06-11 16:13 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-06-11 16:06 - 2014-06-11 16:08 - 00000000 ____D () C:\Users\Administrator
2014-06-11 16:06 - 2014-06-11 16:06 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-06-11 16:06 - 2013-04-12 16:49 - 00000000 ____D () C:\Users\Administrator\Documents\Visual Studio 2010
2014-06-11 16:06 - 2013-04-12 16:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Help
2014-06-11 16:06 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-11 16:06 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-11 14:49 - 2014-06-11 14:49 - 00001148 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-11 14:49 - 2014-06-11 14:49 - 00001136 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-11 14:49 - 2014-06-11 14:49 - 00000000 ____D () C:\Users\switte\AppData\Local\Mozilla
2014-06-11 11:32 - 2014-06-11 11:32 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_11_32_38.dmp
2014-06-11 10:52 - 2014-06-11 10:52 - 00032313 _____ () C:\ComboFix.txt
2014-06-11 10:52 - 2014-06-11 10:52 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-11 10:52 - 2014-06-11 10:52 - 00000000 ____D () C:\Users\Installs\AppData\Local\temp
2014-06-11 10:52 - 2014-06-11 10:52 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-11 10:52 - 2014-06-11 10:52 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-11 10:16 - 2014-06-11 10:16 - 00021517 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_10_16_44.dmp
2014-06-11 10:07 - 2014-06-11 10:07 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_10_7_1.dmp
2014-06-11 09:55 - 2014-06-11 09:55 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_9_55_13.dmp
2014-06-11 09:18 - 2014-06-11 09:18 - 00021476 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_9_18_0.dmp
2014-06-11 09:00 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-11 09:00 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-11 09:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-11 09:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-11 09:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-11 09:00 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-11 09:00 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-11 09:00 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-11 08:49 - 2014-06-11 17:27 - 00000000 ____D () C:\Qoobox
2014-06-11 08:48 - 2014-06-11 09:34 - 00000000 ____D () C:\Windows\erdnt
2014-06-11 08:45 - 2014-06-11 08:45 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_8_45_44.dmp
2014-06-10 17:14 - 2014-06-11 08:52 - 00001266 _____ () C:\Users\switte\Desktop\Revo Uninstaller.lnk
2014-06-10 17:14 - 2014-06-11 08:52 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-10 17:13 - 2014-06-10 17:13 - 05205915 ____R (Swearware) C:\Users\switte\Desktop\ComboFix.exe
2014-06-10 16:00 - 2014-06-12 11:27 - 00000000 ____D () C:\FRST
2014-06-10 15:59 - 2014-06-12 11:27 - 02081792 _____ (Farbar) C:\Users\switte\Desktop\FRST64.exe
2014-06-10 15:50 - 2014-06-10 15:50 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_10_15_50_47.dmp
2014-06-05 09:20 - 2014-06-11 08:55 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-06-05 09:05 - 2014-06-05 09:06 - 00020572 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_5_9_5_59.dmp
2014-06-05 09:01 - 2014-06-05 09:01 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_5_9_1_32.dmp
2014-06-05 09:00 - 2014-06-05 09:02 - 00000000 ____D () C:\Users\Installs
2014-06-05 09:00 - 2014-06-05 09:00 - 00000020 ___SH () C:\Users\Installs\ntuser.ini
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Vorlagen
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Startmenü
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Netzwerkumgebung
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Lokale Einstellungen
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Eigene Dateien
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Druckumgebung
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Documents\Eigene Musik
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Documents\Eigene Bilder
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\AppData\Local\Verlauf
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\AppData\Local\Anwendungsdaten
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Anwendungsdaten
2014-06-05 09:00 - 2013-04-12 16:49 - 00000000 ____D () C:\Users\Installs\Documents\Visual Studio 2010
2014-06-05 09:00 - 2013-04-12 16:46 - 00000000 ____D () C:\Users\Installs\AppData\Local\Microsoft Help
2014-06-05 09:00 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Installs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-05 09:00 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Installs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-04 19:37 - 2014-06-04 19:37 - 00000000 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_19_37_8.dmp
2014-06-04 10:24 - 2014-06-04 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-06-04 09:38 - 2014-06-04 09:38 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_9_38_5.dmp
2014-06-04 08:50 - 2014-06-04 08:50 - 00020572 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_8_50_29.dmp
2014-06-04 08:40 - 2014-06-04 08:40 - 00020474 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_8_40_3.dmp
2014-06-04 08:21 - 2014-06-04 08:21 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_8_21_31.dmp
2014-06-03 16:45 - 2014-06-05 09:13 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe
2014-06-03 16:45 - 2014-06-03 16:45 - 00000000 ____D () C:\Users\switte\AppData\Roaming\Ad-Aware Antivirus
2014-06-03 16:36 - 2014-06-03 16:36 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_3_16_36_54.dmp
2014-06-03 12:50 - 2014-06-03 12:51 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_3_12_50_59.dmp
2014-06-03 10:03 - 2014-06-03 10:03 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_3_10_3_19.dmp
2014-05-27 14:28 - 2014-05-27 14:48 - 00000000 ____D () C:\Users\switte\AppData\Roaming\ICAClient
2014-05-27 14:28 - 2014-05-27 14:28 - 01356664 _____ () C:\Windows\system32\SearchDonkey.E3E38E2B3C8C.2.6.80.dll
2014-05-27 14:28 - 2014-05-27 14:28 - 00000000 ____D () C:\Users\switte\AppData\Local\Citrix
2014-05-27 14:28 - 2014-05-27 14:28 - 00000000 ____D () C:\ProgramData\Citrix
2014-05-27 14:28 - 2014-05-27 14:28 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-05-27 14:23 - 2014-05-27 14:23 - 01161080 _____ () C:\Windows\SysWOW64\SearchDonkey.E3E38E2B3C8C.2.6.80.dll
2014-05-27 14:19 - 2010-03-15 12:31 - 00165376 _____ () C:\Windows\SysWOW64\unrar.dll
2014-05-26 08:58 - 2014-05-26 08:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
2014-05-26 08:55 - 2014-05-26 08:55 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_26_8_55_51.dmp
2014-05-22 08:56 - 2014-05-22 08:56 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_22_8_56_14.dmp
2014-05-20 12:50 - 2014-05-20 12:50 - 00000000 ____D () C:\Program Files\7-Zip
2014-05-20 10:49 - 2014-05-20 10:49 - 00000018 _____ () C:\Users\switte\Desktop\testtest.wzip.txt
2014-05-20 09:38 - 2014-05-20 09:38 - 00001674 _____ () C:\Users\Public\Desktop\ProLeiS3_TEST.lnk
2014-05-20 09:36 - 2014-05-21 12:31 - 00000000 ____D () C:\ProLeiS3
2014-05-20 09:36 - 2014-05-20 09:37 - 00000000 ____D () C:\ProLeiS3_TEST
2014-05-20 09:15 - 2014-05-20 09:15 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_20_9_15_36.dmp
2014-05-15 15:15 - 2014-05-15 15:15 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_15_15_15_4.dmp
2014-05-13 09:38 - 2014-05-13 09:38 - 00020572 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_13_9_38_35.dmp

