godmoron

Rouge.Win32.Expert Cleaner lässt sich nicht entfernen.

Recommended Posts

Hallo

 

Da ich im Internet nichts über den oben genannten Virus finden kann, und Emisoft die einzige Software ist die diesen Virus anzeigt dacht ich ich frage einfach mal hier im Forum nach. Es gibt anscheinend mehrere dieser Rouge.Win32....... Viren aber diesen "Expert Cleaner" habe ich noch nirgends gefunden. Kann mir jemand helfen diesen zu entfernen. Leider bin ich kein Experte und kann nur die Log File vom letzten Scan mit Emisoft anhängen:

 

Emsisoft Anti-Malware - Version 9.0
Letztes Update: 22.09.2014 17:34:16
Benutzerkonto: Philipp-PC\Philipp

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, Q:\

PUPs-Erkennung: Aus
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn: 22.09.2014 17:45:18
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}  gefunden: Application.InstallTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\{19975B78-1907-4DD6-A437-4C48120F46A4}  gefunden: Application.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\{562B9317-C08A-444A-9482-62080DD851AE}  gefunden: Application.InstallTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}  gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}  gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}  gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}  gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}  gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}  gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A1440EC3-F0FA-407A-B811-DE6668C06D29}  gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}  gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}  gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C815E3DA-0823-49B0-9270-D1771D58B317}  gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E4A994B0-5550-4680-A4C6-B9470B888069}  gefunden: Application.InstallNews (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}  gefunden: Application.InstallNews (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F9EB11AB-9384-4736-9B33-993940F88895}  gefunden: Application.InstallNews (A)
C:\Users\Philipp\AppData\Roaming\dvdvideosoftiehelpers  gefunden: Application.AppInstall (A)
C:\Users\Philipp\AppData\Roaming\dvdvideosoftiehelpers  gefunden: Application.AppInstall (A)
C:\Users\Philipp\AppData\Roaming\getrighttogo  gefunden: Application.AppInstall (A)
C:\Users\Philipp\AppData\Roaming\getrighttogo  gefunden: Application.AppInstall (A)
C:\Users\Philipp\AppData\Roaming\systweak  gefunden: Application.AppInstall (A)
C:\Users\Philipp\AppData\Roaming\systweak  gefunden: Application.AppInstall (A)
C:\Users\Philipp\AppData\Roaming\thinstall  gefunden: Application.AppInstall (A)
C:\Users\Philipp\AppData\Roaming\thinstall  gefunden: Application.AppInstall (A)
C:\ProgramData\babylon  gefunden: Application.AppInstall (A)
C:\ProgramData\systweak  gefunden: Application.AppInstall (A)
C:\ProgramData\trymedia  gefunden: Application.AppInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}  gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\MOVIE2KDOWNLOADER  gefunden: Application.AdReg (A)
Key: HKEY_USERS\S-1-5-21-2723512163-2963705854-2571069048-1001\SOFTWARE\BABSOLUTION  gefunden: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2723512163-2963705854-2571069048-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION  gefunden: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2723512163-2963705854-2571069048-1001\SOFTWARE\SOFTONIC  gefunden: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2723512163-2963705854-2571069048-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC  gefunden: Application.InstallAd (A)
C:\Users\Philipp\AppData\Roaming\BabSolution  gefunden: Application.AppInstall (A)
C:\Users\Philipp\AppData\Roaming\BabSolution  gefunden: Application.AppInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SEC  gefunden: Rogue.Win32.ExpertCleaner (A)
Key: HKEY_USERS\S-1-5-21-2723512163-2963705854-2571069048-1001\SOFTWARE\YAHOOPARTNERTOOLBAR  gefunden: Application.Win32.YTool (A)
Key: HKEY_USERS\S-1-5-21-2723512163-2963705854-2571069048-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\YAHOOPARTNERTOOLBAR  gefunden: Application.Win32.YTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\{09C554C3-109B-483C-A06B-F14172F1A947}  gefunden: Application.InstallDeal (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}  gefunden: Application.InstallTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}  gefunden: Application.InstallTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}  gefunden: Application.InstallTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\ESCORT.DLL  gefunden: Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\ESCORTAPP.DLL  gefunden: Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\ESCORTENG.DLL  gefunden: Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\ESCORTLBR.DLL  gefunden: Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\ESRV.EXE  gefunden: Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\B  gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\PROD.CAP  gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}  gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}  gefunden: Application.AdReg (A)

Gescannt 736699
Gefunden 51

Scan Ende: 23.09.2014 07:32:01
Scan Zeit: 13:46:43

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\PROD.CAP Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\B Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\ESRV.EXE Quarantäne Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\ESCORTLBR.DLL Quarantäne Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\ESCORTENG.DLL Quarantäne Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\ESCORTAPP.DLL Quarantäne Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\ESCORT.DLL Quarantäne Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Quarantäne Application.InstallTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Quarantäne Application.InstallTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Quarantäne Application.InstallTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\{09C554C3-109B-483C-A06B-F14172F1A947} Quarantäne Application.InstallDeal (A)
Key: HKEY_USERS\S-1-5-21-2723512163-2963705854-2571069048-1001\SOFTWARE\YAHOOPARTNERTOOLBAR Quarantäne Application.Win32.YTool (A)
C:\Users\Philipp\AppData\Roaming\BabSolution Quarantäne Application.AppInstall (A)
Key: HKEY_USERS\S-1-5-21-2723512163-2963705854-2571069048-1001\SOFTWARE\SOFTONIC Quarantäne Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2723512163-2963705854-2571069048-1001\SOFTWARE\BABSOLUTION Quarantäne Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\MOVIE2KDOWNLOADER Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Quarantäne Application.AdReg (A)
C:\ProgramData\trymedia Quarantäne Application.AppInstall (A)
C:\ProgramData\systweak Quarantäne Application.AppInstall (A)
C:\ProgramData\babylon Quarantäne Application.AppInstall (A)
C:\Users\Philipp\AppData\Roaming\thinstall Quarantäne Application.AppInstall (A)
C:\Users\Philipp\AppData\Roaming\systweak Quarantäne Application.AppInstall (A)
C:\Users\Philipp\AppData\Roaming\getrighttogo Quarantäne Application.AppInstall (A)
C:\Users\Philipp\AppData\Roaming\dvdvideosoftiehelpers Quarantäne Application.AppInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F9EB11AB-9384-4736-9B33-993940F88895} Quarantäne Application.InstallNews (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA} Quarantäne Application.InstallNews (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E4A994B0-5550-4680-A4C6-B9470B888069} Quarantäne Application.InstallNews (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C815E3DA-0823-49B0-9270-D1771D58B317} Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8} Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC} Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A1440EC3-F0FA-407A-B811-DE6668C06D29} Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2} Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8} Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D} Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731} Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC} Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925} Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\{562B9317-C08A-444A-9482-62080DD851AE} Quarantäne Application.InstallTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\{19975B78-1907-4DD6-A437-4C48120F46A4} Quarantäne Application.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\APPID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983} Quarantäne Application.InstallTool (A)

