| |
| |||||||
Log-Analyse und Auswertung: svchost.exe greift auf clickhosterseiten zu (im hintergrund)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
23.03.2015, 09:07
| #1 |
 |  svchost.exe greift auf clickhosterseiten zu (im hintergrund) Hallo Gemeinde, Mir ist seit einigen Tagen ungewöhnlicher Traffic in meinen Logs aufgefallen die von meinem System ausgehen. Dies passiert direkt nach dem Systemstart und zieht sich fort. (Es ist nur der PC im LAN Online) Wenn die LAN-Verbindung deaktiviert ist, zeigen sich auch keine auffälligkeiten. Logisch. Es wird auch kein Fenster/Werbung etc. geöffnet wenn die Kontaktversuche stattfinden! Was ich noch beobachten konnte, Seitdem hängt sich auch die komplette taskleiste manchmal für ein paar minuten auf.(aber nicht zu dem genauen Zeitpunkt wo der Verkehr stattfindet). Caches werden täglich mehrmals nach jedem Browserschließen mit ClearProg, und zusätzlich mit CCleaner bereinigt. Flash und Java jeweils auf dem neuesten Stand (tägliche manuelle Prüfung auf updates). Windows/Office Updates jeweils auf aktuellstem Stand, sowie Definitionsfiles entsprechender programme. Was noch Wichtig ist, ist, das diese Clickjackerseiten im Diagnosestart/Abgesicherter Modus nicht aufgerufen werden, trotz internetverbindung/nutzung! Das passiert nur im normalen Startmodus. Zudem öffnet sich auch kein Browser oder derartiges. Mir ist der Traffic lediglich über die Netzwerktools sowie auch Wireshark aufgefallen. Ich hab vorweg schon mal Combofix ausgeführt. Bedauerlicherweise hatte mir Combofix die hosts geleert welche ich z.G. wiederherstellen konnte (und dort fleißig diese clickjackerseiten auf localhost nachtrage), Und noch ein paar weitere files unteranderem Screenshots, eigens angefertigte harmlose logs.. usw. Mein Hauptbrowser, der Firefox ist gründlich abgeriegelt, Kein Caching, Keine Cookies, NoScript, DoNotTrack sowie Ghostery und einige andere erweiterungen. Mir wird dort und in den anderen Browsern auch keine Werbung angezeigt, oder das es diese seiten jemals im browser geöffnet hatte. Da war nichts. Den Firefox mit seinen Erweiterungen können wir ausschließen, da ich diesen als exaktes Abbild auf meinen anderen 3 rechnern auch nutze. Ich Hoffe das wir das problem gemeinsam identifizieren können und lösen, gerne Spende ich dann auch einen kleinen Betrag an euch, wenn wir den Übeltäter beseitigen können! PS: Es ist im Grunde ein sehr gepflegtes und sauberes, ruckelfreies System, Bis jetzt auf den Vorfall. System: i7-3770 auf Windows 7 32bit. bereits Durchgeführte Scan's Code:
ATTFilter PandaSafe LiveCD -Keine funde
Bitdefender LiveCD -Keine funde
Malwarebytes Anti Malware -Keine funde
Malwarebytes Anti-Rootkit -Keine funde
Spybot Search&Destroy -Keine funde
Spyware Terminator 2012 -Keine funde
Microsoft Security Scanner -Keine funde
Zone Alarm Antivirus Extreme -Keine funde
ClamWin Antivirus -Keine funde
TrendMicro RUBotted -Keine Auffälligkeiten
TrendMicro OnlineScanner -Keine deartigen Funde
Detekt -Keine funde
TDDSKiller -Keine funde
BitDefender BootkitRemover -Keine funde
AVG Virus Remover for Bootkit -Keine funde
McAfee Stinger -Keine funde
Und nun die Logs: AdwCleaner-Log Code:
ATTFilter # AdwCleaner v4.112 - Bericht erstellt 23/03/2015 um 03:01:35
# Aktualisiert 09/03/2015 von Xplode
# Datenbank : 2015-03-05.1 [Lokal]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x86)
# Benutzername : * - DSLSERVICE
# Gestarted von : C:\Users\Friedrich\Desktop\Sicherheitsprogramme\adwcleaner_4.112.exe
# Option : Suchlauf
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gefunden : C:\Users\*\AppData\Local\PackageAware
Ordner Gefunden : C:\Windows\Uninstaller
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
Schlüssel Gefunden : HKCU\Software\Headlight
Schlüssel Gefunden : HKCU\Software\Mozilla\Extends
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Schlüssel Gefunden : HKLM\SOFTWARE\Headlight
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\allSnap_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sonic the Hedgehog 4 - Episode II (c) SEGA_is1
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17689
-\\ Mozilla Firefox v36.0.4 (x86 de)
[bmct2hvv.default] - Zeile Gefunden : user_pref("extensions.quick_start.enable_search1", false);
[bmct2hvv.default] - Zeile Gefunden : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
-\\ Chromium v
*************************
AdwCleaner[R0].txt - [2696 Bytes] - [05/07/2014 01:32:15]
AdwCleaner[R10].txt - [2972 Bytes] - [19/03/2015 05:08:27]
AdwCleaner[R11].txt - [3033 Bytes] - [19/03/2015 08:52:58]
AdwCleaner[R12].txt - [2906 Bytes] - [22/03/2015 22:42:07]
AdwCleaner[R13].txt - [1900 Bytes] - [23/03/2015 03:01:35]
AdwCleaner[R1].txt - [2108 Bytes] - [05/07/2014 01:44:43]
AdwCleaner[R2].txt - [2092 Bytes] - [05/07/2014 01:51:47]
AdwCleaner[R3].txt - [2152 Bytes] - [22/07/2014 16:45:56]
AdwCleaner[R4].txt - [2309 Bytes] - [27/08/2014 00:30:24]
AdwCleaner[R5].txt - [2646 Bytes] - [27/08/2014 15:45:37]
AdwCleaner[R6].txt - [2706 Bytes] - [27/08/2014 15:51:46]
AdwCleaner[R7].txt - [2858 Bytes] - [01/09/2014 18:35:30]
AdwCleaner[R8].txt - [2695 Bytes] - [20/12/2014 19:07:20]
AdwCleaner[R9].txt - [2912 Bytes] - [10/03/2015 19:00:19]
AdwCleaner[S0].txt - [2649 Bytes] - [05/07/2014 01:39:52]
AdwCleaner[S1].txt - [2061 Bytes] - [05/07/2014 01:48:59]
AdwCleaner[S2].txt - [2843 Bytes] - [19/03/2015 09:34:59]
########## EOF - C:\AdwCleaner\AdwCleaner[R13].txt - [2668 Bytes] ##########
Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 05:41:47, on 23.03.2015 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17689) FIREFOX: 36.0.4 (x86 de) Boot mode: Normal Running processes: C:\Program Files\EMET 5.1\EMET_Agent.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Virtual CD v10\System\VC10Play.exe C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files\CheckPoint\AKL\AkSA.exe C:\Program Files\Razer\Synapse\RzSynapse.exe C:\Program Files\allSnap\allSnap.exe C:\Windows\explorer.exe C:\Users\Friedrich\Desktop\Sicherheitsprogramme\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll O4 - HKLM\..\Run: [VC10Player] C:\Program Files\Virtual CD v10\System\VC10Play.exe O4 - HKLM\..\Run: [USB3MON] "C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\AKL\AkSA.exe" /icon="hidden" O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files\Razer\Synapse\RzSynapse.exe" O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKCU\..\Run: [DMS-Kalenderchen] "C:\Program Files\Kalenderchen\Kalenderchen.exe" /autorun O4 - Startup: allSnap.lnk = C:\Program Files\allSnap\allSnap.exe O8 - Extra context menu item: Mit GetRight downloaden - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Mit Getright-Browser öffnen - C:\Program Files\GetRight\GRbrowse.htm O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.clonewarsadventures.com O15 - Trusted Zone: *.freerealms.com O15 - Trusted Zone: *.soe.com O15 - Trusted Zone: *.sony.com O17 - HKLM\System\CCS\Services\Tcpip\..\{540DE981-1465-410D-993D-5B1652998DCB}: NameServer = 192.168.44.44 O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: DokanMounter - Unknown owner - C:\Program Files\Paragon Software\Paragon ExtFS for Windows\Dokan\DokanLibrary\mounter.exe O23 - Service: Futuremark SystemInfo Service - Futuremark - C:\Program Files\Futuremark\SystemInfo\FMSISvc.exe O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ZoneAlarm AntiKeylogger IswSvc (IswSvc) - Check Point Software Technologies LTD - C:\Program Files\CheckPoint\AKL\AkSVC.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NetLimiter 3 NDIS driver (nlndis) - Locktime Software - C:\Program Files\NetLimiter Ndis Miniport Service\nlndis.exe O23 - Service: NetLimiter 3 Service (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 3\nlsvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe O23 - Service: OpenVPN Service (OpenVPNService) - The OpenVPN Project - C:\Program Files\OpenVPN\bin\openvpnserv.exe O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files\Origin\OriginClientService.exe O23 - Service: Realtek87B - Realtek - C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: Virtual CD v10 Management Service (VC10SecS) - H+H Software GmbH - C:\Program Files\Virtual CD v10\System\VC10SecS.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe O23 - Service: VMware Workstation Server (VMwareHostd) - Unknown owner - C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies Ltd. - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe O23 - Service: ZoneAlarm AntiTheft - Check Point Software Technologies Ltd. - C:\Program Files\CheckPoint\AntiTheft\Antitheft.exe -- End of file - 7380 bytes Junkware Removal Tool-Log Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.5 (03.17.2015:1)
OS: Windows 7 Professional x86
Ran by Friedrich on 23.03.2015 at 0:18:46,87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [Folder] C:\Users\Friedrich\AppData\Roaming\mozilla\firefox\profiles\bmct2hvv.default\extensions\{ef522540-89f5-46b9-b6fe-1829e2b572c6}
Successfully deleted the following from C:\Users\Friedrich\AppData\Roaming\mozilla\firefox\profiles\bmct2hvv.default\prefs.js
user_pref("extensions.customizegoogle.cookies.SafeSearch", false);
user_pref("extensions.customizegoogle.cookies.enableSafeSearch", false);
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.03.2015 at 0:22:09,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Einige Adressen auf die die svchost zugreift, eigtl immer die gleichen. Code:
ATTFilter 37.220.34.13 www.kesefkal.net
192.64.147.209 www.onlineearningcenter.com