==================== One Month Modified Files and Folders =======

2014-06-12 11:28 - 2014-06-12 11:27 - 00032870 _____ () C:\Users\switte\Desktop\FRST.txt
2014-06-12 11:28 - 2010-10-14 13:50 - 00000000 ____D () C:\Users\switte\AppData\Local\Temp
2014-06-12 11:27 - 2014-06-12 11:27 - 00000000 ____D () C:\Users\switte\Desktop\FRST-OlderVersion
2014-06-12 11:27 - 2014-06-10 16:00 - 00000000 ____D () C:\FRST
2014-06-12 11:27 - 2014-06-10 15:59 - 02081792 _____ (Farbar) C:\Users\switte\Desktop\FRST64.exe
2014-06-12 11:26 - 2014-06-12 11:26 - 00001103 _____ () C:\Users\switte\Desktop\JRT.txt
2014-06-12 11:25 - 2010-10-14 14:15 - 00000000 ____D () C:\Installs
2014-06-12 11:23 - 2009-07-14 06:45 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-12 11:23 - 2009-07-14 06:45 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-12 11:18 - 2014-06-12 10:15 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-12 11:17 - 2014-06-12 11:17 - 00000000 ____D () C:\Windows\ERUNT
2014-06-12 11:17 - 2010-10-14 20:57 - 00000000 ____D () C:\tauschen
2014-06-12 11:17 - 2010-10-09 02:04 - 00000031 _____ () C:\tmuninst.ini
2014-06-12 11:16 - 2014-06-12 11:16 - 00007399 _____ () C:\Users\switte\Desktop\AdwCleaner[S0].txt
2014-06-12 11:16 - 2014-06-12 11:15 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2014-06-12 11:16 - 2010-10-25 13:00 - 00000000 ____D () C:\Users\switte\AppData\Local\TSVNCache
2014-06-12 11:15 - 2014-06-12 11:14 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_12_11_14_59.dmp
2014-06-12 11:14 - 2010-11-22 12:53 - 00000000 ____D () C:\ProgramData\VMware
2014-06-12 11:14 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-12 11:14 - 2009-07-14 06:51 - 00126973 _____ () C:\Windows\setupact.log
2014-06-12 11:13 - 2010-10-08 18:34 - 00851824 _____ () C:\Windows\PFRO.log
2014-06-12 11:12 - 2014-06-12 11:10 - 00000000 ____D () C:\AdwCleaner
2014-06-12 11:12 - 2009-07-14 07:10 - 01434912 _____ () C:\Windows\WindowsUpdate.log
2014-06-12 11:09 - 2014-06-12 11:09 - 00030874 _____ () C:\Users\switte\Desktop\3.txt
2014-06-12 11:05 - 2014-06-12 11:05 - 00020474 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_12_11_5_41.dmp
2014-06-12 10:37 - 2010-11-11 10:18 - 00002064 ____H () C:\Users\switte\Documents\Default.rdp
2014-06-12 10:28 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-06-12 10:15 - 2014-06-12 10:15 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-12 10:15 - 2014-06-12 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-12 10:15 - 2014-06-12 10:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-12 10:15 - 2014-06-12 10:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-12 10:11 - 2014-06-12 10:13 - 01016261 _____ (Thisisu) C:\Users\switte\Desktop\JRT.exe
2014-06-11 17:27 - 2014-06-11 17:27 - 00000000 ___SD () C:\ComboFix
2014-06-11 17:27 - 2014-06-11 08:49 - 00000000 ____D () C:\Qoobox
2014-06-11 16:15 - 2014-06-11 16:15 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_16_15_20.dmp
2014-06-11 16:13 - 2014-06-11 16:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\TSVNCache
2014-06-11 16:13 - 2014-06-11 16:06 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-06-11 16:10 - 2014-06-11 16:10 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macrovision
2014-06-11 16:09 - 2014-06-11 16:09 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ICAClient
2014-06-11 16:09 - 2014-06-11 16:09 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\DigitalPersona
2014-06-11 16:09 - 2014-06-11 16:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\DigitalPersona
2014-06-11 16:09 - 2014-06-11 16:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Citrix
2014-06-11 16:08 - 2014-06-11 16:08 - 00001441 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-11 16:08 - 2014-06-11 16:08 - 00001407 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-06-11 16:08 - 2014-06-11 16:08 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-11 16:08 - 2014-06-11 16:08 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-06-11 16:08 - 2014-06-11 16:06 - 00000000 ____D () C:\Users\Administrator
2014-06-11 16:08 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-11 16:07 - 2014-06-11 16:07 - 00020474 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_16_7_31.dmp
2014-06-11 16:06 - 2014-06-11 16:06 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-06-11 14:49 - 2014-06-11 14:49 - 00001148 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-11 14:49 - 2014-06-11 14:49 - 00001136 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-11 14:49 - 2014-06-11 14:49 - 00000000 ____D () C:\Users\switte\AppData\Local\Mozilla
2014-06-11 14:49 - 2013-08-23 11:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-11 14:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-11 14:22 - 2010-10-14 21:05 - 00000000 ____D () C:\Users\switte\AppData\Local\Google
2014-06-11 11:32 - 2014-06-11 11:32 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_11_32_38.dmp
2014-06-11 11:28 - 2010-10-09 01:45 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-11 11:25 - 2010-12-09 12:09 - 00000000 ____D () C:\Program Files (x86)\Raize
2014-06-11 10:52 - 2014-06-11 10:52 - 00032313 _____ () C:\ComboFix.txt
2014-06-11 10:52 - 2014-06-11 10:52 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-11 10:52 - 2014-06-11 10:52 - 00000000 ____D () C:\Users\Installs\AppData\Local\temp
2014-06-11 10:52 - 2014-06-11 10:52 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-11 10:52 - 2014-06-11 10:52 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-11 10:36 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-11 10:16 - 2014-06-11 10:16 - 00021517 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_10_16_44.dmp
2014-06-11 10:07 - 2014-06-11 10:07 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_10_7_1.dmp
2014-06-11 09:55 - 2014-06-11 09:55 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_9_55_13.dmp
2014-06-11 09:34 - 2014-06-11 08:48 - 00000000 ____D () C:\Windows\erdnt
2014-06-11 09:18 - 2014-06-11 09:18 - 00021476 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_9_18_0.dmp
2014-06-11 09:16 - 2009-07-14 04:34 - 29097984 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-06-11 09:16 - 2009-07-14 04:34 - 100925440 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-06-11 09:16 - 2009-07-14 04:34 - 02359296 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-06-11 09:16 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-06-11 09:16 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-06-11 08:55 - 2014-06-05 09:20 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-06-11 08:52 - 2014-06-10 17:14 - 00001266 _____ () C:\Users\switte\Desktop\Revo Uninstaller.lnk