Quarantäne 42

Gelöscht 0

 

 

Ich verwende MS Security Essentials und die Windows Firewall und als OS habe ich Vista home Premium.

 

Ich würde mich über einen Lösungsweg freuen.....Danke

 

Philipp

Share this post


Link to post
Share on other sites

Hi und Herzlich Willkommen beim Emsisoft Support Forum!

Systemscan mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit

(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)

  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Bitte beide Logfiles in der nächsten Antwort anhängen.

Share this post


Link to post
Share on other sites

Hi Schrauber
 
Danke für die Hilfe. Hier die 2 Log Files. Leider kann ich nichts anhängen daher poste ich's im Threat.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2014
Ran by Philipp (administrator) on PHILIPP-PC on 24-09-2014 10:13:11
Running from C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4X2VB0KP
Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Farbar) C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4X2VB0KP\FRST64[1].exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2723512163-2963705854-2571069048-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2723512163-2963705854-2571069048-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-2723512163-2963705854-2571069048-1001\...\MountPoints2: {d47d2f33-4669-11df-985f-00241dd35124} - E:\MENU.EXE
HKU\S-1-5-21-2723512163-2963705854-2571069048-1001\...\MountPoints2: {dfc5d081-1edc-11e3-8afa-806e6f6e6963} - E:\SETUP.EXE
HKU\S-1-5-21-2723512163-2963705854-2571069048-1001\...\MountPoints2: {dfc5d084-1edc-11e3-8afa-806e6f6e6963} - F:\KMDS.exe
HKU\S-1-5-21-2723512163-2963705854-2571069048-1002\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Netzwerk Server.lnk
ShortcutTarget: Netzwerk Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.alternate.net
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout
SearchScopes: HKCU - {89BDED6F-0931-4D38-ACEE-2601F55B1529} URL = http://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms}
SearchScopes: HKCU - {8C1BCFB2-9234-4036-808A-80AC2861E63A} URL = http://www.google.de/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\a0adobfk.default-1382330580154
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Philipp\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Securita Scout - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\a0adobfk.default-1382330580154\Extensions\[email protected] [2014-04-20]
FF Extension: Speed Test Analysis - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\a0adobfk.default-1382330580154\Extensions\[email protected] [2014-01-04]
FF Extension: Adblock Plus - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\a0adobfk.default-1382330580154\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-21]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-22]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-06-21]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Speed Test Analysis) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb [2013-12-26]
CHR Extension: (Skype Click to Call) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-03-01]
CHR Extension: (Securita Scout) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkilfadjoneaheacgmkahfgcjchkpad [2014-04-20]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4784144 2014-09-22] (Emsisoft GmbH)
S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [160784 2009-07-20] (Logitech, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-12-02] (Nero AG)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-12-12] (Nero AG)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-22] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-05-18] (Emsisoft GmbH)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-26] (Emsisoft GmbH)
R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2006-12-09] (Samsung Electronics)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\WNA1000M.sys [813160 2011-01-31] (Realtek Semiconductor Corporation                           )
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [113704 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [19496 2008-10-21] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [152616 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [133160 2008-10-21] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [34856 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [128552 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [145960 2008-10-21] (MCCI Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2010-12-25] (Sony Ericsson Mobile Communications)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [828912 2010-08-27] () [File not signed]
U3 abccir4v; C:\Windows\System32\Drivers\abccir4v.sys [0 ] (Microsoft Corporation)
S3 ALSysIO; \??\C:\Users\Philipp\AppData\Local\Temp\ALSysIO64.sys [X]
S1 covwossh; \??\C:\Windows\system32\drivers\covwossh.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 10:13 - 2014-09-24 10:13 - 00000000 ____D () C:\FRST
2014-09-23 07:58 - 2014-09-23 07:58 - 00023030 _____ () C:\Users\Philipp\Desktop\Emisoft Report.txt
2014-09-23 07:32 - 2014-09-23 07:32 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-09-22 17:40 - 2014-09-22 17:40 - 00000870 _____ () C:\Windows\PFRO.log
2014-09-22 17:23 - 2014-09-22 17:44 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-22 17:22 - 2014-09-22 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-22 17:22 - 2014-09-22 17:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-22 17:22 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-22 17:22 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-22 08:09 - 2014-09-22 08:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-11 03:16 - 2014-08-19 05:17 - 01491968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 03:16 - 2014-08-19 05:17 - 01147904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 03:16 - 2014-08-19 05:17 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-11 03:16 - 2014-08-19 05:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-09-11 03:16 - 2014-08-19 05:07 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-09-11 03:16 - 2014-08-19 05:03 - 09326592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 03:16 - 2014-08-19 05:03 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 03:16 - 2014-08-19 05:02 - 00742912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 03:16 - 2014-08-19 05:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-11 03:16 - 2014-08-19 04:58 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-09-11 03:16 - 2014-08-19 04:57 - 01538560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 03:16 - 2014-08-19 04:57 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 03:16 - 2014-08-19 04:57 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-11 03:16 - 2014-08-19 04:57 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 03:16 - 2014-08-19 04:57 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 03:16 - 2014-08-19 04:56 - 12473344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 03:16 - 2014-08-19 04:56 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 03:16 - 2014-08-19 04:56 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 03:16 - 2014-08-19 04:56 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-09-11 03:16 - 2014-08-19 04:56 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 