192.64.147.209.voodoo.com
www.ruspromotion.net 69.43.160.178
host.bogiehosting.net
redirector-sjl.enom.com
67.18.22.5 www.megacashclicks.net
141.8.225.80 www.lionclix.com
www.hotrusclick.com 144.76.188.252
uniqwork.com 93.95.100.90
www.theadclick.com 208.73.210.200
www.stormpay.com 98.124.199.1
www.hybridtraffic.com 50.63.202.4
69.64.147.242 www.bulldogsclicks.com
Hostname Methode Pfad User-Agent Antwort-Code Antwort-String Inhaltsart Internetadresse Klientenadresse Serveradresse Herkunft Inhaltscodierung Übertragunscodierung Server Inhaltslänge Verbindung Cache-Steuerung Standort Serverzeit Verfall Letzte Aktualisierung Cookie Abfragezeit Antwortszeit
www.dpx-money.info GET /index.php?refid=7285er Mozilla/5.0 (Macintosh; 3c7; PPC Mac OS X; en-US) AppleWebKit/15e.5 (KHTML, like Geco, Safari) OmniWeb/vc12.de0;1:0 200 OK text/html hxxp://www.dpx-money.info/index.php?refid=7285er 192.168.44.33:1035 94.23.11.202:80 chunked Apache/2.2.23 (Win32) PHP/5.3.27 mod_ssl/2.2.23 OpenSSL/0.9.8x 412 close 22.03.2015 20:45:49 00:00:11.372 49 ms
www.egcash.com GET /index.php?refid=4839d Mozilla/5.0 (Macintosh; 3c7; PPC Mac OS X; en-US) AppleWebKit/15e.5 (KHTML, like Geco, Safari) OmniWeb/vc12.de0;1:0 200 OK text/html; charset=UTF-8 hxxp://www.egcash.com/index.php?refid=4839d 192.168.44.33:1045 72.52.4.121:80 Apache 20578 close post-check=0, pre-check=0 22.03.2015 20:47:44 26.07.1997 05:00:00 22.03.2015 20:47:44 00:02:05.785 128 ms
www.trafficdinar.com GET /signup.php?r=1296d Mozilla/5.0 (Macintosh; 3c7; PPC Mac OS X; en-US) AppleWebKit/15e.5 (KHTML, like Geco, Safari) OmniWeb/vc12.de0;1:0 200 OK text/html; charset=UTF-8 hxxp://www.trafficdinar.com/signup.php?r=1296d 192.168.44.33:1050 72.52.4.119:80 Apache 29288 close post-check=0, pre-check=0 22.03.2015 20:48:21 26.07.1997 05:00:00 22.03.2015 20:48:21 00:02:42.914 31 ms
www.kesefkal.net GET /ru/?refer=557837d Mozilla/5.0 (Macintosh; 3c7; PPC Mac OS X; en-US) AppleWebKit/15e.5 (KHTML, like Geco, Safari) OmniWeb/vc12.de0;1:0 301 Moved Permanently hxxp://www.kesefkal.net/ru/?refer=557837d 192.168.44.33:1052 37.220.34.13:80 Microsoft-IIS/7.5 0 close hxxp://www.xn----miceskz.net:80/ru/?refer=557837d 22.03.2015 20:50:45 00:05:16.832 38 ms
www.ruspromotion.net GET /site/index.php?ref=73425d Mozilla/5.0 (Macintosh; 3c7; PPC Mac OS X; en-US) AppleWebKit/15e.5 (KHTML, like Geco, Safari) OmniWeb/vc12.de0;1:0 302 Found text/html; charset=UTF-8 hxxp://www.ruspromotion.net/site/index.php?ref=73425d 192.168.44.33:1056 69.43.160.178:80 Apache 0 close hxxp://ww1.ruspromotion.net/site/index.php?ref=73425d 22.03.2015 20:51:32 00:05:53.942 256 ms
www.onlineearningcenter.com GET /members/63497d Mozilla/5.0 (Macintosh; 3c7; PPC Mac OS X; en-US) AppleWebKit/15e.5 (KHTML, like Geco, Safari) OmniWeb/vc12.de0;1:0 404 Not Found text/html; charset=UTF-8 hxxp://www.onlineearningcenter.com/members/63497d 192.168.44.33:1063 192.64.147.209:80 Apache/2.2.3 (CentOS) 1455 close no-cache, no-store, must-revalidate, post-check=0, pre-check=0 22.03.2015 20:52:13 31.12.2001 07:32:00 00:06:33.966 245 ms
www.stormpay.com GET /?53867d Mozilla/5.0 (Macintosh; 3c7; PPC Mac OS X; en-US) AppleWebKit/15e.5 (KHTML, like Geco, Safari) OmniWeb/vc12.de0;1:0 302 Found text/html hxxp://www.stormpay.com/?53867d 192.168.44.33:1113 98.124.199.1:80 chunked Redirector/1.0 155 close private hxxp://127.0.0.1/53867d 22.03.2015 20:52:52 00:07:11.179 189 ms
www.theadclick.com GET /pages/index.php?refid=54530d Mozilla/5.0 (Macintosh; 3c7; PPC Mac OS X; en-US) AppleWebKit/15e.5 (KHTML, like Geco, Safari) OmniWeb/vc12.de0;1:0 200 OK text/html; charset=UTF-8 hxxp://www.theadclick.com/pages/index.php?refid=54530d 192.168.44.33:1122 208.73.210.200:80 Apache 946 Keep-Alive 22.03.2015 20:53:26 00:07:48.127 301 ms
www.megacashclicks.net GET /index.php?ref=23486d Mozilla/5.0 (Macintosh; 3c7; PPC Mac OS X; en-US) AppleWebKit/15e.5 (KHTML, like Geco, Safari) OmniWeb/vc12.de0;1:0 404 Not Found text/html; charset=iso-8859-1 hxxp://www.megacashclicks.net/index.php?ref=23486d 192.168.44.33:1151 67.18.22.5:80 nginx 326 close 22.03.2015 20:54:41 00:09:02.259 220 ms
www.lionclix.com GET /index.php?ref=54377d Mozilla/5.0 (Macintosh; 3c7; PPC Mac OS X; en-US) AppleWebKit/15e.5 (KHTML, like Geco, Safari) OmniWeb/vc12.de0;1:0 200 OK text/html; charset=UTF-8 hxxp://www.lionclix.com/index.php?ref=54377d 192.168.44.33:1171 141.8.225.80:80 Apache 894 Keep-Alive 22.03.2015 20:55:18 00:09:39.755 183 ms
www.hotrusclick.com GET /signup.php?r=2783d Mozilla/5.0 (Macintosh; 3c7; PPC Mac OS X; en-US) AppleWebKit/15e.5 (KHTML, like Geco, Safari) OmniWeb/vc12.de0;1:0 200 OK text/html hxxp://www.hotrusclick.com/signup.php?r=2783d 192.168.44.33:1185 144.76.188.252:80 Apache/2 6 close 22.03.2015 20:54:40 00:10:16.446 58 ms
uniqwork.com GET /rjoin.asp?id=63488d Mozilla/5.0 (Macintosh; 3c7; PPC Mac OS X; en-US) AppleWebKit/15e.5 (KHTML, like Geco, Safari) OmniWeb/vc12.de0;1:0 302 Object moved text/html hxxp://uniqwork.com/rjoin.asp?id=63488d 192.168.44.33:1342 93.95.100.90:80 Microsoft-IIS/6.0 129 close private d-ru.asp 22.03.2015 20:57:07 00:11:29.324 192 ms
www.egcash.com GET /index.php?refid=7285er Mozilla/5.0 (Macintosh; 3c7; PPC Mac OS X; en-US) AppleWebKit/15e.5 (KHTML, like Geco, Safari) OmniWeb/vc12.de0;1:0 200 OK text/html; charset=UTF-8 hxxp://www.egcash.com/index.php?refid=7285er 192.168.44.33:1644 72.52.4.121:80 Apache 20579 close post-check=0, pre-check=0 22.03.2015 20:58:23 26.07.1997 05:00:00 22.03.2015 20:58:23 00:12:44.419 53 ms
www.hybridtraffic.com GET /index.php?ref=5534d Mozilla/5.0 (Macintosh; 3c7; PPC Mac OS X; en-US) AppleWebKit/15e.5 (KHTML, like Geco, Safari) OmniWeb/vc12.de0;1:0 302 Found hxxp://www.hybridtraffic.com/index.php?ref=5534d 192.168.44.33:1779 50.63.202.4:80 0 close no-cache /index.php?ref=5534d 00:13:21.772 189 ms
www.bulldogsclicks.com GET /index.php?ref=7285er Mozilla/5.0 (Macintosh; 3c7; PPC Mac OS X; en-US) AppleWebKit/15e.5 (KHTML, like Geco, Safari) OmniWeb/vc12.de0;1:0 200 OK text/html; charset=utf-8 hxxp://www.bulldogsclicks.com/index.php?ref=7285er 192.168.44.33:1868 69.64.147.242:80 Microsoft-IIS/7.5 7109 close no-cache 22.03.2015 20:59:39 00:13:58.592 152 ms
Mozilla/5.0 (Macintosh; 3c7; PPC Mac OS X; en-US) AppleWebKit/15e.5 (KHTML, like Geco, Safari) OmniWeb/vc12.de0 CPU-Auslastung gen 0%, keine anwendungen offen, alles geschlossen! Festplatte ruht. mfg. |
|
23.03.2015, 09:08
| #2 |
| /// the machine /// TB-Ausbilder    |  svchost.exe greift auf clickhosterseiten zu (im hintergrund) hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
23.03.2015, 09:15
| #3 |
| | re Die FRST's hab ich bereits erstellt gehabt.
__________________FRST-Log FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Friedrich (administrator) on DSLSERVICE on 23-03-2015 05:28:41
Running from C:\Users\Friedrich\Desktop
Loaded Profiles: Friedrich (Available profiles: Friedrich)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
() C:\Program Files\Paragon Software\Paragon ExtFS for Windows\Dokan\DokanLibrary\mounter.exe
(Microsoft Corporation) C:\Program Files\EMET 5.1\EMET_Service.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(H+H Software GmbH) C:\Program Files\Virtual CD v10\System\VC10SecS.exe
(VMware, Inc.) C:\Windows\System32\vmnat.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\AntiTheft\Antitheft.exe
(VMware, Inc.) C:\Windows\System32\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\EMET 5.1\EMET_Agent.exe
(H+H Software GmbH) C:\Program Files\Virtual CD v10\System\VC10Play.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\AKL\AkSA.exe
(Razer Inc.) C:\Program Files\Razer\Synapse\RzSynapse.exe
(Ivan Heckman) C:\Program Files\allSnap\allSnap.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [VC10Player] => C:\Program Files\Virtual CD v10\System\VC10Play.exe [411976 2011-10-19] (H+H Software GmbH)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM\...\Run: [ISW] => C:\Program Files\CheckPoint\AKL\AkSA.exe [638584 2014-05-14] (Check Point Software Technologies LTD)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM\...\Run: [Razer Synapse] => C:\Program Files\Razer\Synapse\RzSynapse.exe [590144 2015-02-28] (Razer Inc.)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [153672 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [Trend Micro RUBotted V2.0 Beta] => C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe [1102872 2013-07-25] (Trend Micro Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3642466463-2128021046-2334674927-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3642466463-2128021046-2334674927-1002\...\Run: [DMS-Kalenderchen] => C:\Program Files\Kalenderchen\Kalenderchen.exe [3498496 2010-05-18] (Daniel Manger Software)
HKU\S-1-5-21-3642466463-2128021046-2334674927-1002\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3642466463-2128021046-2334674927-1002\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\allSnap.lnk
ShortcutTarget: allSnap.lnk -> C:\Program Files\allSnap\allSnap.exe (Ivan Heckman)
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
BootExecute: autocheck autochk * OODBS
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3642466463-2128021046-2334674927-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3642466463-2128021046-2334674927-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3642466463-2128021046-2334674927-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-06] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-06] (Oracle Corporation)
Winsock: Catalog9 11 C:\Windows\system32\vsocklib.dll [63568] (VMware, Inc.)