2014-06-11 08:52 - 2014-06-10 17:14 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-11 08:45 - 2014-06-11 08:45 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_8_45_44.dmp
2014-06-10 17:13 - 2014-06-10 17:13 - 05205915 ____R (Swearware) C:\Users\switte\Desktop\ComboFix.exe
2014-06-10 16:04 - 2012-01-11 10:41 - 00000064 _____ () C:\Windows\SysWOW64\rp_stats.dat
2014-06-10 16:04 - 2012-01-11 10:41 - 00000044 _____ () C:\Windows\SysWOW64\rp_rules.dat
2014-06-10 15:50 - 2014-06-10 15:50 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_10_15_50_47.dmp
2014-06-05 09:13 - 2014-06-03 16:45 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe
2014-06-05 09:13 - 2013-08-23 12:27 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2014-06-05 09:06 - 2014-06-05 09:05 - 00020572 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_5_9_5_59.dmp
2014-06-05 09:02 - 2014-06-05 09:00 - 00000000 ____D () C:\Users\Installs
2014-06-05 09:01 - 2014-06-05 09:01 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_5_9_1_32.dmp
2014-06-05 09:00 - 2014-06-05 09:00 - 00000020 ___SH () C:\Users\Installs\ntuser.ini
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Vorlagen
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Startmenü
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Netzwerkumgebung
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Lokale Einstellungen
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Eigene Dateien
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Druckumgebung
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Documents\Eigene Musik
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Documents\Eigene Bilder
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\AppData\Local\Verlauf
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\AppData\Local\Anwendungsdaten
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Anwendungsdaten
2014-06-04 19:37 - 2014-06-04 19:37 - 00000000 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_19_37_8.dmp
2014-06-04 13:51 - 2010-10-20 12:08 - 00000000 ____D () C:\TEMP
2014-06-04 11:18 - 2010-11-02 15:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-04 11:18 - 2010-10-20 09:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-06-04 11:04 - 2013-08-23 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft Ad-Aware SE Personal
2014-06-04 10:31 - 2010-10-14 13:51 - 00000000 ____D () C:\Users\switte\AppData\Local\VirtualStore
2014-06-04 10:24 - 2014-06-04 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-06-04 10:24 - 2013-08-23 13:47 - 00002068 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-06-04 09:38 - 2014-06-04 09:38 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_9_38_5.dmp
2014-06-04 09:07 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-04 08:50 - 2014-06-04 08:50 - 00020572 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_8_50_29.dmp
2014-06-04 08:40 - 2014-06-04 08:40 - 00020474 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_8_40_3.dmp
2014-06-04 08:21 - 2014-06-04 08:21 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_8_21_31.dmp
2014-06-03 16:45 - 2014-06-03 16:45 - 00000000 ____D () C:\Users\switte\AppData\Roaming\Ad-Aware Antivirus
2014-06-03 16:45 - 2013-08-23 12:30 - 00000000 ____D () C:\Users\switte\AppData\Roaming\LavasoftStatistics
2014-06-03 16:41 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-03 16:40 - 2011-05-10 16:37 - 00000179 _____ () C:\Windows\fileinfo.ini
2014-06-03 16:36 - 2014-06-03 16:36 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_3_16_36_54.dmp
2014-06-03 12:58 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-06-03 12:51 - 2014-06-03 12:50 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_3_12_50_59.dmp
2014-06-03 12:46 - 2010-11-22 12:57 - 00000000 ____D () C:\Users\switte\AppData\Roaming\VMware
2014-06-03 12:46 - 2010-11-22 12:57 - 00000000 ____D () C:\Users\switte\AppData\Local\VMware
2014-06-03 11:18 - 2011-01-14 16:09 - 00000033 _____ () C:\Windows\unicon.ini
2014-06-03 10:03 - 2014-06-03 10:03 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_3_10_3_19.dmp
2014-06-02 17:54 - 2010-10-09 02:06 - 00003438 _____ () C:\Windows\TMFilter.log
2014-05-27 14:48 - 2014-05-27 14:28 - 00000000 ____D () C:\Users\switte\AppData\Roaming\ICAClient
2014-05-27 14:28 - 2014-05-27 14:28 - 01356664 _____ () C:\Windows\system32\SearchDonkey.E3E38E2B3C8C.2.6.80.dll
2014-05-27 14:28 - 2014-05-27 14:28 - 00000000 ____D () C:\Users\switte\AppData\Local\Citrix
2014-05-27 14:28 - 2014-05-27 14:28 - 00000000 ____D () C:\ProgramData\Citrix
2014-05-27 14:28 - 2014-05-27 14:28 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-05-27 14:23 - 2014-05-27 14:23 - 01161080 _____ () C:\Windows\SysWOW64\SearchDonkey.E3E38E2B3C8C.2.6.80.dll
2014-05-26 08:58 - 2014-05-26 08:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
2014-05-26 08:55 - 2014-05-26 08:55 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_26_8_55_51.dmp
2014-05-22 16:56 - 2010-10-09 02:04 - 00000000 ____D () C:\ProgramData\Temp
2014-05-22 14:42 - 2010-10-20 09:17 - 00000000 ____D () C:\KUNDEN
2014-05-22 08:56 - 2014-05-22 08:56 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_22_8_56_14.dmp
2014-05-21 12:31 - 2014-05-20 09:36 - 00000000 ____D () C:\ProLeiS3
2014-05-21 08:11 - 2013-03-20 15:46 - 00001639 _____ () C:\Users\Public\Desktop\ProLeiS3.lnk
2014-05-20 17:52 - 2011-01-12 16:28 - 00014837 _____ () C:\Windows\SysWOW64\sqlnet.log
2014-05-20 12:50 - 2014-05-20 12:50 - 00000000 ____D () C:\Program Files\7-Zip
2014-05-20 12:13 - 2009-07-14 19:58 - 00714260 _____ () C:\Windows\system32\perfh007.dat
2014-05-20 12:13 - 2009-07-14 19:58 - 00154056 _____ () C:\Windows\system32\perfc007.dat
2014-05-20 12:13 - 2009-07-14 07:13 - 01659812 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-20 10:49 - 2014-05-20 10:49 - 00000018 _____ () C:\Users\switte\Desktop\testtest.wzip.txt
2014-05-20 09:38 - 2014-05-20 09:38 - 00001674 _____ () C:\Users\Public\Desktop\ProLeiS3_TEST.lnk
2014-05-20 09:37 - 2014-05-20 09:36 - 00000000 ____D () C:\ProLeiS3_TEST
2014-05-20 09:15 - 2014-05-20 09:15 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_20_9_15_36.dmp
2014-05-19 12:29 - 2011-03-22 15:57 - 00000000 ____D () C:\Users\switte\EurekaLog
2014-05-15 15:15 - 2014-05-15 15:15 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_15_15_15_4.dmp
2014-05-15 15:09 - 2013-07-23 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 15:04 - 2010-10-20 10:36 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 10:18 - 2011-04-06 13:53 - 00000000 ____D () C:\IDGmbH
2014-05-13 09:38 - 2014-05-13 09:38 - 00020572 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_13_9_38_35.dmp