03:16 - 2014-08-19 04:55 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2014-09-11 03:16 - 2014-08-19 03:46 - 01214976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 03:16 - 2014-08-19 03:46 - 00916992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 03:16 - 2014-08-19 03:46 - 00105984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-09-11 03:16 - 2014-08-19 03:44 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-09-11 03:16 - 2014-08-19 03:41 - 06003200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 03:16 - 2014-08-19 03:41 - 00630784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2014-09-11 03:16 - 2014-08-19 03:41 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 03:16 - 2014-08-19 03:41 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 03:16 - 2014-08-19 03:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-09-11 03:16 - 2014-08-19 03:40 - 01469440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 03:16 - 2014-08-19 03:40 - 00043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-09-11 03:16 - 2014-08-19 03:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 03:16 - 2014-08-19 03:39 - 11082752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 03:16 - 2014-08-19 03:39 - 02005504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 03:16 - 2014-08-19 03:39 - 00387584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 03:16 - 2014-08-19 03:39 - 00184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-09-11 03:16 - 2014-08-19 03:39 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 03:16 - 2014-08-19 03:39 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-09-11 03:16 - 2014-08-19 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 03:16 - 2014-08-19 03:39 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 03:16 - 2014-08-19 03:38 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\corpol.dll
2014-09-11 03:16 - 2014-08-19 03:36 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-09-11 03:16 - 2014-08-19 02:16 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 03:16 - 2014-08-19 02:15 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 03:16 - 2014-08-19 02:14 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 03:16 - 2014-08-19 02:14 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-11 03:16 - 2014-08-19 02:10 - 00385024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-09-11 03:16 - 2014-08-19 00:33 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2014-09-11 03:16 - 2014-08-19 00:33 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 03:16 - 2014-08-19 00:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-09-11 03:16 - 2014-08-19 00:30 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-06 08:25 - 2014-09-06 08:27 - 00000000 ____D () C:\Users\Philipp\Desktop\Pfauen
2014-09-02 03:00 - 2014-08-23 03:05 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-02 03:00 - 2014-08-23 02:42 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-02 03:00 - 2014-08-23 01:38 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 10:13 - 2014-09-24 10:13 - 00000000 ____D () C:\FRST
2014-09-24 10:11 - 2006-11-02 17:22 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-24 10:11 - 2006-11-02 17:22 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-24 09:39 - 2010-04-05 09:41 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-24 07:55 - 2012-08-10 10:45 - 01768471 _____ () C:\Windows\WindowsUpdate.log
2014-09-23 19:39 - 2010-04-05 09:41 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-23 07:58 - 2014-09-23 07:58 - 00023030 _____ () C:\Users\Philipp\Desktop\Emisoft Report.txt
2014-09-23 07:32 - 2014-09-23 07:32 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-09-23 07:32 - 2012-07-21 15:05 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-09-22 17:47 - 2008-01-21 13:10 - 01577800 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-22 17:47 - 2008-01-21 13:09 - 00678024 _____ () C:\Windows\system32\perfh007.dat
2014-09-22 17:47 - 2008-01-21 13:09 - 00147278 _____ () C:\Windows\system32\perfc007.dat
2014-09-22 17:44 - 2014-09-22 17:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-22 17:42 - 2012-04-16 22:24 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-22 17:42 - 2011-05-15 21:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-22 17:40 - 2014-09-22 17:40 - 00000870 _____ () C:\Windows\PFRO.log
2014-09-22 17:40 - 2014-08-10 21:23 - 00000000 ____D () C:\Program Files\Recuva
2014-09-22 17:40 - 2009-10-15 13:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-22 17:40 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-22 17:38 - 2006-11-02 17:42 - 00032512 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-22 17:35 - 2014-04-20 18:19 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Security System 2
2014-09-22 17:23 - 2010-06-01 09:59 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Malwarebytes
2014-09-22 17:22 - 2014-09-22 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-22 17:22 - 2014-09-22 17:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-22 17:22 - 2013-01-16 12:23 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-22 17:22 - 2010-06-01 09:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-22 17:12 - 2010-03-25 17:26 - 00000000 ____D () C:\Windows\SysWOW64\MAGIX
2014-09-22 17:12 - 2010-03-25 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2014-09-22 17:12 - 2010-03-25 17:26 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-09-22 17:11 - 2010-03-17 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2014-09-22 17:11 - 2006-11-02 14:34 - 00000252 _____ () C:\Windows\system.ini
2014-09-22 16:48 - 2010-03-17 17:44 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-22 12:25 - 2010-03-23 22:36 - 00002677 _____ () C:\Users\Philipp\Desktop\CorelDRAW X3.lnk
2014-09-22 08:42 - 2010-03-17 02:36 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-22 08:09 - 2014-09-22 08:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-11 10:31 - 2013-01-13 13:20 - 00000000 ____D () C:\Users\Philipp\Desktop\Pocoyo
2014-09-11 10:08 - 2010-04-19 11:32 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-09-11 10:04 - 2010-07-30 20:54 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\vlc
2014-09-11 09:58 - 2014-05-26 12:12 - 00000000 ___RD () C:\Users\Philipp\Dropbox
2014-09-11 03:41 - 2014-05-26 12:09 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Dropbox
2014-09-11 03:16 - 2009-10-15 12:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 03:15 - 2010-10-06 16:11 - 01553256 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 03:14 - 2014-05-11 11:17 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-11 03:14 - 2014-05-11 11:16 - 00001826 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-11 03:14 - 2014-05-11 11:16 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-11 03:13 - 2014-05-11 11:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-11 03:13 - 2013-10-24 14:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 03:02 - 2006-11-02 14:35 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-09-06 08:27 - 2014-09-06 08:25 - 00000000 ____D () C:\Users\Philipp\Desktop\Pfauen
2014-09-04 10:14 - 2010-03-17 07:41 - 00020992 _____ () C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-02 03:18 - 2006-11-02 17:21 - 03159848 _____ () C:\Windows\system32\FNTCACHE.DAT