Winsock: Catalog9 12 C:\Windows\system32\vsocklib.dll [63568] (VMware, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{540DE981-1465-410D-993D-5B1652998DCB}: [NameServer] 192.168.44.44
FireFox:
========
FF ProfilePath: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default
FF NewTab:
FF Homepage: about:blank
FF NetworkProxy: "user_pref("extensions.foxtor.network.proxy.http", "");
FF NetworkProxy: "user_pref("extensions.foxtor.network.proxy.http_port", 0);
FF NetworkProxy: "user_pref("extensions.foxtor.network.proxy.no_proxies_on", "");
FF NetworkProxy: "user_pref("extensions.foxtor.network.proxy.share_proxy_settings", true);
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF NetworkProxy: "backup.ftp", "127.0.0.1"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.gopher", "www-proxy.t-online.de"
FF NetworkProxy: "backup.gopher_port", 80
FF NetworkProxy: "backup.socks", "127.0.0.1"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "127.0.0.1"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "127.0.0.1"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "gopher", "127.0.0.1"
FF NetworkProxy: "gopher_port", 4001
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "pong", ""
FF NetworkProxy: "pong_port", 0
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-12] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF-XChange Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @esn/npbattlelog,version=2.4.0 -> C:\Program Files\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-06] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll [2013-12-13] (Nullsoft, Inc.)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF-XChange Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin HKU\S-1-5-21-3642466463-2128021046-2334674927-1002: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF-XChange Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-3642466463-2128021046-2334674927-1002: eyes.nasa.gov/NASAEyes -> C:\Users\Friedrich\AppData\Roaming\JPLNASAVTAD\NASAEyes\1.0.0.0\npNASAEyes.dll [2013-08-02] (JPL/NASA-Caltech)
FF Plugin HKU\S-1-5-21-3642466463-2128021046-2334674927-1002: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Trials Evolution Gold Edition\datapack\orbit\npuplaypc.dll [2013-03-18] (Ubisoft)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-03-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-03-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-03-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-03-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-03-06] (Apple Inc.)
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\a9.xml [2013-06-01]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\blekko-https.xml [2015-03-18]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\blekko.xml [2015-03-18]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\duckduckgo.xml [2012-07-03]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\expediadotcom.xml [2007-03-08]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\flickr-tags.xml [2013-07-08]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\geizhalseu.xml [2015-03-02]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\geo-ip-tool.xml [2014-10-04]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\gutscheinrauschde-suche.xml [2011-03-22]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\hollywoodcom.xml [2013-10-05]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\imdb.xml [2008-10-22]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\ixquick-ssl.xml [2014-03-06]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\lycos-europe.xml [2007-03-06]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\MSN.xml [2013-10-05]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\neckermannde.xml [2007-03-06]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\otto.xml [2007-03-06]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\qwantcom.xml [2014-03-06]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\spinde.xml [2009-03-16]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\t-online.xml [2007-03-06]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\weathercom.xml [2015-03-18]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\wolframalpha.xml [2014-03-06]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\youtube-videosuche.xml [2015-03-19]
FF Extension: Cache Status - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\cache@status.org [2014-05-03]
FF Extension: Chromifox Basic - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\chromifox@altmusictv.com [2013-01-29]
FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\donottrackplus@abine.com [2014-11-22]
FF Extension: FoxyProxy Standard - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\foxyproxy@eric.h.jung [2015-03-22]
FF Extension: HTTPS-Everywhere - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\https-everywhere@eff.org [2015-01-23]
FF Extension: GutscheinRausch.de - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\jl@leimbach-it.de [2013-01-29]
FF Extension: rein - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\rein@notiz.jp [2013-04-30]
FF Extension: TinEye Reverse Image Search - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\tineye@ideeinc.com [2013-01-29]
FF Extension: Forecastfox - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2013-01-29]
FF Extension: Elementary - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{05e38d80-09c1-11dd-bd0b-0800200c9a66} [2013-01-29]
FF Extension: Vista-aero - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{07b2a769-ed19-4483-87ce-c643914c81bb} [2013-01-29]
FF Extension: PONG! - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{1368F36C-0370-419a-A408-28F94FD35974} [2013-01-29]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013-01-29]
FF Extension: hmmXP - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{224d6e00-0336-11dd-95ff-0800200c9a66} [2013-01-29]
FF Extension: 8 Ultimo - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{2b6788a0-0ccd-11e1-be50-0800200c9a66} [2013-01-29]
FF Extension: HostIP.info Geolocation Plugin - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{49eba0b5-0393-4e13-8cc4-06298a281c5d} [2013-01-29]
FF Extension: Aero Fox XL - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} [2013-01-29]
FF Extension: FT DeepDark - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-02-27]
FF Extension: W3v8 for Firefox - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{7DA90D46-1B69-4cc5-9ACE-CB64D8D85B00} [2013-01-29]
FF Extension: iMacros for Firefox - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2015-02-19]
FF Extension: Nightly Tester Tools - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29} [2013-11-01]
FF Extension: Proto_Dust - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{8a39fe10-f553-11dd-87af-0800200c9a66} [2013-01-29]
FF Extension: Live HTTP Headers - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2013-06-12]
FF Extension: Bamboo Feed Reader - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{b2e69492-2358-071a-7056-24ad0c3defb1} [2015-02-21]
FF Extension: Gnome - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{bdc06860-70c3-11dd-ad8b-0800200c9a66} [2013-01-29]
FF Extension: iPox - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66} [2013-01-29]
FF Extension: User Agent Switcher - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1} [2013-01-29]
FF Extension: PageZoom [de] - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{eeb299da-31d8-4683-aad4-9c9a045e0351} [2013-01-29]
FF Extension: CustomizeGoogle - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb} [2013-01-29]
FF Extension: SEOpen - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{ff6bdc07-eed6-4815-ad95-d7938b673ab5} [2013-01-29]
FF Extension: Classic Theme Restorer - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-06-16]
FF Extension: Classic Toolbar Buttons - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\CSTBB@NArisT2_Noia4dev.xpi [2014-06-19]
FF Extension: Firebug - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\firebug@software.joehewitt.com.xpi [2013-01-29]
FF Extension: Ghostery - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\firefox@ghostery.com.xpi [2015-02-24]
FF Extension: Glaze Black - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\glaze_black@www.theme-oasis.org.xpi [2013-01-29]
FF Extension: ipFuck - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\ipfuck@p4ul.info.xpi [2014-03-07]
FF Extension: Lightbeam - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2013-01-29]
FF Extension: NASA Night Launch - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\nasanightlaunch@example.com.xpi [2013-01-29]
FF Extension: Netscape Navigator Nostalgia - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\Netscape@gideas.xpi [2013-01-29]
FF Extension: Niederschlagsradar - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\niederschlagsradar@sensiva.net.xpi [2013-01-29]
FF Extension: Classic Compact Options - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\notreal.ccoptions@environmentalchemistry.com.xpi [2013-01-29]
FF Extension: RightBar - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\rightbar@realmtech.net.xpi [2014-06-19]
FF Extension: Secret Agent - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\SecretAgent@Dephormation.org.uk.xpi [2014-03-12]
FF Extension: Secure Login - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\secureLogin@blueimp.net.xpi [2015-02-11]
FF Extension: MZ8 - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\someone@somewhere.xpi [2014-07-27]
FF Extension: Throbber Restored - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\Throbber-Restored@jetpack.xpi [2014-09-07]
FF Extension: Flagfox - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-10]
FF Extension: Image Zoom - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2013-04-16]
FF Extension: Aeon Colors - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{1DEAE5AA-E19E-458b-9C8C-73CB651B9A58}.xpi [2013-01-29]
FF Extension: LittleFox - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}.xpi [2014-06-20]
FF Extension: Leet Key - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{3335F91D-2AEF-4097-B831-C96C60349822}.xpi [2013-01-29]
FF Extension: Organize Status Bar - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}.xpi [2013-01-29]
FF Extension: Qute Classic - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{5514CFC3-D9A8-4f1a-8DF1-930EBFB59901}.xpi [2013-01-29]
FF Extension: STEAM - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{678156d0-0e01-11df-8a39-0800200c9a66}.xpi [2013-01-29]
FF Extension: Nautipolis for Firefox - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{6C4BAFB6-2AC2-4405-A98D-546B55B3AE92}.xpi [2013-01-29]
FF Extension: NoScript - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-01-29]
FF Extension: ReloadEvery - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2013-01-29]
FF Extension: n2scape - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{962229ad-1a31-4d4f-ac5b-a86cbc38f6bb}.xpi [2013-01-29]
FF Extension: Tamper Data - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2013-01-29]
FF Extension: Video DownloadHelper - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-06]
FF Extension: Sothink Flash Downloader for Firefox - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{BAEBEF65-9289-47c5-8524-C345CC5D860D}.xpi [2013-01-29]
FF Extension: Web Developer - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013-01-29]
FF Extension: classiccompact - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}.xpi [2013-01-29]
FF Extension: FOXSCAPE - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{da7f40f0-8675-11db-b606-0800200c9a66}.xpi [2013-01-29]
FF Extension: DownThemAll! - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-01-29]
FF Extension: Torbutton - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi [2013-01-29]
FF Extension: HackBar - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}.xpi [2013-10-05]
FF Extension: Mosaic-Fox - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{f9bddc00-152b-11de-8c30-0800200c9a66}.xpi [2013-01-29]
FF Extension: Firefox 2, the theme, reloaded - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{fd2f951f-77ea-4938-9493-0c892c027a13}.xpi [2014-06-19]
FF Extension: QuickStores-Toolbar - C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de.xpi [2015-03-22]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
Locked "vdrv1000" service was unlocked successfully. <===== ATTENTION
S4 CLHNServiceForPowerDVD; C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [83240 2011-04-20] ()
S4 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [70952 2011-03-31] (CyberLink)
S4 CyberLink PowerDVD 11.0 Service; C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [312616 2011-03-31] (CyberLink)
R2 DokanMounter; C:\Program Files\Paragon Software\Paragon ExtFS for Windows\Dokan\DokanLibrary\mounter.exe [22736 2014-08-25] ()
R2 EMET_Service; C:\Program Files\EMET 5.1\EMET_Service.exe [31880 2014-11-09] (Microsoft Corporation)
S3 Futuremark SystemInfo Service; C:\Program Files\Futuremark\SystemInfo\FMSISvc.exe [614624 2015-02-09] (Futuremark)
S3 ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 IswSvc; C:\Program Files\CheckPoint\AKL\AkSVC.exe [749176 2014-05-14] (Check Point Software Technologies LTD)
S2 nlndis; C:\Program Files\NetLimiter Ndis Miniport Service\nlndis.exe [32768 2011-10-05] (Locktime Software) [File not signed]
S3 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1126400 2013-02-20] (Locktime Software) [File not signed]
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [2505160 2013-01-07] (O&O Software GmbH)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [32568 2014-08-07] (The OpenVPN Project)
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [1910640 2015-03-04] (Electronic Arts)
S4 Razer Game Scanner Service; C:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
S3 Realtek87B; C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [File not signed]
S2 RUBotSrv; C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.)