Some content of TEMP:
====================
C:\Users\switte\AppData\Local\Temp\AHOI.exe
C:\Users\switte\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-10 17:55

==================== End Of Log ============================
--- --- ---


schönen Gruß

schrauber 12.06.2014 11:47

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

jean-pauli 13.06.2014 08:34
HI
Sieht schon alles besser aus: Mein Internet funktioniert wieder! Avira hat sich upgedated, meldet aber immer noch das selbe.
Hier mal die letzten Logs:

Code:
C:\Windows\SysWOW64\SearchDonkey.E3E38E2B3C8C.2.6.80.dll        Variante von MSIL/Adware.PullUpdate.C Anwendung       
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\SearchDonkey.E3E38E2B3C8C.2.6.80.dll        Variante von MSIL/Adware.PullUpdate.C Anwendung       
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\SearchDonkey.exe        Variante von MSIL/Adware.PullUpdate.D Anwendung       
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\SearchDonkeyService.exe        Variante von MSIL/Adware.PullUpdate.A Anwendung       
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\monetizationLoader[1].js        JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung       
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\retargeting_bi_m[1].js        JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung       
C:\Installs\eac-0.99pb5.exe        Win32/Adware.ADON evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\TEMP\angelsGB\mailcheck.php        PHP/Agent.NAF Trojaner        Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\switte\Documents\Angels\Homepage\gb\gb\mailcheck.php        PHP/Agent.NAF Trojaner        Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\switte\Documents\Downloads\Integrated_FreewareDE.exe        Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Users\switte\Downloads\FreeYouTubeToMP3Converter.exe        Win32/Toolbar.Conduit evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Users\switte\Downloads\FreeYouTubeToMP3Converter31015.exe        Win32/Toolbar.Conduit evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Users\switte\Downloads\setup (1).exe        Win32/OutBrowse.G evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Users\switte\Downloads\setup.exe        Win32/Toolbar.Conduit evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Users\switte\Downloads\SoftonicDownloader_fuer_gimp.exe        Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Users\switte\Eigen\Angels\Homepage\angels\mailcheck.php        PHP/Agent.NAF Trojaner        Gesäubert durch Löschen - in Quarantäne kopiert
C:\Windows\System32\SearchDonkey.E3E38E2B3C8C.2.6.80.dll        Variante von MSIL/Adware.PullUpdate.C Anwendung        Gesäubert durch Löschen - in Quarantäne kopiert
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\SearchDonkey.E3E38E2B3C8C.2.6.80.dll        Variante von MSIL/Adware.PullUpdate.C Anwendung        Gesäubert durch Löschen - in Quarantäne kopiert
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\SearchDonkey.exe        Variante von MSIL/Adware.PullUpdate.D Anwendung        Gesäubert durch Löschen - in Quarantäne kopiert
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\SearchDonkeyService.exe        Variante von MSIL/Adware.PullUpdate.A Anwendung        Gesäubert durch Löschen - in Quarantäne kopiert
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\monetizationLoader[1].js        JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\retargeting_bi_m[1].js        JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung        gelöscht - in Quarantäne kopiert
Code:
Results of screen317's Security Check version 0.99.83 
 Windows 7  x64 (UAC is disabled!) 
 Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java(TM) 6 Update 13 
 Java(TM) 6 Update 29 
 Java version out of Date!
  Adobe Flash Player 11.6.602.180 Flash Player out of Date! 
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox 5.0 Firefox out of Date! 
 Google Chrome 35.0.1916.153 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Avira Antivir avguard.exe
 Malwarebytes Anti-Malware mbamscheduler.exe 
 Trend Micro Client Server Security Agent ntrtscan.exe 
 Trend Micro Client Server Security Agent HostedAgent svcGenericHost.exe
 Trend Micro Client Server Security Agent tmlisten.exe 
 Trend Micro Client Server Security Agent HostedAgent HostedAgent.exe
 Trend Micro Client Server Security Agent TmProxy.exe 
 Trend Micro Client Server Security Agent TmPfw.exe 
 Trend Micro Client Server Security Agent CNTAoSMgr.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 01
Ran by switte (administrator) on SARDELLE on 13-06-2014 09:33:38
Running from C:\Users\switte\Desktop
Platform: Windows 7 Professional (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\stacsv64.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\app\Quest Software\Benchmark Factory for Databases\Repository\MySQL\bin\mysqld-max-nt.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\Ntrtscan.exe
() C:\app\switte\oracle\product\11.1.64\BIN\TNSLSNR.EXE
(Oracle Corporation) C:\app\switte\oracle\product\11.1.64\BIN\oracle.exe
() C:\app\switte\oracle\product\11.1.64\BIN\oravssw.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmListen.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmPfw.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Windows\System32\GfxUI.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
() C:\app\switte\OpenVPN_214\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Stoic Joker's Network) C:\Installs\T-Clock 2010 (build X - Release to DC)\x64\Clock.exe
() C:\Program Files (x86)\Assmann\USB Device Server\Control Center.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Ghisler Software GmbH) C:\Program Files\totalcmd\TOTALCMD.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1894696 2010-01-08] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-04-07] (IDT, Inc.)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [16416360 2010-05-25] (NVIDIA Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-10-09] (Dell Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [DpAgent] => C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [842816 2009-05-13] (DigitalPersona, Inc.)
HKLM-x32\...\Run: [RemoteControl9] => c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-14] (CyberLink Corp.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [147456 2005-05-27] (shbox.de)
HKLM-x32\...\Run: [openvpn-gui] => C:\app\switte\openVPN_214\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe [265216 2010-05-07] ()
HKLM-x32\...\Run: [vmware-tray] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [103536 2011-11-14] (VMware, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [KCodes UDS Control Center] => C:\Program Files (x86)\Assmann\USB Device Server\Control Center.exe [4910592 2011-05-30] ()
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [OfficeScanNT Monitor] => c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe [1705296 2010-06-25] (Trend Micro Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-13] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
AppInit_DLLs: C:\Windows\System32\acaptuser64.dll => C:\Windows\System32\acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\switte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\switte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stoic Joker's T-Clock 2010 x64.lnk
ShortcutTarget: Stoic Joker's T-Clock 2010 x64.lnk -> C:\Installs\T-Clock 2010 (build X - Release to DC)\x64\Clock.exe (Stoic Joker's Network)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {9355D0D8-4BF8-4806-9920-403C40F0731F} URL =
SearchScopes: HKCU - {434883DB-E43C-4C66-BF09-FDAD12DB7BDD} URL =
SearchScopes: HKCU - {9355D0D8-4BF8-4806-9920-403C40F0731F} URL =
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
BHO: DigitalPersona Fingerprint Software Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: DigitalPersona Fingerprint Software Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\app\Quest Software\Toad for Oracle\RNetPin.dll ()
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (Trend Micro Inc.)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 172.16.2.23 172.16.2.12
Tcpip\..\Interfaces\{6F492E79-597B-42E2-BB2C-979E0743CB83}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{DC0F0ABD-B6BC-49A6-9F0E-549159AD00A8}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Users\switte\AppData\Roaming\Mozilla\Firefox\Profiles\iknf3a13.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\app\switte\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\app\switte\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @MagellanGPS.com/CommunicationPlugin - C:\Program Files (x86)\Magellan\Magellan Communicator\npMgnPlg.dll (Magellan Navigation, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\switte\AppData\Roaming\mozilla\plugins\npMeetingJoinPluginAOCUser.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ []
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF Extension: Trend Micro NSC Firefox Extension - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2010-10-09]
FF HKLM-x32\...\Firefox\Extensions: [fe_9.0@nokia.com] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0
FF Extension: Firefox Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012-05-24]
FF HKLM-x32\...\Thunderbird\Extensions: [te_9.0@nokia.com] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012-05-24]
FF HKCU\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2010-10-09]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Instant Retro) - C:\Users\switte\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlahmeejnbkdnjnckboeglpfmjbfmopp [2011-09-16]
CHR Extension: (Google Wallet) - C:\Users\switte\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-06-13] (Avira Operations GmbH & Co. KG)
R2 BMFMySQL; C:\app\Quest Software\Benchmark Factory for Databases\Repository\MySQL\bin\mysqld-max-nt.exe [4431872 2005-10-23] () [File not signed]
R2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed]
S3 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]
R2 DpHost; C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe [322624 2009-05-13] (DigitalPersona, Inc.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2012-10-12] (Macrovision Europe Ltd.) [File not signed]
R2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 ntrtscan; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe [1835912 2010-06-22] (Trend Micro Inc.)
S3 OpenVPNService; C:\app\switte\openVPN_214\Astaro\Astaro SSL VPN Client\bin\openvpnserv.exe [39936 2010-05-07] () [File not signed]
S2 OracleDBConsoleIDGMBH; c:\app\switte\oracle\product\11.1.64\bin\nmesrvc.exe [25600 2007-09-13] (Oracle Corporation) [File not signed]
S3 OracleDEFAULT_HOMEClientCache; C:\oracle\ora81\BIN\ONRSD.EXE [411244 2000-10-19] () [File not signed]
S4 OracleJobSchedulerIDGMBH; c:\app\switte\oracle\product\11.1.64\Bin\extjob.exe [102400 2007-10-03] () [File not signed]
R2 OracleOraDb11g_home2TNSListener; c:\app\switte\oracle\product\11.1.64\ [0 ] () [File not signed]
R2 OracleServiceIDGMBH; c:\app\switte\oracle\product\11.1.64\bin\ORACLE.EXE [89702400 2007-10-03] (Oracle Corporation) [File not signed]
R2 OracleVssWriterIDGMBH; c:\app\switte\oracle\product\11.1.64\bin\OraVSSW.exe [163840 2007-10-03] () [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2013-06-27] (Enigma Software Group USA, LLC.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\STacSV64.exe [247808 2010-04-07] (IDT, Inc.)
R2 svcGenericHost; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [45056 2010-07-05] (Trend Micro Inc.) [File not signed]
R2 tmlisten; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe [2057096 2010-06-22] (Trend Micro Inc.)
R3 TmPfw; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [595960 2009-07-16] (Trend Micro Inc.)
R3 TmProxy; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [917768 2009-07-16] (Trend Micro Inc.)
R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [79872 2011-11-13] (VMware, Inc.) [File not signed]
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [11839488 2011-11-13] () [File not signed]
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-10-09] (Dell Inc.) [File not signed]
S2 OpenVPNAccessClient; C:\app\switte\OpenVPN\core\capiws.exe [X]
S3 Oracle8iClientCache; c:\app\switte\oracle\product\BIN\ONRSD.EXE [X]
S2 OracleMTSRecoveryService; c:\app\switte\oracle\product\11.1.0\bin\omtsreco.exe "OracleMTSRecoveryService" [X]