Files to move or delete:
====================
C:\Users\Philipp\FurMark_1.10.5_Setup.exe

Some content of TEMP:
====================
C:\Users\Philipp\AppData\Local\Temp\securitascoutgames_3.exe
C:\Users\Philipp\AppData\Local\Temp\unwise.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-24 07:37

==================== End Of Log ============================

 

 

Und hier die zweite Datei:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-09-2014
Ran by Philipp at 2014-09-24 10:13:55
Running from C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4X2VB0KP
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACDSee Pro 3 (HKLM-x32\...\{1B280FAF-AE10-4E31-A41A-DB3917D651DC}) (Version: 3.0.386 - ACD Systems International Inc.)
Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.5.4 - Adobe Systems) Hidden
Adobe Acrobat 9.5.4 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_954) (Version:  - Adobe Systems Incorporated)
Adobe After Effects CS4 Third Party Content (x32 Version: 9 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_71bc85719badc9942e1198866ee2cbc) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Master Collection (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Dynamiclink Support (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Encore CS4 Codecs (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 Extension - Flash Lite STI others (x32 Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 Professional (HKLM-x32\...\Adobe_a68eec966ce913ddaa63251dc82ed31) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Flash CS4 STI-other (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.4.402.278 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Fonts All (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS4 (x32 Version: 14.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (x32 Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Exporter (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Importer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 Third Party Content (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.4) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Search for Help (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Adobe Soundbooth CS4 Codecs (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (x32 Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
ArchiCAD 13 AUT (HKLM\...\001FFF2FFF13FF00FF0901F00F02F000-R1) (Version:  - )
Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 3.04 - Piriform)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
CorelDRAW Graphics Suite X3 (HKLM-x32\...\_{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}) (Version:  - Corel Corporation)
CorelDRAW Graphics Suite X3 (x32 Version: 13.2 - Corel Corporation) Hidden
DE (x32 Version: 13.0 - Corel Corporation) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
Emsisoft Anti-Malware (HKLM-x32\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 6.6 - Emsisoft GmbH)
FontNav (x32 Version: 5.0 - Corel Corporation) Hidden
Free YouTube to MP3 Converter version 3.11.37.1212 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.37.1212 - DVDVideoSoft Ltd.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Java 2 Runtime Environment, SE v1.4.2 (HKLM-x32\...\{7148F0A8-6813-11D6-A77B-00B0D0142000}) (Version: 1.4.2 - Sun Microsystems, Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
JDownloader (HKLM-x32\...\JDownloader) (Version: 0.89 - AppWork UG (haftungsbeschränkt))
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
MAGIX Web Designer 6 Content (x32 Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Web Designer 6 Download-Version (HKLM-x32\...\MAGIX_MSI_Web_Designer_6) (Version: 6.0.1.12379 - MAGIX AG)
MAGIX Web Designer 6 Download-Version (x32 Version: 6.0.1.12379 - MAGIX AG) Hidden
MAGIX Web Designer 7 Premium Content Pack (x32 Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Web Designer 7 Premium Download-Version (HKLM-x32\...\MAGIX_MSI_Web_Designer_7_Premium) (Version: 7.0.4.16646 - MAGIX AG)
MAGIX Web Designer 7 Premium Download-Version (x32 Version: 7.0.4.16646 - MAGIX AG) Hidden
MAGIX Web Designer MX Premium (HKLM-x32\...\MAGIX_{739FE2DC-0C7E-4A1C-AC6E-46348169E27E}) (Version: 8.0.2.21761 - MAGIX AG)
MAGIX Web Designer MX Premium (Version: 8.0.2.21761 - MAGIX AG) Hidden
MAGIX Web Designer MX Premium Content Pack (Version: 1.1.0.0 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 de)) (Version: 32.0.2 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nero 8 (HKLM-x32\...\{1CA7ACD6-B21B-4240-AA05-4FC55F6E1031}) (Version: 8.3.465 - Nero AG)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NETGEAR WNA1000M Wireless USB 2.0 Adapter (x32 Version: 1.01.10 - NETGEAR) Hidden
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
QuickTime (HKLM-x32\...\{5B09BD67-4C99-46A1-8161-B7208CE18121}) (Version: 7.3.0.70 - Apple Inc.)
Samsung CLP-300 Series (HKLM-x32\...\Samsung CLP-300 Series) (Version:  - Samsung Electronics CO.,LTD)
Schachermayer Warenkorb 2.6a (HKLM-x32\...\ST6UNST #1) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SOAP3 and XML4 (x32 Version: 1.0.0 - Xara - Microsoft) Hidden
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VBA (x32 Version: 6.2 - Corel Corporation) Hidden
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows 7 Upgrade Advisor (HKLM-x32\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Xara Designer Pro 6 (HKLM-x32\...\MAGIX_MSI_XtremePro6) (Version: 6.1.1.13205 - Xara Group Ltd)
Xara Designer Pro 6 (x32 Version: 6.1.1.13205 - Xara Group Ltd) Hidden
Xara Designer Pro 6 Content Pack (x32 Version: 1.0.0.0 - Xara Group Ltd) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2723512163-2963705854-2571069048-1001_Classes\CLSID\{CB58FF32-2539-11D0-BDEE-0020AFE14B84}\localserver32 -> C:\Program Files (x86)\MAGIX\Web Designer MX Premium\WebDesigner.exe (Xara Group Ltd.)
CustomCLSID: HKU\S-1-5-21-2723512163-2963705854-2571069048-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723512163-2963705854-2571069048-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723512163-2963705854-2571069048-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723512163-2963705854-2571069048-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723512163-2963705854-2571069048-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723512163-2963705854-2571069048-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723512163-2963705854-2571069048-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723512163-2963705854-2571069048-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723512163-2963705854-2571069048-1002_Classes\CLSID\{CB58FF31-2539-11D0-BDEE-0020AFE14B84}\localserver32 -> C:\Program Files (x86)\Xara\Xara_Designer_Pro_6\DesignerPro.exe (Xara Group Ltd.)
CustomCLSID: HKU\S-1-5-21-2723512163-2963705854-2571069048-1002_Classes\CLSID\{CB58FF32-2539-11D0-BDEE-0020AFE14B84}\localserver32 -> C:\Program Files (x86)\MAGIX\Web Designer 7 Premium Download-Version\WebDesigner.exe (Xara Group Ltd.)