S4 ST2012_Svc; C:\Program Files\Spyware Terminator\st_rsser.exe [587912 2013-01-14] (Crawler.com)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VC10SecS; C:\Program Files\Virtual CD v10\System\VC10SecS.exe [144712 2011-10-19] (H+H Software GmbH)
R2 VMAuthdService; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [86744 2014-06-12] (VMware, Inc.)
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [359128 2014-06-12] (VMware, Inc.)
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [722624 2014-02-27] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [437976 2014-06-12] (VMware, Inc.)
S2 VMwareHostd; C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe [14407384 2014-06-12] ()
S3 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-05-30] (Check Point Software Technologies Ltd.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [90936 2014-05-29] (Check Point Software Technologies, Ltd.)
R2 ZoneAlarm AntiTheft; C:\Program Files\CheckPoint\AntiTheft\Antitheft.exe [3128968 2014-05-30] (Check Point Software Technologies Ltd.)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 catchme; C:\Users\Friedrich\AppData\Local\Temp\catchme.sys [31744 2015-03-23] () [File not signed]
S3 CrystalSysInfo; C:\Program Files\MediaCoder\SysInfo.sys [15152 2007-09-25] ()
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [105680 2014-08-25] (Windows (R) Win 7 DDK provider)
S3 ENTECH; C:\Windows\system32\DRIVERS\ENTECH.sys [21664 2004-10-25] (EnTech Taiwan) [File not signed]
S3 es1371; C:\Windows\System32\drivers\es1371mp.sys [40832 2002-06-03] (Creative Technology Ltd.)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 GKBFltr; C:\Windows\System32\Drivers\GameKB.sys [19328 2009-12-29] ()
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [43840 2014-02-27] (VMware, Inc.)
S3 HH10Help.sys; C:\Windows\system32\drivers\HH10Help.sys [13952 2010-03-10] (H+H Software GmbH) [File not signed]
R0 iaStorA; C:\Windows\System32\drivers\iaStorA.sys [532536 2012-09-01] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [25656 2012-09-01] (Intel Corporation)
S3 icsak; C:\Program Files\CheckPoint\AKL\ak\icsak.sys [39296 2014-05-14] (Check Point Software Technologies LTD)
R2 ISWKL; C:\Program Files\CheckPoint\AKL\ISWKL.sys [42880 2014-05-14] (Check Point Software Technologies LTD)
R0 iusb3hcs; C:\Windows\System32\drivers\iusb3hcs.sys [16880 2013-02-22] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [352752 2013-02-22] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [796656 2013-02-22] (Intel Corporation)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-04-30] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [488032 2014-04-30] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2014-04-30] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [43608 2014-04-30] (Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144352 2014-04-30] (Kaspersky Lab ZAO)
R3 MBfilt; C:\Windows\System32\drivers\MBfilt32.sys [24664 2009-11-18] (Creative Technology Ltd.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-02] (Intel Corporation)
R3 NLNdisMP; C:\Windows\System32\DRIVERS\nlndis.sys [5230088 2011-03-21] (Locktime Software)
S3 NLNdisPT; C:\Windows\System32\DRIVERS\nlndis.sys [5230088 2011-03-21] (Locktime Software)
R1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [5281672 2011-03-21] (Locktime Software)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R2 ntk_PowerDVD; C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys [71664 2011-04-20] (Cyberlink Corp.)
R2 ParagonLDM; C:\Windows\system32\drivers\biont_bs.sys [24512 2014-04-11] (Paragon Software GmbH)
S3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13440 2011-11-24] (June Fabrics Technology Inc.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
S3 RTCore32; C:\Program Files\MSI Afterburner\RTCore32.sys [5632 2013-03-11] () [File not signed]
S3 RTL8187; C:\Windows\System32\DRIVERS\rtl8187.sys [375808 2010-01-07] (Realtek Semiconductor Corporation )
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [35624 2014-12-17] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [20416 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [97088 2014-11-17] (Razer, Inc.)
R3 rzudd; C:\Windows\System32\DRIVERS\rzudd.sys [151336 2014-12-30] (Razer Inc)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [436792 2013-01-30] () [File not signed]
R1 sp_rsdrv2; C:\Windows\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] () [File not signed]
R0 SscRdBus; C:\Windows\System32\DRIVERS\SscRdBus.sys [88296 2014-11-22] (SuperSpeed LLC) [File not signed]
R0 SscRdCls; C:\Windows\System32\DRIVERS\SscRdCls.sys [40984 2007-12-19] (SuperSpeed LLC)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2014-04-08] (The OpenVPN Project)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [5120 2012-12-19] ()
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [91016 2013-12-26] ()
R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [20616 2013-12-26] ()
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [540168 2013-12-26] ()
S1 Uim_Vim; C:\Windows\System32\Drivers\Uim_Vim.sys [283600 2012-11-22] (Paragon)
R1 vdrv1000; C:\Windows\System32\DRIVERS\vdrv1000.sys [186392 2011-04-19] (H+H Software GmbH)
R3 vmkbd2; C:\Windows\system32\drivers\VMkbd.sys [26456 2014-06-12] (VMware, Inc.)
R3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [17104 2014-06-12] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [37456 2014-06-12] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [26968 2014-06-12] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [66136 2014-06-12] (VMware, Inc.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [456088 2014-05-30] (Check Point Software Technologies Ltd.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [63824 2013-10-08] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\System32\drivers\vstor2-mntapi20-shared.sys [23632 2013-02-22] (VMware, Inc.)
R2 WCMVCAM; C:\Windows\System32\DRIVERS\wcmvcam.sys [1068216 2012-04-15] (Windows (R) Win 7 DDK provider)
R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
S3 WmHidLo; C:\Windows\System32\drivers\WmHidLo.sys [31816 2010-04-27] (Logitech Inc.)
R3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [77296 2011-04-12] (CyberLink Corp.)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2014-04-30] (Kaspersky Lab ZAO)
S4 NvStUSB; \SystemRoot\system32\drivers\nvstusb.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad32v.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-23 05:28 - 2015-03-23 05:28 - 00038697 _____ () C:\Users\Friedrich\Desktop\FRST.txt
2015-03-23 05:27 - 2015-03-22 22:23 - 01135104 _____ (Farbar) C:\Users\Friedrich\Desktop\FRST.exe
2015-03-23 05:00 - 2015-03-23 04:28 - 00360448 _____ () C:\Users\Friedrich\Desktop\CF-DeQuarantine.exe
2015-03-23 04:23 - 2015-03-23 04:24 - 00014178 _____ () C:\Users\Friedrich\Desktop\SystemLook.txt
2015-03-23 04:22 - 2015-03-23 04:21 - 00139264 _____ () C:\Users\Friedrich\Desktop\SystemLook.exe
2015-03-23 04:02 - 2015-03-23 04:02 - 00012836 _____ () C:\Users\Friedrich\Desktop\ComboFix.txt
2015-03-23 04:01 - 2015-03-23 04:02 - 00000000 ___SD () C:\Combo-Fix
2015-03-23 03:21 - 2015-03-23 03:35 - 00000000 ____D () C:\Qoobox
2015-03-23 03:21 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-23 03:21 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-23 03:21 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-23 03:21 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-23 03:21 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-23 03:21 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-23 03:21 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-23 03:21 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-23 03:20 - 2015-03-23 03:43 - 00000000 ____D () C:\Windows\erdnt
2015-03-23 03:18 - 2015-03-23 03:18 - 05616289 ____R (Swearware) C:\Users\Friedrich\Desktop\Combo-Fix.exe
2015-03-23 03:07 - 2015-03-23 05:28 - 00000000 ____D () C:\FRST
2015-03-23 02:18 - 2015-03-23 02:18 - 00076230 _____ () C:\Users\Friedrich\Documents\pinfect.zip
2015-03-23 00:40 - 2015-03-23 00:40 - 00000000 ____D () C:\Windows\VDLL.DLL
2015-03-23 00:40 - 2015-03-23 00:40 - 00000000 ____D () C:\Windows\system32\runouce.exe
2015-03-23 00:40 - 2015-03-23 00:40 - 00000000 ____D () C:\Windows\rundll16.exe
2015-03-23 00:40 - 2015-03-23 00:40 - 00000000 ____D () C:\Windows\RUNDL132.EXE
2015-03-23 00:40 - 2015-03-23 00:40 - 00000000 ____D () C:\Windows\logo1_.exe
2015-03-23 00:40 - 2015-03-23 00:40 - 00000000 ____D () C:\Windows\logo_1.exe
2015-03-23 00:29 - 2015-03-23 00:40 - 00000054 _____ () C:\Windows\Lic.xxx
2015-03-23 00:29 - 2015-03-23 00:29 - 00034048 _____ (MicroWorld Technologies Inc.) C:\Windows\system32\eEmpty.exe
2015-03-23 00:29 - 2015-03-23 00:29 - 00000000 ____D () C:\ProgramData\MicroWorld
2015-03-23 00:29 - 2015-03-23 00:29 - 00000000 ____D () C:\Program Files\Common Files\MicroWorld
2015-03-23 00:29 - 2005-09-22 23:22 - 00000522 _____ () C:\Windows\system32\Microsoft.VC80.CRT.manifest
2015-03-23 00:26 - 2015-03-22 23:23 - 00013312 _____ () C:\Users\Friedrich\Desktop\find.bat
2015-03-23 00:25 - 2015-03-22 23:27 - 68866904 _____ () C:\Users\Friedrich\Desktop\mwav.exe
2015-03-23 00:22 - 2015-03-23 05:28 - 00000000 ____D () C:\Users\Friedrich\Desktop\Sammlung fürs Board
2015-03-22 20:37 - 2015-03-22 20:37 - 00000000 ____D () C:\ProgramData\Trend Micro
2015-03-22 20:25 - 2015-03-22 20:28 - 00000353 _____ () C:\Users\Friedrich\Desktop\Office AUTOKMS sehr Wichtig.txt
2015-03-22 19:00 - 2015-03-22 19:00 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-03-22 18:34 - 2015-03-22 18:36 - 31973976 _____ (MiniTool Solution Ltd. ) C:\Users\Friedrich\Desktop\pwfree9.exe
2015-03-22 18:29 - 2015-03-22 18:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-21 18:11 - 2015-03-21 18:11 - 00290376 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2015-03-21 18:11 - 2015-03-21 18:11 - 00131744 _____ (trend_company_name) C:\Windows\system32\Drivers\tmrkb.sys
2015-03-20 23:13 - 2015-03-20 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
2015-03-20 23:13 - 2015-03-20 23:13 - 00000000 ____D () C:\Program Files\Trend Micro
2015-03-20 22:57 - 2015-03-20 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree
2015-03-20 22:57 - 2015-03-20 22:57 - 00000000 ____D () C:\Program Files\Emsisoft HiJackFree
2015-03-20 22:56 - 2015-03-20 22:56 - 02925920 _____ (Emsisoft GmbH ) C:\Users\Friedrich\Desktop\EmsisoftHiJackFreeSetup.exe
2015-03-20 22:47 - 2015-03-20 22:51 - 140425968 _____ (Microsoft Corporation) C:\Users\Friedrich\Desktop\Microsoft Security Scanner.exe
2015-03-20 19:07 - 2015-03-20 19:11 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-03-19 01:28 - 2015-03-19 02:52 - 00000000 ____D () C:\Users\Friedrich\Desktop\ThinkpadpunkteVideo
2015-03-19 00:53 - 2015-03-22 19:01 - 00429152 _____ () C:\Users\Friedrich\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-19 00:52 - 2015-03-22 19:12 - 04703120 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-19 00:18 - 2015-03-19 00:20 - 00084562 _____ () C:\Users\Friedrich\Desktop\usbdeview.zip
2015-03-19 00:18 - 2015-03-19 00:20 - 00046516 _____ () C:\Users\Friedrich\Desktop\driverview.zip
2015-03-19 00:17 - 2015-03-19 00:20 - 00068998 _____ () C:\Users\Friedrich\Desktop\bluescreenview.zip
2015-03-18 21:39 - 2015-03-18 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GNavigia
2015-03-18 21:39 - 2010-04-07 02:29 - 00081920 _____ () C:\Windows\system32\GkSui20.EXE
2015-03-18 21:26 - 2015-03-18 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-03-18 21:26 - 2015-03-16 18:44 - 00749664 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2015-03-18 21:25 - 2015-03-18 21:25 - 00000000 ____D () C:\Program Files\Oracle
2015-03-18 21:25 - 2015-03-16 18:42 - 00104384 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2015-03-18 21:17 - 2015-03-18 21:17 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-03-18 21:16 - 2014-12-03 13:51 - 00927960 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2015-03-18 21:16 - 2014-12-03 11:41 - 03365208 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2015-03-18 21:16 - 2014-12-03 10:15 - 01485163 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-03-18 21:16 - 2014-12-02 11:42 - 02381680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2015-03-18 21:16 - 2014-11-27 08:31 - 02510192 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO.dll
2015-03-18 21:16 - 2014-08-06 06:43 - 02588888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2015-03-18 21:16 - 2014-04-10 05:19 - 01940056 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2015-03-18 21:16 - 2014-03-06 09:35 - 01892056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2015-03-18 21:16 - 2014-02-18 10:04 - 02421792 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2015-03-18 21:16 - 2014-01-08 08:25 - 00332568 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp32.dll
2015-03-18 21:16 - 2013-01-11 09:27 - 00563992 _____ (Creative Technology Ltd.) C:\Windows\system32\MBTHX32.dll
2015-03-18 21:16 - 2011-11-22 09:28 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2015-03-18 21:16 - 2010-11-08 00:31 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2015-03-18 21:16 - 2010-11-08 00:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2015-03-18 21:16 - 2010-11-08 00:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2015-03-18 21:16 - 2010-11-08 00:31 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2015-03-18 21:16 - 2010-11-08 00:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2015-03-18 21:16 - 2010-11-08 00:31 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2015-03-18 21:16 - 2010-09-27 02:34 - 00232792 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-03-18 21:16 - 2009-12-04 08:43 - 00132368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
2015-03-18 21:16 - 2009-11-24 02:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2015-03-18 21:16 - 2009-11-24 02:55 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
2015-03-18 21:16 - 2009-11-24 02:55 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
2015-03-18 21:16 - 2009-11-24 02:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2015-03-18 21:16 - 2009-11-18 11:42 - 01783056 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
2015-03-18 21:16 - 2009-11-18 00:12 - 00024664 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\MBfilt32.sys
2015-03-18 21:15 - 2014-06-06 17:00 - 00519368 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2015-03-18 21:15 - 2013-10-11 05:47 - 00092584 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-03-18 21:15 - 2012-03-08 04:47 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2015-03-18 20:49 - 2015-01-25 11:20 - 00000000 ____D () C:\Users\Friedrich\Desktop\Baphomets Fluch 1-5 Deutsch
2015-03-17 14:44 - 2015-03-18 17:10 - 329252864 _____ () C:\Users\Friedrich\Desktop\openSUSE-13.2-DVD-i586.iso
2015-03-17 14:37 - 2015-03-17 14:41 - 79691776 _____ () C:\Users\Friedrich\Desktop\CorePlus-current.iso
2015-03-16 18:42 - 2015-03-16 18:42 - 00115672 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2015-03-12 15:27 - 2015-03-23 05:05 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Everything
2015-03-12 15:27 - 2015-03-12 15:27 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
2015-03-11 20:41 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-11 20:41 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-03-11 20:41 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-03-11 20:41 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-03-11 20:41 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-03-11 20:41 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-03-11 20:41 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-03-11 20:02 - 2015-03-06 06:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 20:02 - 2015-03-06 06:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 20:02 - 2015-03-06 06:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 20:02 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 20:02 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 20:02 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 20:02 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 20:02 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 20:02 - 2015-03-06 06:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 20:02 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 20:02 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 20:02 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 20:02 - 2015-03-06 06:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 20:02 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 20:02 - 2015-03-06 06:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 20:02 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 20:02 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 20:02 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 20:02 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 20:02 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 20:02 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 20:02 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 20:02 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 20:02 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 20:02 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 20:02 - 2015-02-20 03:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 20:02 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 20:02 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 20:02 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 20:02 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 20:02 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 20:02 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 20:02 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 20:02 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 20:02 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 20:02 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 20:02 - 2015-02-20 02:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 20:02 - 2015-02-20 02:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 20:02 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 20:02 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 20:02 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 20:02 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 20:02 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 20:02 - 2015-02-20 02:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 20:02 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 20:02 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 20:02 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 20:02 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 20:02 - 2015-01-31 00:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 20:02 - 2015-01-29 04:05 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-11 20:02 - 2015-01-29 04:05 - 03917752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 20:02 - 2015-01-29 04:01 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 20:02 - 2015-01-29 04:01 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 20:02 - 2015-01-29 04:01 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 20:02 - 2015-01-29 04:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 20:02 - 2015-01-29 04:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 20:02 - 2015-01-29 03:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 20:01 - 2015-02-26 04:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 20:01 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 20:01 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 20:01 - 2015-02-20 05:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 20:01 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 20:01 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 20:01 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 20:01 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 20:01 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 20:01 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 20:01 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 20:00 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-03-11 17:12 - 2015-03-11 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PY Software
2015-03-11 17:12 - 2007-08-13 14:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\wmvdmoe.dll
2015-03-11 16:57 - 2015-03-11 17:03 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\WebcamZoneTrigger