==================== Drivers (Whitelisted) ====================

R3 AssmannUDSMBus; C:\Windows\SysWow64\Drivers\AssmannUDSMBus.sys [100448 2011-05-06] (Windows (R) Codename Longhorn DDK provider)
S3 AssmannUDSTcpBus; C:\Windows\SysWow64\Drivers\AssmannUDSTcpBus.sys [165472 2011-05-06] (Windows (R) Codename Longhorn DDK provider)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-06-13] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-13] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20552 2010-09-06] (Devguru Co., Ltd)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2014-06-05] (GFI Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [9856 2010-12-02] (Padus, Inc.) [File not signed]
S3 PORTMON; C:\Installs\Sysinternals\PORTMSYS.SYS [28656 2014-06-11] (Systems Internals) [File not signed]
S3 tap0801; C:\Windows\System32\DRIVERS\tap0801.sys [30720 2005-04-13] (The OpenVPN Project) [File not signed]
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-08-03] (The OpenVPN Project)
R2 TmFilter; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [265744 2010-05-11] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [200720 2009-07-16] (Trend Micro Inc.)
R2 TmPreFilter; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [42000 2010-05-11] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2009-07-16] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [339984 2009-07-16] (Trend Micro Inc.)
R2 VSApiNt; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys [2007056 2010-05-11] (Trend Micro Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-13 08:44 - 2014-06-13 08:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2014-06-13 08:42 - 2014-06-13 08:42 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_13_8_42_16.dmp
2014-06-13 08:32 - 2014-06-13 08:32 - 00003619 _____ () C:\Users\switte\Desktop\ESEt.txt
2014-06-12 12:56 - 2014-06-12 12:56 - 02347384 _____ (ESET) C:\Users\switte\Downloads\esetsmartinstaller_deu.exe
2014-06-12 12:56 - 2014-06-12 12:56 - 00854367 _____ () C:\Users\switte\Desktop\SecurityCheck.exe
2014-06-12 11:52 - 2014-06-12 11:52 - 00000000 ____D () C:\Users\switte\Desktop\Desktop6
2014-06-12 11:49 - 2014-06-12 11:49 - 00002249 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-12 11:49 - 2014-06-12 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-12 11:27 - 2014-06-13 09:33 - 00032422 _____ () C:\Users\switte\Desktop\FRST.txt
2014-06-12 11:27 - 2014-06-12 11:27 - 00000000 ____D () C:\Users\switte\Desktop\FRST-OlderVersion
2014-06-12 11:26 - 2014-06-12 11:26 - 00001103 _____ () C:\Users\switte\Desktop\JRT.txt
2014-06-12 11:17 - 2014-06-12 11:17 - 00000000 ____D () C:\Windows\ERUNT
2014-06-12 11:16 - 2014-06-12 11:16 - 00007399 _____ () C:\Users\switte\Desktop\AdwCleaner[S0].txt
2014-06-12 11:14 - 2014-06-12 11:15 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_12_11_14_59.dmp
2014-06-12 11:10 - 2014-06-12 11:12 - 00000000 ____D () C:\AdwCleaner
2014-06-12 11:09 - 2014-06-12 11:09 - 00030874 _____ () C:\Users\switte\Desktop\mbam.txt.txt
2014-06-12 11:05 - 2014-06-12 11:05 - 00020474 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_12_11_5_41.dmp
2014-06-12 10:15 - 2014-06-13 08:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-12 10:15 - 2014-06-12 10:15 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-12 10:15 - 2014-06-12 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-12 10:15 - 2014-06-12 10:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-12 10:15 - 2014-06-12 10:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-12 10:15 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-12 10:15 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-12 10:15 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-12 10:13 - 2014-06-12 10:11 - 01016261 _____ (Thisisu) C:\Users\switte\Desktop\JRT.exe
2014-06-11 17:27 - 2014-06-11 17:27 - 00000000 ___SD () C:\ComboFix
2014-06-11 16:15 - 2014-06-11 16:15 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_16_15_20.dmp
2014-06-11 16:10 - 2014-06-11 16:10 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macrovision
2014-06-11 16:09 - 2014-06-11 16:13 - 00000000 ____D () C:\Users\Administrator\AppData\Local\TSVNCache
2014-06-11 16:09 - 2014-06-11 16:09 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ICAClient
2014-06-11 16:09 - 2014-06-11 16:09 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\DigitalPersona
2014-06-11 16:09 - 2014-06-11 16:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\DigitalPersona
2014-06-11 16:09 - 2014-06-11 16:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Citrix
2014-06-11 16:08 - 2014-06-11 16:08 - 00001441 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-11 16:08 - 2014-06-11 16:08 - 00001407 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-06-11 16:08 - 2014-06-11 16:08 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-11 16:08 - 2014-06-11 16:08 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-06-11 16:07 - 2014-06-11 16:07 - 00020474 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_16_7_31.dmp
2014-06-11 16:06 - 2014-06-11 16:13 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-06-11 16:06 - 2014-06-11 16:08 - 00000000 ____D () C:\Users\Administrator
2014-06-11 16:06 - 2014-06-11 16:06 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-06-11 16:06 - 2013-04-12 16:49 - 00000000 ____D () C:\Users\Administrator\Documents\Visual Studio 2010
2014-06-11 16:06 - 2013-04-12 16:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Help
2014-06-11 16:06 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-11 16:06 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-11 14:49 - 2014-06-11 14:49 - 00001148 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-11 14:49 - 2014-06-11 14:49 - 00001136 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-11 14:49 - 2014-06-11 14:49 - 00000000 ____D () C:\Users\switte\AppData\Local\Mozilla
2014-06-11 11:32 - 2014-06-11 11:32 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_11_32_38.dmp
2014-06-11 10:52 - 2014-06-11 10:52 - 00032313 _____ () C:\ComboFix.txt
2014-06-11 10:52 - 2014-06-11 10:52 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-11 10:52 - 2014-06-11 10:52 - 00000000 ____D () C:\Users\Installs\AppData\Local\temp