==================== Restore Points  =========================

04-09-2014 16:56:02 Geplanter Prüfpunkt
05-09-2014 15:36:28 Windows Update
06-09-2014 22:00:01 Geplanter Prüfpunkt
07-09-2014 22:00:01 Geplanter Prüfpunkt
08-09-2014 22:00:01 Geplanter Prüfpunkt
09-09-2014 15:35:55 Windows Update
10-09-2014 22:00:02 Geplanter Prüfpunkt
11-09-2014 01:00:14 Windows Update
11-09-2014 22:00:01 Geplanter Prüfpunkt
12-09-2014 22:00:01 Geplanter Prüfpunkt
13-09-2014 22:00:01 Geplanter Prüfpunkt
14-09-2014 01:52:04 Windows Update
14-09-2014 22:00:01 Geplanter Prüfpunkt
15-09-2014 22:00:01 Geplanter Prüfpunkt
16-09-2014 22:00:01 Geplanter Prüfpunkt
17-09-2014 22:00:02 Geplanter Prüfpunkt
18-09-2014 01:50:15 Windows Update
18-09-2014 22:00:01 Geplanter Prüfpunkt
19-09-2014 22:00:01 Geplanter Prüfpunkt
20-09-2014 22:00:01 Geplanter Prüfpunkt
21-09-2014 22:00:01 Geplanter Prüfpunkt
22-09-2014 01:50:03 Windows Update
22-09-2014 14:47:40 Entfernt CrazyTalk
23-09-2014 08:03:40 Geplanter Prüfpunkt
23-09-2014 22:00:01 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 14:34 - 2010-05-31 23:49 - 00000789 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 activate.adobe.com

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {2D3E4534-6321-41A1-88B9-DEE4E947F6C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-05] (Google Inc.)
Task: {3DF66163-E492-4A72-9E01-D5ADB11CD154} - \{8C3FDD81-7AE0-4605-A46A-2488B179F2A3} No Task File <==== ATTENTION
Task: {43411E3C-B875-43B3-AE8C-E8EC96B3EFA2} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {4EC2D1B8-71EC-4C49-AADB-D7EFDDA382FE} - System32\Tasks\SpottyFiles Update => C:\Program Files (x86)\SpottyFiles\SpottyFilesUpdater.exe
Task: {608AFA0B-B0BA-406E-89A1-E14EC0E2AD15} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-05] (Google Inc.)
Task: {60F7DC69-EE59-431E-BE62-A08532B3D805} - \SaveSense No Task File <==== ATTENTION
Task: {7B9C5631-FFC1-47C1-BC9B-99256234D4C7} - \EPUpdater No Task File <==== ATTENTION
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {A4DAE6F8-64C5-40EC-B0F5-94F5012978DF} - System32\Tasks\{C4055F77-6FC2-49CB-BB8C-6BC61B18556A} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {E205DB9B-9CD5-4F5E-A6E4-1EA83E1E47F6} - System32\Tasks\Advanced System Optimizer => C:\Program Files (x86)\Advanced System Optimizer 3\ASO3.exe
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2006-12-09 04:55 - 2006-12-09 04:55 - 00022016 _____ () C:\Windows\System32\sugg1l6.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-08-26 21:24 - 2009-07-20 12:35 - 00018960 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2010-03-19 19:21 - 2009-07-20 04:00 - 00077824 _____ () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
2014-09-22 17:32 - 2014-09-22 17:32 - 00751680 _____ () C:\Program Files (x86)\Emsisoft Anti-Malware\fw32.dll
2014-09-22 08:09 - 2014-09-22 08:09 - 03734640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-09-22 17:42 - 2014-09-22 17:42 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BrMfcWnd => "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: Kernel and Hardware Abstraction Layer => KHALMNPR.EXE
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Samsung PanelMgr => C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: V0330Mon.exe => C:\Windows\V0330Mon.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/23/2014 07:35:22 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog

Details:
 Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (09/23/2014 07:35:22 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog

Details:
 Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (09/23/2014 07:34:49 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog

Details:
 Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (09/23/2014 07:34:49 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog

Details:
 Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (09/23/2014 07:34:29 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING-BACKUP> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog

Details:
 Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (09/23/2014 07:34:20 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING-BACKUP> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog

Details:
 Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (09/23/2014 07:34:14 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog

Details:
 Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (09/23/2014 07:34:14 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog

Details:
 Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (09/23/2014 07:33:58 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog

Details:
 Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (09/23/2014 07:33:58 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog

Details:
 Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

System errors:
=============
Error: (09/23/2014 05:55:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: 0x80070643Definitionsupdate für Microsoft Security Essentials – KB2310138 (Definition 1.185.933.0){CEBC8411-9A33-4E04-9113-7BA1A77782A9}201

Error: (09/23/2014 05:55:01 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

 Neue Signaturversion:

 Vorherige Signaturversion: 1.185.761.0

 Aktualisierungsquelle: %NT-AUTORITÄT59

 Aktualisierungsphase: 4.6.0305.00

 Quellpfad: 4.6.0305.01

 Signaturtyp: %NT-AUTORITÄT602

 Aktualisierungstyp: %NT-AUTORITÄT604

 Benutzer: NT-AUTORITÄT\SYSTEM

 Aktuelle Modulversion: %NT-AUTORITÄT605

 Vorherige Modulversion: %NT-AUTORITÄT606

 Fehlercode: %NT-AUTORITÄT607

 Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (09/22/2014 05:50:18 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update

Error: (09/22/2014 05:41:50 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (09/22/2014 05:41:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt

Error: (09/22/2014 05:38:08 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Microsoft Antimalware Service

Error: (09/22/2014 05:37:33 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

 Neue Signaturversion:

 Vorherige Signaturversion: 1.185.761.0

 Aktualisierungsquelle: %NT-AUTORITÄT59

 Aktualisierungsphase: 4.6.0305.00

 Quellpfad: 4.6.0305.01

 Signaturtyp: %NT-AUTORITÄT602

 Aktualisierungstyp: %NT-AUTORITÄT604

 Benutzer: NT-AUTORITÄT\SYSTEM

 Aktuelle Modulversion: %NT-AUTORITÄT605

 Vorherige Modulversion: %NT-AUTORITÄT606

 Fehlercode: %NT-AUTORITÄT607

 Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (09/11/2014 03:48:47 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update

Error: (09/11/2014 03:40:13 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (09/11/2014 03:39:25 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt

Microsoft Office Sessions:
=========================
Error: (09/23/2014 07:35:22 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog

Details:
 Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING

Error: (09/23/2014 07:35:22 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog

Details:
 Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING

Error: (09/23/2014 07:34:49 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog

Details:
 Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING

Error: (09/23/2014 07:34:49 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog

Details:
 Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING

Error: (09/23/2014 07:34:29 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog

Details:
 Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING-BACKUP

Error: (09/23/2014 07:34:20 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog

Details:
 Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING-BACKUP

Error: (09/23/2014 07:34:14 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog

Details:
 Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING

Error: (09/23/2014 07:34:14 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog

Details:
 Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING

Error: (09/23/2014 07:33:58 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog

Details:
 Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING

Error: (09/23/2014 07:33:58 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog

Details:
 Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\A0ADOBFK.DEFAULT-1382330580154\SAFEBROWSING

CodeIntegrity Errors:
===================================
  Date: 2014-09-24 10:13:51.522
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-24 10:13:51.414
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-24 10:13:51.304
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-24 10:13:51.188
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-24 10:13:50.968
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-24 10:13:50.858
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-24 10:13:50.751
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-24 10:13:50.630
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-22 18:12:54.042
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-22 18:12:53.907
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

==================== Memory info ===========================

Processor: Intel® Core i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 82%
Total physical RAM: 6134.57 MB
Available physical RAM: 1073.91 MB
Total Pagefile: 12412.65 MB
Available Pagefile: 6835.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:119.25 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (SCH2014-2) (CDROM) (Total:4.07 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 7C687C6C)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

Danke nochmals Philipp

Share this post


Link to post
Share on other sites

Hi,

Logfiles bitte anhängen.

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche, dann Löschen.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[s1].txt.

Share this post


Link to post
Share on other sites

Hi Schrauber.

 

Danke für die genaue Anleitung. Hier die nächste Log Datei.

 

LG Philipp

 

 

# AdwCleaner v3.310 - Bericht erstellt am 25/09/2014 um 12:05:17
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows Vista Home Premium Service Pack 2 (64 bits)
# Benutzername : Philipp - PHILIPP-PC
# Gestartet von : C:\Users\Philipp\Downloads\adwcleaner_3.310.exe
# Option : Löschen

***** [ Dienste ] *****

***** [ Dateien / Ordner ] *****

[!] Ordner Gelöscht : C:\Users\Philipp\AppData\Roaming\Security System 2
[!] Ordner Gelöscht : C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\a0adobfk.default-1382330580154\Extensions\[email protected]

***** [ Tasks ] *****

***** [ Verknüpfungen ] *****

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Browser ] *****

-\\ Internet Explorer v8.0.6001.19561

-\\ Mozilla Firefox v32.0.2 (x86 de)

[ Datei : C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\a0adobfk.default-1382330580154\prefs.js ]

-\\ Google Chrome v

[ Datei : C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [9843 octets] - [11/05/2014 13:26:10]
AdwCleaner[R1].txt - [1463 octets] - [25/09/2014 09:36:50]
AdwCleaner[s0].txt - [8394 octets] - [11/05/2014 20:06:44]
AdwCleaner[s1].txt - [1292 octets] - [25/09/2014 12:05:17]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1352 octets] ##########

Share this post


Link to post
Share on other sites

Sehr schön, jetzt bitte einen frischen Scan mit FRST und Emsisoft AntiMalware machen und beide Logfiles anhängen. Dann entfernen wir noch die Reste :)

Share this post


Link to post
Share on other sites

Hi Schrauber.