2015-03-11 16:12 - 2015-03-11 16:12 - 00000000 ____D () C:\Users\Public\Documents\Xeoma
2015-03-11 12:19 - 2015-03-11 12:19 - 00000000 ____D () C:\Windows\system32\DCS
2015-03-11 01:10 - 2015-03-11 01:10 - 00003584 _____ () C:\Users\Friedrich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-08 10:55 - 2015-03-08 10:55 - 06208736 _____ (Tim Kosse) C:\Users\Friedrich\Downloads\FileZilla_3.10.2_win32-setup.exe
2015-03-08 10:55 - 2015-03-08 10:55 - 06057862 _____ (Tim Kosse) C:\Users\Friedrich\Downloads\FileZilla_3.9.0.5_win32-setup.exe
2015-03-08 03:47 - 2015-03-08 03:47 - 00000216 _____ () C:\Users\Friedrich\Desktop\rFactor Demo.url
2015-03-08 02:07 - 2015-03-08 02:07 - 00000623 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Batman 3 - Beyond Gotham.lnk
2015-03-08 02:02 - 2015-03-08 02:02 - 00000000 ____D () C:\Program Files\LEGO Batman 3 - Beyond Gotham
2015-03-06 05:12 - 2015-03-06 05:12 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Apple Computer
2015-03-06 05:10 - 2015-03-06 05:12 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-03-06 05:10 - 2015-03-06 05:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-03-06 05:08 - 2015-03-21 19:35 - 00000000 ____D () C:\Users\Friedrich\Desktop\LightWorks DE Tutorials
2015-03-06 04:28 - 2015-03-06 04:28 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-03-05 21:53 - 2015-03-05 21:53 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Stardock
2015-03-05 20:41 - 2015-03-13 19:42 - 00000000 ____D () C:\Users\Friedrich\Desktop\Chromanova.fm - crazy freak dance 24-7-
2015-03-05 07:50 - 2015-03-05 07:50 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\com.ohnoo.TormentumDemo
2015-03-05 07:31 - 2015-03-05 07:31 - 00000000 ____D () C:\Users\Friedrich\Documents\SpriteLamp
2015-03-05 07:31 - 2015-03-05 07:31 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\SpriteLampWinforms
2015-03-05 06:58 - 2015-03-05 07:03 - 00000000 ____D () C:\Program Files\TClock
2015-03-05 06:04 - 2015-03-05 06:04 - 00000000 ____D () C:\Windows Anmeldesounds +Icons AlleSys Bildschirmschoner
2015-03-05 05:49 - 2015-03-05 05:49 - 00000000 ____D () C:\ProgramData\Stardock
2015-03-05 05:48 - 2015-03-05 05:48 - 00000000 __HDC () C:\ProgramData\{9C3F823B-4738-4CAF-A6B2-69E87FB636C0}
2015-03-05 05:48 - 2015-03-05 05:48 - 00000000 ____D () C:\Users\Public\Documents\Stardock
2015-03-05 05:48 - 2015-03-05 05:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2015-03-05 05:48 - 2015-03-05 05:48 - 00000000 ____D () C:\Program Files\Stardock
2015-03-05 05:47 - 2015-03-05 05:47 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\PackageAware
2015-03-05 05:28 - 2015-03-05 05:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPU
2015-03-05 05:28 - 2015-03-05 05:28 - 00000000 ____D () C:\Program Files\MPU
2015-03-05 05:20 - 2015-03-05 05:20 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Lern-o-Mat
2015-03-05 05:14 - 2015-03-05 05:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD-lab PRO 2.0
2015-03-05 05:14 - 2015-03-05 05:14 - 00000000 ____D () C:\Program Files\DVDlabPro2
2015-03-05 05:13 - 2015-03-05 05:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Doc Scrubber
2015-03-05 05:13 - 2015-03-05 05:13 - 00000000 ____D () C:\Program Files\Doc Scrubber
2015-03-05 05:12 - 2015-03-05 05:12 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\jStrip
2015-03-05 05:12 - 2015-03-05 05:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jStrip
2015-03-05 05:12 - 2015-03-05 05:12 - 00000000 ____D () C:\Program Files\jStrip
2015-03-05 05:12 - 1999-10-30 02:00 - 00167936 _____ (Common Controls Replacement Project (CCRP)) C:\Windows\system32\ccrpftv6.ocx
2015-03-04 06:03 - 2015-03-12 12:34 - 00000000 ____D () C:\Users\Friedrich\.mediathek3
2015-03-04 06:03 - 2015-03-04 06:03 - 00000000 ____D () C:\Program Files\Mediathekview
2015-03-03 19:32 - 2015-03-03 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-03-03 19:32 - 2015-03-03 19:32 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack
2015-03-03 18:52 - 2015-03-03 18:54 - 63361024 _____ () C:\Users\Friedrich\Desktop\EpicGamesLauncherInstaller-2.0.0-2465596.msi
2015-03-03 18:13 - 2015-03-03 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3
2015-03-02 07:05 - 2015-03-02 07:05 - 00000000 ____D () C:\Users\Friedrich\Documents\Bandicam
2015-03-02 07:04 - 2015-03-03 19:12 - 00000000 ____D () C:\Program Files\Bandicam
2015-03-02 07:04 - 2015-03-02 07:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2015-03-02 07:04 - 2015-03-02 07:04 - 00000000 ____D () C:\Program Files\BandiMPEG1
2015-03-01 23:52 - 2015-03-01 23:52 - 00000000 ____D () C:\Users\Friedrich\Desktop\Silent Hill Downpour (Xbox 360 Gamerip)
2015-02-28 18:06 - 2015-02-05 18:51 - 00621384 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2015-02-28 18:05 - 2015-02-05 21:48 - 24768144 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 20465808 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 16016848 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 10773520 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 10713256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 08473928 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-28 18:05 - 2015-02-05 21:48 - 03247248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 01047880 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3234752.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 00931136 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 00912528 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3234752.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 00909120 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 00877816 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshim.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 00399504 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 00345928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 00305136 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim32.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 00164568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinit.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 00161424 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda32v.sys
2015-02-28 18:05 - 2015-02-05 21:48 - 00027280 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap32.dll
2015-02-27 16:04 - 2015-02-27 19:00 - 00000000 ____D () C:\Program Files\EMET 5.1
2015-02-27 16:04 - 2015-02-27 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit
2015-02-27 03:00 - 2015-02-27 03:00 - 00000216 _____ () C:\Users\Friedrich\Desktop\Tormentum - Dark Sorrow Demo.url
2015-02-26 18:36 - 2015-02-26 18:36 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cain
2015-02-26 18:36 - 2015-02-26 18:36 - 00000000 ____D () C:\Program Files\Cain
2015-02-24 19:24 - 2015-03-20 23:09 - 00000000 ____D () C:\Users\Friedrich\Documents\Survarium
2015-02-22 19:27 - 2015-02-22 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-23 05:28 - 2013-01-30 06:57 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\NetSpeedMonitor
2015-03-23 05:25 - 2013-01-30 04:08 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\vlc
2015-03-23 05:09 - 2013-01-30 01:23 - 00000000 ____D () C:\Users\Friedrich\Desktop\Sicherheitsprogramme
2015-03-23 04:26 - 2010-11-20 22:01 - 01639348 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-23 04:16 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-23 03:54 - 2009-07-14 05:34 - 00034848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-23 03:54 - 2009-07-14 05:34 - 00034848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-23 03:50 - 2013-01-29 18:50 - 01257627 _____ () C:\Windows\WindowsUpdate.log
2015-03-23 03:47 - 2013-02-17 07:38 - 00000000 ____D () C:\ProgramData\VMware
2015-03-23 03:46 - 2014-07-03 02:07 - 00067178 _____ () C:\Windows\setupact.log
2015-03-23 03:46 - 2014-01-11 03:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-23 03:46 - 2013-01-30 08:01 - 01833612 _____ () C:\Windows\system32\oodbs.lor
2015-03-23 03:46 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-23 03:38 - 2014-01-11 01:33 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Apps\2.0
2015-03-23 03:38 - 2013-01-30 05:14 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\CrashDumps
2015-03-23 03:38 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-23 03:38 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-03-23 03:37 - 2014-07-05 01:41 - 00606602 _____ () C:\Windows\PFRO.log
2015-03-23 03:35 - 2013-01-29 18:50 - 00000000 ____D () C:\Users\Friedrich
2015-03-23 03:03 - 2014-07-05 01:31 - 00000000 ____D () C:\AdwCleaner
2015-03-23 02:47 - 2014-11-16 21:36 - 00000000 ____D () C:\Program Files\Spezial 5.0
2015-03-23 00:14 - 2014-03-23 15:43 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-23 00:03 - 2014-11-15 20:35 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-23 00:01 - 2014-03-23 15:42 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-22 22:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-03-22 22:10 - 2013-01-30 01:23 - 00000000 ____D () C:\Users\Friedrich\Desktop\Weitere Programme
2015-03-22 21:36 - 2013-03-02 16:35 - 00000000 ____D () C:\Program Files\Pluto Client
2015-03-22 21:36 - 2013-01-30 06:18 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\NoNameScript
2015-03-22 20:24 - 2014-10-20 17:53 - 00000000 ____D () C:\ProgramData\GalaxyClient
2015-03-22 19:59 - 2013-01-30 06:17 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\mIRC
2015-03-22 19:56 - 2013-01-30 06:17 - 00000000 ____D () C:\Program Files\mIRC
2015-03-22 19:03 - 2013-11-22 18:50 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\AIMP3
2015-03-22 19:03 - 2013-01-30 03:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-22 18:56 - 2014-05-14 17:55 - 00000000 ____D () C:\Users\Friedrich\Desktop\Rap Mai 2014
2015-03-22 18:44 - 2013-02-06 04:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-22 18:23 - 2014-02-07 14:18 - 00000600 _____ () C:\Users\Friedrich\AppData\Roaming\winscp.rnd
2015-03-22 18:10 - 2014-08-20 05:17 - 00000000 ____D () C:\Windows\Minidump
2015-03-21 06:12 - 2013-01-30 05:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-20 22:23 - 2013-02-06 02:07 - 00000000 ____D () C:\Temp