2014-06-11 10:52 - 2014-06-11 10:52 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-11 10:52 - 2014-06-11 10:52 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-11 10:16 - 2014-06-11 10:16 - 00021517 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_10_16_44.dmp
2014-06-11 10:07 - 2014-06-11 10:07 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_10_7_1.dmp
2014-06-11 09:55 - 2014-06-11 09:55 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_9_55_13.dmp
2014-06-11 09:18 - 2014-06-11 09:18 - 00021476 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_9_18_0.dmp
2014-06-11 09:00 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-11 09:00 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-11 09:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-11 09:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-11 09:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-11 09:00 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-11 09:00 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-11 09:00 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-11 08:49 - 2014-06-11 17:27 - 00000000 ____D () C:\Qoobox
2014-06-11 08:48 - 2014-06-11 09:34 - 00000000 ____D () C:\Windows\erdnt
2014-06-11 08:45 - 2014-06-11 08:45 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_8_45_44.dmp
2014-06-10 17:14 - 2014-06-11 08:52 - 00001266 _____ () C:\Users\switte\Desktop\Revo Uninstaller.lnk
2014-06-10 17:14 - 2014-06-11 08:52 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-10 17:13 - 2014-06-10 17:13 - 05205915 ____R (Swearware) C:\Users\switte\Desktop\ComboFix.exe
2014-06-10 16:00 - 2014-06-13 09:33 - 00000000 ____D () C:\FRST
2014-06-10 15:59 - 2014-06-12 11:27 - 02081792 _____ (Farbar) C:\Users\switte\Desktop\FRST64.exe
2014-06-10 15:50 - 2014-06-10 15:50 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_10_15_50_47.dmp
2014-06-05 09:20 - 2014-06-11 08:55 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-06-05 09:05 - 2014-06-05 09:06 - 00020572 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_5_9_5_59.dmp
2014-06-05 09:01 - 2014-06-05 09:01 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_5_9_1_32.dmp
2014-06-05 09:00 - 2014-06-05 09:02 - 00000000 ____D () C:\Users\Installs
2014-06-05 09:00 - 2014-06-05 09:00 - 00000020 ___SH () C:\Users\Installs\ntuser.ini
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Vorlagen
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Startmenü
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Netzwerkumgebung
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Lokale Einstellungen
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Eigene Dateien
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Druckumgebung
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Documents\Eigene Musik
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Documents\Eigene Bilder
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\AppData\Local\Verlauf
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\AppData\Local\Anwendungsdaten
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Anwendungsdaten
2014-06-05 09:00 - 2013-04-12 16:49 - 00000000 ____D () C:\Users\Installs\Documents\Visual Studio 2010
2014-06-05 09:00 - 2013-04-12 16:46 - 00000000 ____D () C:\Users\Installs\AppData\Local\Microsoft Help
2014-06-05 09:00 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Installs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-05 09:00 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Installs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-04 19:37 - 2014-06-04 19:37 - 00000000 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_19_37_8.dmp
2014-06-04 10:24 - 2014-06-04 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-06-04 09:38 - 2014-06-04 09:38 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_9_38_5.dmp
2014-06-04 08:50 - 2014-06-04 08:50 - 00020572 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_8_50_29.dmp
2014-06-04 08:40 - 2014-06-04 08:40 - 00020474 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_8_40_3.dmp
2014-06-04 08:21 - 2014-06-04 08:21 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_8_21_31.dmp
2014-06-03 16:45 - 2014-06-05 09:13 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe
2014-06-03 16:45 - 2014-06-03 16:45 - 00000000 ____D () C:\Users\switte\AppData\Roaming\Ad-Aware Antivirus
2014-06-03 16:36 - 2014-06-03 16:36 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_3_16_36_54.dmp
2014-06-03 12:50 - 2014-06-03 12:51 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_3_12_50_59.dmp
2014-06-03 10:03 - 2014-06-03 10:03 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_3_10_3_19.dmp
2014-05-27 14:28 - 2014-05-27 14:48 - 00000000 ____D () C:\Users\switte\AppData\Roaming\ICAClient
2014-05-27 14:28 - 2014-05-27 14:28 - 01356664 _____ () C:\Windows\system32\SearchDonkey.E3E38E2B3C8C.2.6.80.dll
2014-05-27 14:28 - 2014-05-27 14:28 - 00000000 ____D () C:\Users\switte\AppData\Local\Citrix
2014-05-27 14:28 - 2014-05-27 14:28 - 00000000 ____D () C:\ProgramData\Citrix
2014-05-27 14:28 - 2014-05-27 14:28 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-05-27 14:19 - 2010-03-15 12:31 - 00165376 _____ () C:\Windows\SysWOW64\unrar.dll
2014-05-26 08:58 - 2014-05-26 08:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
2014-05-26 08:55 - 2014-05-26 08:55 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_26_8_55_51.dmp
2014-05-22 08:56 - 2014-05-22 08:56 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_22_8_56_14.dmp
2014-05-20 12:50 - 2014-05-20 12:50 - 00000000 ____D () C:\Program Files\7-Zip
2014-05-20 10:49 - 2014-05-20 10:49 - 00000018 _____ () C:\Users\switte\Desktop\testtest.wzip.txt
2014-05-20 09:38 - 2014-05-20 09:38 - 00001674 _____ () C:\Users\Public\Desktop\ProLeiS3_TEST.lnk
2014-05-20 09:36 - 2014-05-21 12:31 - 00000000 ____D () C:\ProLeiS3
2014-05-20 09:36 - 2014-05-20 09:37 - 00000000 ____D () C:\ProLeiS3_TEST
2014-05-20 09:15 - 2014-05-20 09:15 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_20_9_15_36.dmp
2014-05-15 15:15 - 2014-05-15 15:15 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_15_15_15_4.dmp