 

Hier die 2 Reports:

 

Emsisoft Anti-Malware - Version 9.0
Letztes Update: 22.09.2014 17:34:16
Benutzerkonto: Philipp-PC\Philipp

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, Q:\

PUPs-Erkennung: Aus
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn: 26.09.2014 07:10:07
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SEC  gefunden: Rogue.Win32.ExpertCleaner (A)

Gescannt 733524
Gefunden 1

Scan Ende: 26.09.2014 11:37:45
Scan Zeit: 4:27:38

 

 

 

Und FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-09-2014
Ran by Philipp (administrator) on PHILIPP-PC on 26-09-2014 07:08:41
Running from C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4X2VB0KP
Loaded Profiles: Philipp & UpdatusUser (Available profiles: Philipp & UpdatusUser)
Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4X2VB0KP\FRST64[2].exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2723512163-2963705854-2571069048-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2723512163-2963705854-2571069048-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-2723512163-2963705854-2571069048-1001\...\MountPoints2: {d47d2f33-4669-11df-985f-00241dd35124} - E:\MENU.EXE
HKU\S-1-5-21-2723512163-2963705854-2571069048-1001\...\MountPoints2: {dfc5d081-1edc-11e3-8afa-806e6f6e6963} - E:\SETUP.EXE
HKU\S-1-5-21-2723512163-2963705854-2571069048-1001\...\MountPoints2: {dfc5d084-1edc-11e3-8afa-806e6f6e6963} - F:\KMDS.exe
HKU\S-1-5-21-2723512163-2963705854-2571069048-1002\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Netzwerk Server.lnk
ShortcutTarget: Netzwerk Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.alternate.net
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {89BDED6F-0931-4D38-ACEE-2601F55B1529} URL = http://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms}
SearchScopes: HKCU - {8C1BCFB2-9234-4036-808A-80AC2861E63A} URL = http://www.google.de/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\a0adobfk.default-1382330580154
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Philipp\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Speed Test Analysis - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\a0adobfk.default-1382330580154\Extensions\[email protected] [2014-01-04]
FF Extension: Adblock Plus - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\a0adobfk.default-1382330580154\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-21]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-22]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-06-21]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Speed Test Analysis) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb [2013-12-26]
CHR Extension: (Skype Click to Call) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-03-01]
CHR Extension: (Securita Scout) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkilfadjoneaheacgmkahfgcjchkpad [2014-04-20]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4784144 2014-09-22] (Emsisoft GmbH)
S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [160784 2009-07-20] (Logitech, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-12-02] (Nero AG)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-12-12] (Nero AG)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-22] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-05-18] (Emsisoft GmbH)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-26] (Emsisoft GmbH)
R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2006-12-09] (Samsung Electronics)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\WNA1000M.sys [813160 2011-01-31] (Realtek Semiconductor Corporation                           )
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [113704 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [19496 2008-10-21] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [152616 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [133160 2008-10-21] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [34856 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [128552 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [145960 2008-10-21] (MCCI Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2010-12-25] (Sony Ericsson Mobile Communications)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [828912 2010-08-27] () [File not signed]
U3 aq2bk04b; C:\Windows\System32\Drivers\aq2bk04b.sys [0 ] (Microsoft Corporation)
S3 ALSysIO; \??\C:\Users\Philipp\AppData\Local\Temp\ALSysIO64.sys [X]
S1 covwossh; \??\C:\Windows\system32\drivers\covwossh.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-25 12:09 - 2014-09-25 12:09 - 00001432 _____ () C:\Users\Philipp\Desktop\AdwCleaner[s1].txt
2014-09-25 09:36 - 2014-09-25 09:36 - 01373475 _____ () C:\Users\Philipp\Downloads\adwcleaner_3.310.exe
2014-09-25 03:00 - 2014-09-09 08:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-25 03:00 - 2014-09-09 08:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-24 10:15 - 2014-09-24 10:15 - 00049781 _____ () C:\Users\Philipp\Desktop\Addition.txt
2014-09-24 10:14 - 2014-09-24 10:14 - 00032745 _____ () C:\Users\Philipp\Desktop\FRST.txt
2014-09-24 10:13 - 2014-09-26 07:08 - 00000000 ____D () C:\FRST
2014-09-23 07:58 - 2014-09-23 07:58 - 00023030 _____ () C:\Users\Philipp\Desktop\Emisoft Report.txt
2014-09-23 07:32 - 2014-09-23 07:32 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-09-22 17:40 - 2014-09-25 12:07 - 00001180 _____ () C:\Windows\PFRO.log
2014-09-22 17:23 - 2014-09-22 17:44 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-22 17:22 - 2014-09-22 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-22 17:22 - 2014-09-22 17:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-22 17:22 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-22 17:22 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-22 08:09 - 2014-09-22 08:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-11 03:16 - 2014-08-19 05:17 - 01491968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 03:16 - 2014-08-19 05:17 - 01147904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 03:16 - 2014-08-19 05:17 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-11 03:16 - 2014-08-19 05:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-09-11 03:16 - 2014-08-19 05:07 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-09-11 03:16 - 2014-08-19 05:03 - 09326592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 03:16 - 2014-08-19 05:03 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 03:16 - 2014-08-19 05:02 - 00742912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 03:16 - 2014-08-19 05:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-11 03:16 - 2014-08-19 04:58 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-09-11 03:16 - 2014-08-19 04:57 - 01538560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 03:16 - 2014-08-19 04:57 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 03:16 - 2014-08-19 04:57 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-11 03:16 - 2014-08-19 04:57 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 03:16 - 2014-08-19 04:57 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 03:16 - 2014-08-19 04:56 - 12473344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 03:16 - 2014-08-19 04:56 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 03:16 - 2014-08-19 04:56 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 03:16 - 2014-08-19 04:56 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-09-11 03:16 - 2014-08-19 04:56 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 03:16 - 2014-08-19 04:55 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2014-09-11 03:16 - 2014-08-19 03:46 - 01214976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 03:16 - 2014-08-19 03:46 - 00916992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 03:16 - 2014-08-19 03:46 - 00105984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-09-11 03:16 - 2014-08-19 03:44 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-09-11 03:16 - 2014-08-19 03:41 - 06003200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 03:16 - 2014-08-19 03:41 - 00630784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2014-09-11 03:16 - 2014-08-19 03:41 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 03:16 - 2014-08-19 03:41 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 03:16 - 2014-08-19 03:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-09-11 03:16 - 2014-08-19 03:40 - 01469440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 03:16 - 2014-08-19 03:40 - 00043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-09-11 03:16 - 2014-08-19 03:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 03:16 - 2014-08-19 03:39 - 11082752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 03:16 - 2014-08-19 03:39 - 02005504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 03:16 - 2014-08-19 03:39 - 00387584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 03:16 - 2014-08-19 03:39 - 00184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-09-11 03:16 - 2014-08-19 03:39 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 03:16 - 2014-08-19 03:39 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-09-11 03:16 - 2014-08-19 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 03:16 - 2014-08-19 03:39 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 03:16 - 2014-08-19 03:38 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\corpol.dll
2014-09-11 03:16 - 2014-08-19 03:36 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-09-11 03:16 - 2014-08-19 02:16 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 03:16 - 2014-08-19 02:15 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 03:16 - 2014-08-19 02:14 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 03:16 - 2014-08-19 02:14 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-11 03:16 - 2014-08-19 02:10 - 00385024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-09-11 03:16 - 2014-08-19 00:33 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2014-09-11 03:16 - 2014-08-19 00:33 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 03:16 - 2014-08-19 00:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-09-11 03:16 - 2014-08-19 00:30 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-06 08:25 - 2014-09-06 08:27 - 00000000 ____D () C:\Users\Philipp\Desktop\Pfauen
2014-09-02 03:00 - 2014-08-23 03:05 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-02 03:00 - 2014-08-23 02:42 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-02 03:00 - 2014-08-23 01:38 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-26 06:38 - 2010-04-05 09:41 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-26 06:08 - 2006-11-02 17:22 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-26 06:08 - 2006-11-02 17:22 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-26 03:00 - 2012-08-10 10:45 - 01831603 _____ () C:\Windows\WindowsUpdate.log
2014-09-25 19:39 - 2010-04-05 09:41 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-25 12:32 - 2006-11-02 15:33 - 00000000 ____D () C:\Windows\rescache
2014-09-25 12:14 - 2008-01-21 13:10 - 01577800 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-25 12:14 - 2008-01-21 13:09 - 00678024 _____ () C:\Windows\system32\perfh007.dat
2014-09-25 12:14 - 2008-01-21 13:09 - 00147278 _____ () C:\Windows\system32\perfc007.dat
2014-09-25 12:08 - 2012-07-21 15:05 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-09-25 12:08 - 2009-10-15 13:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-25 12:08 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-25 12:06 - 2006-11-02 17:42 - 00032512 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-25 12:05 - 2014-05-11 13:20 - 00000000 ____D () C:\AdwCleaner
2014-09-22 17:42 - 2012-04-16 22:24 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-22 17:42 - 2011-05-15 21:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-22 17:40 - 2014-08-10 21:23 - 00000000 ____D () C:\Program Files\Recuva
2014-09-22 17:23 - 2010-06-01 09:59 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Malwarebytes
2014-09-22 17:22 - 2013-01-16 12:23 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-22 17:22 - 2010-06-01 09:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-22 17:12 - 2010-03-25 17:26 - 00000000 ____D () C:\Windows\SysWOW64\MAGIX
2014-09-22 17:12 - 2010-03-25 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2014-09-22 17:12 - 2010-03-25 17:26 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-09-22 17:11 - 2010-03-17 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2014-09-22 17:11 - 2006-11-02 14:34 - 00000252 _____ () C:\Windows\system.ini
2014-09-22 16:48 - 2010-03-17 17:44 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-22 12:25 - 2010-03-23 22:36 - 00002677 _____ () C:\Users\Philipp\Desktop\CorelDRAW X3.lnk
2014-09-22 08:42 - 2010-03-17 02:36 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-11 10:31 - 2013-01-13 13:20 - 00000000 ____D () C:\Users\Philipp\Desktop\Pocoyo
2014-09-11 10:08 - 2010-04-19 11:32 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-09-11 10:04 - 2010-07-30 20:54 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\vlc
2014-09-11 09:58 - 2014-05-26 12:12 - 00000000 ___RD () C:\Users\Philipp\Dropbox
2014-09-11 03:41 - 2014-05-26 12:09 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Dropbox
2014-09-11 03:16 - 2009-10-15 12:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 03:15 - 2010-10-06 16:11 - 01553256 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 03:14 - 2014-05-11 11:17 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-11 03:14 - 2014-05-11 11:16 - 00001826 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-11 03:14 - 2014-05-11 11:16 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-11 03:13 - 2014-05-11 11:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-11 03:13 - 2013-10-24 14:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 03:02 - 2006-11-02 14:35 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-09-04 10:14 - 2010-03-17 07:41 - 00020992 _____ () C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-02 03:18 - 2006-11-02 17:21 - 03159848 _____ () C:\Windows\system32\FNTCACHE.DAT