2015-03-20 21:39 - 2013-01-30 06:49 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2015-03-20 19:34 - 2014-05-04 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
2015-03-20 19:34 - 2014-05-04 18:34 - 00000000 ____D () C:\Program Files\WhoCrashed
2015-03-20 18:06 - 2013-02-01 15:18 - 00000000 ____D () C:\Program Files\Vuze
2015-03-19 07:56 - 2013-01-29 23:12 - 00000000 ____D () C:\Windows\pss
2015-03-19 06:48 - 2013-03-25 17:56 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\NPE
2015-03-19 06:04 - 2013-06-04 01:27 - 00000000 ____D () C:\Stinger_Quarantine
2015-03-19 06:04 - 2013-02-05 00:25 - 00000000 ____D () C:\Program Files\stinger
2015-03-19 03:53 - 2013-01-30 08:07 - 00000000 ____D () C:\Program Files\Steam
2015-03-19 02:39 - 2013-03-04 20:10 - 00000000 ____D () C:\Program Files\KaloMa
2015-03-19 00:48 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-03-19 00:26 - 2014-06-16 02:02 - 00064681 ____H () C:\Windows\system32\BTImages.dat
2015-03-19 00:25 - 2013-01-25 15:30 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-03-19 00:21 - 2013-02-04 05:24 - 00000000 ____D () C:\Program Files\USB Deview
2015-03-19 00:20 - 2014-09-14 21:01 - 00000000 ____D () C:\Program Files\Bluescreen View
2015-03-19 00:20 - 2014-02-14 02:24 - 00000000 ____D () C:\Program Files\DriverView v1.45
2015-03-18 22:11 - 2013-07-16 15:55 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\FileZilla
2015-03-18 21:27 - 2014-02-24 06:30 - 00000000 ____D () C:\Users\Friedrich\.VirtualBox
2015-03-18 21:17 - 2013-01-25 15:37 - 00000000 ___HD () C:\Program Files\Temp
2015-03-18 21:04 - 2013-02-01 15:18 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Azureus
2015-03-18 19:33 - 2013-01-30 01:31 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\KeePass
2015-03-18 18:45 - 2013-02-17 08:12 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\VMware
2015-03-18 18:45 - 2013-02-17 08:12 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\VMware
2015-03-18 14:57 - 2013-01-30 01:20 - 00042222 _____ () C:\Users\Friedrich\NeueDatenbank.kdbx
2015-03-16 21:48 - 2013-01-30 01:16 - 00000000 ____D () C:\Users\Friedrich\Mädels u. Chatter
2015-03-16 14:56 - 2015-02-09 11:04 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\.Tribler
2015-03-15 13:50 - 2013-01-31 03:07 - 00000000 ____D () C:\Program Files\Trillian
2015-03-14 17:20 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-03-12 16:44 - 2014-08-17 15:52 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Adobe
2015-03-12 16:44 - 2013-01-29 22:44 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-12 16:44 - 2013-01-29 22:44 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-12 15:27 - 2013-02-01 15:44 - 00000000 ____D () C:\Program Files\Search Everything
2015-03-12 15:24 - 2013-03-19 12:11 - 00000000 ____D () C:\Windows\system32\MAGIX
2015-03-12 15:19 - 2013-01-30 02:18 - 00000000 ____D () C:\Users\Friedrich\Desktop\Spiele
2015-03-12 01:23 - 2013-02-01 16:32 - 00000000 ____D () C:\ProgramData\Origin
2015-03-11 20:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-03-11 20:32 - 2014-02-19 19:09 - 00000000 ___RD () C:\Users\Friedrich\Virtual Machines
2015-03-11 20:17 - 2013-08-03 23:48 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 15:19 - 2013-01-29 22:28 - 00007655 _____ () C:\Users\Friedrich\AppData\Local\Resmon.ResmonCfg
2015-03-11 13:36 - 2014-07-24 00:39 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\.minecraft
2015-03-11 13:26 - 2013-02-07 04:13 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Razer
2015-03-11 13:26 - 2013-02-07 04:12 - 00000000 ____D () C:\ProgramData\Razer
2015-03-11 13:26 - 2013-01-30 05:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-03-11 13:26 - 2013-01-30 05:03 - 00000000 ____D () C:\Program Files\Razer
2015-03-11 12:11 - 2013-08-21 03:42 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\midori
2015-03-11 02:35 - 2013-02-06 02:14 - 00000000 ____D () C:\ProgramData\TEMP
2015-03-10 04:18 - 2014-06-24 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron
2015-03-10 04:18 - 2014-06-24 16:21 - 00000000 ____D () C:\Program Files\SRWare Iron
2015-03-09 09:57 - 2013-04-11 01:04 - 00000000 ____D () C:\Program Files\SpeedFan
2015-03-09 08:08 - 2014-08-23 16:30 - 00000000 ____D () C:\Users\Friedrich\Desktop\New Handy Root und ähnliches Tutorials
2015-03-08 10:56 - 2013-07-16 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-03-08 10:56 - 2013-07-16 15:55 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2015-03-08 04:48 - 2014-01-22 17:33 - 00000000 ____D () C:\Users\Friedrich\.dbus-keyrings
2015-03-08 04:25 - 2014-07-15 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2015-03-08 04:25 - 2014-07-15 21:51 - 00000000 ____D () C:\Program Files\GameforgeLive
2015-03-08 03:47 - 2014-04-09 00:13 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-03-08 02:35 - 2013-11-19 10:19 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Warner Bros. Interactive Entertainment
2015-03-06 05:11 - 2013-02-14 06:50 - 00000000 ____D () C:\Program Files\QuickTime
2015-03-06 04:28 - 2013-09-19 21:42 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-06 04:25 - 2014-01-15 06:51 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-03-06 04:25 - 2013-03-05 05:07 - 00000000 ____D () C:\Program Files\Java
2015-03-05 08:01 - 2013-08-13 00:14 - 00000000 ____D () C:\Users\Friedrich\Documents\3DMark
2015-03-05 07:58 - 2014-06-16 05:52 - 00000022 _____ () C:\Windows\GPU-Z.INI
2015-03-05 07:04 - 2013-01-29 23:29 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-05 07:04 - 2013-01-29 23:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-05 05:28 - 2013-02-05 07:26 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2015-03-05 05:11 - 2013-02-07 01:16 - 00000000 ____D () C:\Westwood
2015-03-05 05:10 - 2013-02-07 01:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Westwood
2015-03-05 03:01 - 2014-04-11 03:10 - 00000000 ____D () C:\Program Files\prime95 v279
2015-03-05 02:40 - 2015-02-11 15:43 - 00000000 ____D () C:\Users\Friedrich\Desktop\Spionaufnahmen mit LifeCam
2015-03-05 02:18 - 2015-02-12 12:20 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\GetRight
2015-03-04 05:16 - 2014-03-11 20:56 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\MPC-HC
2015-03-04 01:56 - 2013-02-01 16:32 - 00000000 ____D () C:\Program Files\Origin
2015-03-04 00:57 - 2013-07-24 22:30 - 00000000 ____D () C:\HammerAutosave
2015-03-03 18:13 - 2013-11-22 18:50 - 00000000 ____D () C:\Program Files\AIMP3
2015-03-02 18:21 - 2013-01-30 02:15 - 00000000 ____D () C:\Users\Friedrich\Desktop\Ernährung u Sportinfos zusatz zur MAPPE
2015-03-02 02:15 - 2013-02-26 18:36 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Audacity
2015-03-02 02:11 - 2013-02-26 18:36 - 00001000 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-03-02 02:11 - 2013-02-26 18:36 - 00000000 ____D () C:\Program Files\Audacity
2015-03-01 23:47 - 2015-02-12 12:21 - 00000000 ____D () C:\ProgramData\GetRight
2015-02-28 19:33 - 2013-02-03 00:02 - 02712576 _____ () C:\Users\Friedrich\AppData\Local\file__0.localstorage
2015-02-28 18:06 - 2013-01-25 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-02-28 17:10 - 2013-05-10 04:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster
2015-02-28 17:10 - 2013-05-10 04:41 - 00000000 ____D () C:\Program Files\IsoBuster
2015-02-27 17:38 - 2013-01-30 01:44 - 00000000 ____D () C:\Users\Friedrich\Desktop\Canon Shots
2015-02-27 16:52 - 2013-02-01 16:51 - 00000000 ____D () C:\Program Files\Futuremark
2015-02-27 16:03 - 2013-01-30 02:17 - 00000000 ____D () C:\Users\Friedrich\Desktop\POP-RADIO FAKE ACCOUNTS
2015-02-27 03:26 - 2013-02-26 18:48 - 00000000 ____D () C:\Users\Public\Documents\Lightworks
2015-02-27 03:20 - 2013-02-26 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks
2015-02-27 03:20 - 2013-02-26 18:48 - 00000000 ____D () C:\Program Files\Lightworks
2015-02-26 21:20 - 2011-04-28 16:10 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-26 18:36 - 2013-09-04 05:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
2015-02-26 18:36 - 2013-01-30 01:23 - 00000000 ____D () C:\Users\Friedrich\Desktop\Exploit Sets
2015-02-25 03:10 - 2014-06-28 07:22 - 00000000 ____D () C:\Users\Friedrich\Documents\EthanMeteorHunterDemo
2015-02-25 01:15 - 2013-01-30 01:16 - 00000000 ____D () C:\Users\Friedrich\Martin Krüger
2015-02-25 01:14 - 2013-05-24 01:11 - 00000132 _____ () C:\Users\Friedrich\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-02-24 16:48 - 2013-01-29 23:37 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-22 21:59 - 2014-08-10 15:52 - 00000000 ____D () C:\Users\Friedrich\Desktop\Fahrrad-Reperatur Hilfe
2015-02-22 19:27 - 2013-01-30 07:03 - 00000000 ____D () C:\Program Files\Google
2015-02-21 18:41 - 2015-02-17 21:27 - 00000101 _____ () C:\Users\Friedrich\Desktop\Titel Gammeltower video.txt
==================== Files in the root of some directories =======
2013-10-28 21:15 - 2013-07-08 17:34 - 2699264 _____ (wPrime) C:\Program Files\wPrime.exe
2014-04-26 21:08 - 2014-04-26 21:08 - 0000132 _____ () C:\Users\Friedrich\AppData\Roaming\Adobe GIF Format CS5 Prefs
2013-05-24 01:11 - 2015-02-25 01:14 - 0000132 _____ () C:\Users\Friedrich\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-08-06 07:11 - 2014-10-31 04:40 - 0000132 _____ () C:\Users\Friedrich\AppData\Roaming\Adobe Targa Format CS5 Prefs
2015-02-03 18:40 - 2015-02-04 21:05 - 0000623 _____ () C:\Users\Friedrich\AppData\Roaming\All CPU MeterV3_Settings.ini
2013-03-04 20:09 - 2014-02-28 15:35 - 0000540 _____ () C:\Users\Friedrich\AppData\Roaming\AutoGK.ini
2013-05-22 21:43 - 2013-08-25 04:47 - 0000000 _____ () C:\Users\Friedrich\AppData\Roaming\bfe_cddrives
2015-02-04 01:26 - 2015-02-04 01:26 - 0001002 _____ () C:\Users\Friedrich\AppData\Roaming\Currency Meter_Settings.ini
2015-02-04 01:27 - 2015-02-04 01:28 - 0000841 _____ () C:\Users\Friedrich\AppData\Roaming\Drives Meter_Settings.ini
2015-02-03 19:19 - 2015-02-03 19:21 - 0000310 _____ () C:\Users\Friedrich\AppData\Roaming\Earthquakes Meter_Settings.ini
2014-04-20 21:35 - 2015-02-03 17:31 - 0000284 _____ () C:\Users\Friedrich\AppData\Roaming\GPU MeterV2_Settings.ini
2013-06-01 08:16 - 2013-09-22 08:28 - 0001870 _____ () C:\Users\Friedrich\AppData\Roaming\ImperatorProfile0.dat