==================== One Month Modified Files and Folders =======

2014-06-13 09:33 - 2014-06-12 11:27 - 00032422 _____ () C:\Users\switte\Desktop\FRST.txt
2014-06-13 09:33 - 2014-06-10 16:00 - 00000000 ____D () C:\FRST
2014-06-13 09:33 - 2010-10-14 13:50 - 00000000 ____D () C:\Users\switte\AppData\Local\Temp
2014-06-13 08:54 - 2014-06-12 10:15 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-13 08:50 - 2009-07-14 06:45 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-13 08:50 - 2009-07-14 06:45 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-13 08:44 - 2014-06-13 08:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2014-06-13 08:44 - 2010-10-25 13:00 - 00000000 ____D () C:\Users\switte\AppData\Local\TSVNCache
2014-06-13 08:44 - 2010-10-09 02:04 - 00000031 _____ () C:\tmuninst.ini
2014-06-13 08:42 - 2014-06-13 08:42 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_13_8_42_16.dmp
2014-06-13 08:42 - 2010-11-22 12:53 - 00000000 ____D () C:\ProgramData\VMware
2014-06-13 08:41 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-13 08:40 - 2010-10-08 18:34 - 00852142 _____ () C:\Windows\PFRO.log
2014-06-13 08:40 - 2009-07-14 06:51 - 00127029 _____ () C:\Windows\setupact.log
2014-06-13 08:39 - 2009-07-14 07:10 - 01890257 _____ () C:\Windows\WindowsUpdate.log
2014-06-13 08:35 - 2013-08-23 13:47 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-13 08:35 - 2013-08-23 13:47 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-13 08:32 - 2014-06-13 08:32 - 00003619 _____ () C:\Users\switte\Desktop\ESEt.txt
2014-06-12 18:05 - 2010-10-14 14:15 - 00000000 ____D () C:\Installs
2014-06-12 14:44 - 2011-05-18 09:56 - 00000000 ____D () C:\Users\switte\AppData\Roaming\Skype
2014-06-12 12:56 - 2014-06-12 12:56 - 02347384 _____ (ESET) C:\Users\switte\Downloads\esetsmartinstaller_deu.exe
2014-06-12 12:56 - 2014-06-12 12:56 - 00854367 _____ () C:\Users\switte\Desktop\SecurityCheck.exe
2014-06-12 11:54 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-06-12 11:52 - 2014-06-12 11:52 - 00000000 ____D () C:\Users\switte\Desktop\Desktop6
2014-06-12 11:49 - 2014-06-12 11:49 - 00002249 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-12 11:49 - 2014-06-12 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-12 11:49 - 2010-10-25 13:32 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-12 11:29 - 2010-10-14 20:57 - 00000000 ____D () C:\tauschen
2014-06-12 11:27 - 2014-06-12 11:27 - 00000000 ____D () C:\Users\switte\Desktop\FRST-OlderVersion
2014-06-12 11:27 - 2014-06-10 15:59 - 02081792 _____ (Farbar) C:\Users\switte\Desktop\FRST64.exe
2014-06-12 11:26 - 2014-06-12 11:26 - 00001103 _____ () C:\Users\switte\Desktop\JRT.txt
2014-06-12 11:17 - 2014-06-12 11:17 - 00000000 ____D () C:\Windows\ERUNT
2014-06-12 11:16 - 2014-06-12 11:16 - 00007399 _____ () C:\Users\switte\Desktop\AdwCleaner[S0].txt
2014-06-12 11:15 - 2014-06-12 11:14 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_12_11_14_59.dmp
2014-06-12 11:12 - 2014-06-12 11:10 - 00000000 ____D () C:\AdwCleaner
2014-06-12 11:09 - 2014-06-12 11:09 - 00030874 _____ () C:\Users\switte\Desktop\mbam.txt.txt
2014-06-12 11:05 - 2014-06-12 11:05 - 00020474 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_12_11_5_41.dmp
2014-06-12 10:37 - 2010-11-11 10:18 - 00002064 ____H () C:\Users\switte\Documents\Default.rdp
2014-06-12 10:15 - 2014-06-12 10:15 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-12 10:15 - 2014-06-12 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-12 10:15 - 2014-06-12 10:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-12 10:15 - 2014-06-12 10:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-12 10:11 - 2014-06-12 10:13 - 01016261 _____ (Thisisu) C:\Users\switte\Desktop\JRT.exe
2014-06-11 17:27 - 2014-06-11 17:27 - 00000000 ___SD () C:\ComboFix
2014-06-11 17:27 - 2014-06-11 08:49 - 00000000 ____D () C:\Qoobox
2014-06-11 16:15 - 2014-06-11 16:15 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_16_15_20.dmp
2014-06-11 16:13 - 2014-06-11 16:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\TSVNCache
2014-06-11 16:13 - 2014-06-11 16:06 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-06-11 16:10 - 2014-06-11 16:10 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macrovision
2014-06-11 16:09 - 2014-06-11 16:09 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ICAClient
2014-06-11 16:09 - 2014-06-11 16:09 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\DigitalPersona
2014-06-11 16:09 - 2014-06-11 16:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\DigitalPersona
2014-06-11 16:09 - 2014-06-11 16:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Citrix
2014-06-11 16:08 - 2014-06-11 16:08 - 00001441 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-11 16:08 - 2014-06-11 16:08 - 00001407 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-06-11 16:08 - 2014-06-11 16:08 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-11 16:08 - 2014-06-11 16:08 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-06-11 16:08 - 2014-06-11 16:06 - 00000000 ____D () C:\Users\Administrator
2014-06-11 16:08 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-11 16:07 - 2014-06-11 16:07 - 00020474 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_16_7_31.dmp
2014-06-11 16:06 - 2014-06-11 16:06 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-06-11 14:49 - 2014-06-11 14:49 - 00001148 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-11 14:49 - 2014-06-11 14:49 - 00001136 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-11 14:49 - 2014-06-11 14:49 - 00000000 ____D () C:\Users\switte\AppData\Local\Mozilla
2014-06-11 14:49 - 2013-08-23 11:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-11 14:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-11 14:22 - 2010-10-14 21:05 - 00000000 ____D () C:\Users\switte\AppData\Local\Google
2014-06-11 11:32 - 2014-06-11 11:32 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_11_32_38.dmp
2014-06-11 11:28 - 2010-10-09 01:45 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-11 11:25 - 2010-12-09 12:09 - 00000000 ____D () C:\Program Files (x86)\Raize
2014-06-11 10:52 - 2014-06-11 10:52 - 00032313 _____ () C:\ComboFix.txt
2014-06-11 10:52 - 2014-06-11 10:52 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-11 10:52 - 2014-06-11 10:52 - 00000000 ____D () C:\Users\Installs\AppData\Local\temp
2014-06-11 10:52 - 2014-06-11 10:52 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-11 10:52 - 2014-06-11 10:52 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-11 10:36 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-11 10:16 - 2014-06-11 10:16 - 00021517 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_10_16_44.dmp
2014-06-11 10:07 - 2014-06-11 10:07 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_10_7_1.dmp
2014-06-11 09:55 - 2014-06-11 09:55 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_9_55_13.dmp
2014-06-11 09:34 - 2014-06-11 08:48 - 00000000 ____D () C:\Windows\erdnt
2014-06-11 09:18 - 2014-06-11 09:18 - 00021476 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_9_18_0.dmp
2014-06-11 09:16 - 2009-07-14 04:34 - 29097984 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-06-11 09:16 - 2009-07-14 04:34 - 100925440 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-06-11 09:16 - 2009-07-14 04:34 - 02359296 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-06-11 09:16 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-06-11 09:16 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-06-11 08:55 - 2014-06-05 09:20 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-06-11 08:52 - 2014-06-10 17:14 - 00001266 _____ () C:\Users\switte\Desktop\Revo Uninstaller.lnk