Files to move or delete:
====================
C:\Users\Philipp\FurMark_1.10.5_Setup.exe

Some content of TEMP:
====================
C:\Users\Philipp\AppData\Local\Temp\Quarantine.exe
C:\Users\Philipp\AppData\Local\Temp\securitascoutgames_3.exe
C:\Users\Philipp\AppData\Local\Temp\unwise.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-26 00:45

==================== End Of Log ============================

 

 

Danke Philipp

Share this post


Link to post
Share on other sites

Fix mit FRST

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SEC" /f
Emptytemp: 
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Fix Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

Share this post


Link to post
Share on other sites

Hi Schrauber.

 

Super danke für deine Hilfe. Beim letzten Emisoft Scan hat er keinen Virus mehr gefunden. Hat alles super geklappt. Angehängt noch der letzt Log Report.

 

Danke nochmals

 

Philipp

 

Emsisoft Anti-Malware - Version 9.0
Letztes Update: 22.09.2014 17:34:16
Benutzerkonto: Philipp-PC\Philipp

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, Q:\

PUPs-Erkennung: Aus
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn: 26.09.2014 21:42:20

Gescannt 730646
Gefunden 0

Scan Ende: 27.09.2014 02:38:39
Scan Zeit: 4:56:19

Share this post


Link to post
Share on other sites

Dieses Thema scheint erledigt und wird geschlossen.

Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.