2014-06-11 08:52 - 2014-06-10 17:14 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-11 08:45 - 2014-06-11 08:45 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_8_45_44.dmp
2014-06-10 17:13 - 2014-06-10 17:13 - 05205915 ____R (Swearware) C:\Users\switte\Desktop\ComboFix.exe
2014-06-10 16:04 - 2012-01-11 10:41 - 00000064 _____ () C:\Windows\SysWOW64\rp_stats.dat
2014-06-10 16:04 - 2012-01-11 10:41 - 00000044 _____ () C:\Windows\SysWOW64\rp_rules.dat
2014-06-10 15:50 - 2014-06-10 15:50 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_10_15_50_47.dmp
2014-06-05 09:13 - 2014-06-03 16:45 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe
2014-06-05 09:13 - 2013-08-23 12:27 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2014-06-05 09:06 - 2014-06-05 09:05 - 00020572 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_5_9_5_59.dmp
2014-06-05 09:02 - 2014-06-05 09:00 - 00000000 ____D () C:\Users\Installs
2014-06-05 09:01 - 2014-06-05 09:01 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_5_9_1_32.dmp
2014-06-05 09:00 - 2014-06-05 09:00 - 00000020 ___SH () C:\Users\Installs\ntuser.ini
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Vorlagen
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Startmenü
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Netzwerkumgebung
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Lokale Einstellungen
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Eigene Dateien
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Druckumgebung
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Documents\Eigene Musik
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Documents\Eigene Bilder
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\AppData\Local\Verlauf
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\AppData\Local\Anwendungsdaten
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Anwendungsdaten
2014-06-04 19:37 - 2014-06-04 19:37 - 00000000 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_19_37_8.dmp
2014-06-04 13:51 - 2010-10-20 12:08 - 00000000 ____D () C:\TEMP
2014-06-04 11:18 - 2010-11-02 15:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-04 11:18 - 2010-10-20 09:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-06-04 11:04 - 2013-08-23 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft Ad-Aware SE Personal
2014-06-04 10:31 - 2010-10-14 13:51 - 00000000 ____D () C:\Users\switte\AppData\Local\VirtualStore
2014-06-04 10:24 - 2014-06-04 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-06-04 10:24 - 2013-08-23 13:47 - 00002068 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-06-04 09:38 - 2014-06-04 09:38 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_9_38_5.dmp
2014-06-04 09:07 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-04 08:50 - 2014-06-04 08:50 - 00020572 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_8_50_29.dmp
2014-06-04 08:40 - 2014-06-04 08:40 - 00020474 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_8_40_3.dmp
2014-06-04 08:21 - 2014-06-04 08:21 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_8_21_31.dmp
2014-06-03 16:45 - 2014-06-03 16:45 - 00000000 ____D () C:\Users\switte\AppData\Roaming\Ad-Aware Antivirus
2014-06-03 16:45 - 2013-08-23 12:30 - 00000000 ____D () C:\Users\switte\AppData\Roaming\LavasoftStatistics
2014-06-03 16:41 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-03 16:40 - 2011-05-10 16:37 - 00000179 _____ () C:\Windows\fileinfo.ini
2014-06-03 16:36 - 2014-06-03 16:36 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_3_16_36_54.dmp
2014-06-03 12:58 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-06-03 12:51 - 2014-06-03 12:50 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_3_12_50_59.dmp
2014-06-03 12:46 - 2010-11-22 12:57 - 00000000 ____D () C:\Users\switte\AppData\Roaming\VMware
2014-06-03 12:46 - 2010-11-22 12:57 - 00000000 ____D () C:\Users\switte\AppData\Local\VMware
2014-06-03 11:18 - 2011-01-14 16:09 - 00000033 _____ () C:\Windows\unicon.ini
2014-06-03 10:03 - 2014-06-03 10:03 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_3_10_3_19.dmp
2014-06-02 17:54 - 2010-10-09 02:06 - 00003438 _____ () C:\Windows\TMFilter.log
2014-05-27 14:48 - 2014-05-27 14:28 - 00000000 ____D () C:\Users\switte\AppData\Roaming\ICAClient
2014-05-27 14:28 - 2014-05-27 14:28 - 01356664 _____ () C:\Windows\system32\SearchDonkey.E3E38E2B3C8C.2.6.80.dll
2014-05-27 14:28 - 2014-05-27 14:28 - 00000000 ____D () C:\Users\switte\AppData\Local\Citrix
2014-05-27 14:28 - 2014-05-27 14:28 - 00000000 ____D () C:\ProgramData\Citrix
2014-05-27 14:28 - 2014-05-27 14:28 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-05-26 08:58 - 2014-05-26 08:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
2014-05-26 08:55 - 2014-05-26 08:55 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_26_8_55_51.dmp
2014-05-22 16:56 - 2010-10-09 02:04 - 00000000 ____D () C:\ProgramData\Temp
2014-05-22 14:42 - 2010-10-20 09:17 - 00000000 ____D () C:\KUNDEN
2014-05-22 08:56 - 2014-05-22 08:56 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_22_8_56_14.dmp
2014-05-21 12:31 - 2014-05-20 09:36 - 00000000 ____D () C:\ProLeiS3
2014-05-21 08:11 - 2013-03-20 15:46 - 00001639 _____ () C:\Users\Public\Desktop\ProLeiS3.lnk
2014-05-20 17:52 - 2011-01-12 16:28 - 00014837 _____ () C:\Windows\SysWOW64\sqlnet.log
2014-05-20 12:50 - 2014-05-20 12:50 - 00000000 ____D () C:\Program Files\7-Zip
2014-05-20 12:13 - 2009-07-14 19:58 - 00714260 _____ () C:\Windows\system32\perfh007.dat
2014-05-20 12:13 - 2009-07-14 19:58 - 00154056 _____ () C:\Windows\system32\perfc007.dat
2014-05-20 12:13 - 2009-07-14 07:13 - 01659812 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-20 10:49 - 2014-05-20 10:49 - 00000018 _____ () C:\Users\switte\Desktop\testtest.wzip.txt
2014-05-20 09:38 - 2014-05-20 09:38 - 00001674 _____ () C:\Users\Public\Desktop\ProLeiS3_TEST.lnk
2014-05-20 09:37 - 2014-05-20 09:36 - 00000000 ____D () C:\ProLeiS3_TEST
2014-05-20 09:15 - 2014-05-20 09:15 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_20_9_15_36.dmp
2014-05-19 12:29 - 2011-03-22 15:57 - 00000000 ____D () C:\Users\switte\EurekaLog
2014-05-15 15:15 - 2014-05-15 15:15 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_15_15_15_4.dmp
2014-05-15 15:09 - 2013-07-23 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 15:04 - 2010-10-20 10:36 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 10:18 - 2011-04-06 13:53 - 00000000 ____D () C:\IDGmbH

Some content of TEMP:
====================
C:\Users\switte\AppData\Local\Temp\AHOI.exe
C:\Users\switte\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-10 17:55

==================== End Of Log ============================
--- --- ---


schönen Gruß

schrauber 14.06.2014 08:53
Java, Flash, Adobe und FIrefox updaten.

Widows updaten, unbedingt, da fehlt ein Servicepack.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM Group Policy restriction on software: C:\Program Files (x86)\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


jean-pauli 16.06.2014 07:52
Anbei

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-06-2014
Ran by switte at 2014-06-16 08:50:45 Run:1
Running from C:\Users\switte\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Program Files (x86)\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION

*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.

==== End of Fixlog =
Du bist KÖNIG!!!!!

Vielen Dank für die umfassende, zielführende und nette Hilfe!!!:singsing:

Schönen Gruß aus Aachen

schrauber 16.06.2014 21:35
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:26 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55