2013-06-01 08:16 - 2013-09-22 08:28 - 0001872 _____ () C:\Users\Friedrich\AppData\Roaming\ImperatorProfile1.dat
2013-06-01 08:16 - 2013-09-22 08:28 - 0001876 _____ () C:\Users\Friedrich\AppData\Roaming\ImperatorProfile2.dat
2013-09-22 08:27 - 2013-09-22 08:28 - 0001832 _____ () C:\Users\Friedrich\AppData\Roaming\ImperatorProfile3.dat
2015-02-04 01:30 - 2015-02-04 01:30 - 0001209 _____ () C:\Users\Friedrich\AppData\Roaming\Network Meter_Settings.ini
2015-02-04 01:30 - 2015-02-04 01:30 - 0000008 _____ () C:\Users\Friedrich\AppData\Roaming\Network Meter_Usage.ini
2013-02-18 05:16 - 2014-07-16 01:03 - 0138904 _____ () C:\Users\Friedrich\AppData\Roaming\PnkBstrK.sys
2014-04-18 16:25 - 2014-07-02 10:13 - 14315520 _____ () C:\Users\Friedrich\AppData\Roaming\Sandra.mdb
2014-02-07 14:18 - 2015-03-22 18:23 - 0000600 _____ () C:\Users\Friedrich\AppData\Roaming\winscp.rnd
2013-11-15 04:48 - 2013-11-15 05:13 - 0001456 _____ () C:\Users\Friedrich\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2013-10-29 18:14 - 2013-10-29 18:14 - 0242095 _____ () C:\Users\Friedrich\AppData\Local\ars.cache
2013-10-29 18:14 - 2013-10-29 18:14 - 0377163 _____ () C:\Users\Friedrich\AppData\Local\census.cache
2015-03-11 01:10 - 2015-03-11 01:10 - 0003584 _____ () C:\Users\Friedrich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-03 00:02 - 2015-02-28 19:33 - 2712576 _____ () C:\Users\Friedrich\AppData\Local\file__0.localstorage
2013-10-29 17:44 - 2013-10-29 17:44 - 0000036 _____ () C:\Users\Friedrich\AppData\Local\housecall.guid.cache
2014-02-09 23:50 - 2014-06-27 05:58 - 0000600 _____ () C:\Users\Friedrich\AppData\Local\PUTTY.RND
2015-02-02 18:15 - 2015-02-02 18:15 - 0000733 _____ () C:\Users\Friedrich\AppData\Local\recently-used.xbel
2013-01-29 22:28 - 2015-03-11 15:19 - 0007655 _____ () C:\Users\Friedrich\AppData\Local\Resmon.ResmonCfg
2013-03-19 12:49 - 2013-03-19 12:52 - 0000041 ___SH () C:\ProgramData\.zreglib
Files to move or delete:
====================
C:\Users\Friedrich\Bsb.exe
C:\Users\Friedrich\cc_20140124_180349.reg
C:\Users\Friedrich\cc_20140315_160443.reg
C:\Users\Friedrich\cc_20140718_151624.reg
C:\Users\Friedrich\cc_20140905_190648.reg
C:\Users\Friedrich\cc_20141008_060204.reg
C:\Users\Friedrich\IP_Log_Data.js
C:\Users\Friedrich\regsicherung.reg
C:\Users\Friedrich\Sicherung reg von CCleaner 2.reg
Some content of TEMP:
====================
C:\Users\Friedrich\AppData\Local\Temp\catchme.dll
Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\System32\runouce.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-20 19:59
==================== End Of Log ============================
--- --- ---
__________________ |
|
23.03.2015, 09:16
| #4 |
| | re2 FRST Addition-Log: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Friedrich at 2015-03-23 05:29:22
Running from C:\Users\Friedrich\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ZoneAlarm Extreme Security Antivirus (Disabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
AS: ZoneAlarm Extreme Security Anti-Spyware (Disabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Extreme Security Firewall (Disabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
«City Car Driving» Releases 1.3.2 (HKLM\...\{CC457F3D-5CDE-4CE8-9685-90A4EDE81374}_is1) (Version: 1.3.2 - Forward Development)
007 Legends 1.0.2 (HKLM\...\007 Legends 1.0.2) (Version: 1.0.2 - Activision Publishing)
3DMark (HKLM\...\{1f6ed41c-36d8-4cb3-82f4-cf7b25f60143}) (Version: 1.4.775.0 - Futuremark)
3DMark (Version: 1.4.775.0 - Futuremark) Hidden
3DMark 11 (HKLM\...\{f9e83b9c-ab7e-4005-8f32-4ea69703a5e4}) (Version: 1.0.132.0 - Futuremark)
3DMark 11 (Version: 1.0.132.0 - Futuremark) Hidden
3DMark03 (HKLM\...\{FF35F637-72B9-43BE-A281-06EB2854393A}) (Version: 3.6.0 - )
ACE COMBAT ASSAULT HORIZON Enhanced Edition (HKLM\...\ACE COMBAT ASSAULT HORIZON Enhanced Edition_is1) (Version: - )
Active@ DVD Eraser v 1.1 (HKLM\...\Active@ DVD Eraser v 1.1) (Version: - )
Activision(R) (Version: 1.00.0000 - Activision) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Adrenaline Sniper Elite V2 Benchmark Tool 1.0 (Build 1.0.0.1) (HKLM\...\Adrenaline Sniper Elite V2 Benchmark Tool_is1) (Version: - )
Aerosoft's - Kastellorizo X - FSX (HKLM\...\Kastellorizo X - FSX) (Version: 1.00 - )
Aerosoft's - Seychelles X - FSX (HKLM\...\Seychelles X - FSX) (Version: 1.00 - Aerosoft)
Aerosoft's - VFR Germany 2 (HKLM\...\{3BB7B4D3-C534-4700-AA1B-B01A8EA5F27C}) (Version: 1.00 - Aerosoft)
Aerosoft's - VFR Germany 3 (HKLM\...\{61C6337D-EDF5-43F0-9E50-541A389070BD}) (Version: 1.00 - Aerosoft)
Aerosoft's - VFR Germany 4 (HKLM\...\{F7016342-C196-44B1-AAC5-D7BA4708473E}) (Version: 1.00 - Aerosoft)
Afterfall InSanity (HKLM\...\{CE9CAAA6-0431-433B-9FB5-23EE01669AF2}) (Version: 1.00.0000 - Nicolas Games S.A.)
Age of Empires II - the Conquerors WideScreen Patcher (HKLM\...\{BA2F3EBC-FE07-4AB5-B906-14DF2C74C523}) (Version: 1.0.40 - Boekabart)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version: - )
Age of Empires III - The Asian Dynasties (HKLM\...\InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The Asian Dynasties (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III - The WarChiefs (HKLM\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The WarChiefs (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM\...\InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires Online (HKLM\...\Steam App 105430) (Version: - Microsoft)
Age of Mythology: Extended Edition (HKLM\...\QWdlb2ZNeXRob2xvZ3lFeHRlbmRlZEVkaXRpb24=_is1) (Version: 1 - )
AIDA64 Engineer v5.00 (HKLM\...\AIDA64 Engineer_is1) (Version: 5.00 - FinalWire Ltd.)
AIMP3 (HKLM\...\AIMP3) (Version: v3.60.1483, 27.02.2015 - AIMP DevTeam)
Airbus Series Vol.2 (FS X) (HKU\S-1-5-21-3642466463-2128021046-2334674927-1002\...\Airbus Series Vol.2 (FS X)) (Version: - )
Alan Wake (HKLM\...\Alan Wake_is1) (Version: - )
Aliens Colonial Marines Limited Edition DLC Pack Plus Steam Vorbesteller-Bonus 1.0 (HKLM\...\Aliens Colonial Marines Limited Edition DLC Pack Plus Steam Vorbesteller-Bonus 1.0) (Version: 1.0 - .x.X.RIDDICK.X.x.)
Aliens vs Predator Classic 2000 (HKLM\...\1207665883_is1) (Version: 2.0.0.21 - GOG.com)
Aliens vs Predator D3D11 Benchmark V1.03 (HKLM\...\{CC72E6E8-CFFF-43B4-A9BE-C227C088EE95}) (Version: 1.03.0000 - Rebellion)
Aliens: Colonial Marines (HKLM\...\Aliens: Colonial Marines_is1) (Version: - )
allSnap version 1.33.2 (HKLM\...\allSnap_is1) (Version: 1.33 - Ivan Heckman)
Alone In The Dark (HKLM\...\Alone In The Dark_is1) (Version: - Atari)
America's Army 3 (HKLM\...\Steam App 13140) (Version: - U.S. Army)
Amiga Forever (HKLM\...\{DCB8DF8D-6F0E-405B-B870-89709242F5C0}) (Version: 2012.2.0 - Cloanto)
Amnesia: The Dark Descent Demo (HKLM\...\Steam App 57310) (Version: - Frictional Games)
Anark Client 1.0 (HKLM\...\AnarkClient) (Version: - )
AniMake (HKLM\...\AniMake) (Version: - )
ANNO 1503 GOLD (HKLM\...\{DB833EF9-A198-49BE-970A-BD46F30BFBB4}) (Version: 1.05.00 - )
ANNO 1602 Königs-Edition (HKLM\...\{077A7810-A937-4465-AD08-ACED9807995F}) (Version: 1.00 - )
ANNO 2070 (HKLM\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Anomos 0.9.5 (HKLM\...\Anomos) (Version: 0.9.5 - Anomos Liberty Enhancements)
ArCADia-GRAF 1.5 DE (HKLM\...\{887C98A0-1E31-4C8C-8B72-DA10A860AF71}) (Version: 1.5.6.16 - ArCADiasoft Chudzik sp. j.)
ArCon Professional +2011 (HKLM\...\{7C3C04ED-B746-4273-A0C8-997A8823CB36}) (Version: 15.0.0.0 - Eleco)
ArCon Professional +2011 (Version: 15.0.0.0 - Eleco) Hidden
Arma 3 Complete (HKLM\...\QXJtYTM=_is1) (Version: 1 - )
Assassin's Creed (R) III (HKLM\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.01 - Ubisoft)
Assassin's Creed Brotherhood (HKLM\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.00 - Ubisoft)
Attack Surface Analyzer (HKLM\...\{2710505A-D198-4906-8767-F869909D9FA6}) (Version: 5.3.0.0 - Microsoft Corporation)
Audacity 2.0.6 (HKLM\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Auto Gordian Knot 2.55 (HKLM\...\AutoGK) (Version: 2.55 - len0x)
AviSynth 2.5 (HKLM\...\AviSynth) (Version: - )
AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Converter 7 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Baldur's Gate II (HKLM\...\Baldur's Gate II_is1) (Version: - GOG.com)
Bandicam (HKLM\...\Bandicam) (Version: 2.1.2.740 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM\...\BandiMPEG1) (Version: - Bandisoft.com)
Baphomets Fluch - Der schlafende Drache (HKLM\...\Baphomets Fluch - Der schlafende Drache) (Version: - )
Batman: Arkham City Digital Deluxe Edition (HKLM\...\{E8AC6BBD-9A99-404C-9638-F633312CD441}_is1) (Version: 1.0 - RAF)
Battle Realms Complete (HKLM\...\Battle Realms Complete_is1) (Version: - GOG.com)
Battlefield 3™ (HKLM\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield Heroes (HKLM\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version: - EA Digital illusions)
Bejeweled® 3 (HKLM\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
Beneath a Steel Sky (HKLM\...\GOGPACKBENEATH_is1) (Version: 2.0.0.9 - GOG.com)
Bewerbungs-Experte 2011 (HKLM\...\Bewerbungs-Experte_is1) (Version: 3.0.0.0 - haude electronica verlag)
Binary Domain (HKLM\...\Binary Domain_is1) (Version: - )
BioShock 2 (HKLM\...\{4A8B461A-9336-4CF9-98F4-14DD38E673F0}) (Version: 1.00.0000 - 2K Games)
BioShock Infinite (HKLM\...\BioShock Infinite_is1) (Version: - )
Blade Runner (HKLM\...\Blade Runner) (Version: 1.05 - Westwood Studios 1997)
Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation)
Brutal Legend version 1 (HKLM\...\QnJ1dGFsIExlZ2VuZA==_is1) (Version: 1 - )
Bulletstorm (HKLM\...\GFWL_{45410935-3E72-472B-8C35-AB1000008200}) (Version: 1.0.0000.130 - EA)
Bulletstorm (Version: 1.0.0000.130 - EA) Hidden
Burnout(TM) Paradise The Ultimate Box (HKLM\...\{9A996B6A-846E-4A89-B9C4-17546B7BE49F}) (Version: 1.0.0.0 - Electronic Arts)
C&C Der Tiberiumkonflikt (HKLM\...\C&C Der Tiberiumkonflikt_is1) (Version: - )
Cain & Abel 4.9.56 (HKLM\...\Cain & Abel 4.9.56) (Version: - )
calibre (HKLM\...\{0CF3C0FA-02EA-4E15-9495-1C441C0377B3}) (Version: 2.18.0 - Kovid Goyal)
Call of Duty Black Ops GERMAN Uncut 1.00 (HKLM\...\Call of Duty Black Ops GERMAN Uncut 1.00) (Version: - )
Call of Duty Modern Warfare 3 (c) Activision version 1 (HKLM\...\Call of Duty Modern Warfare 3 (c) Activision_is1) (Version: 1 - )
Call of Duty: Black Ops II v1.0 (HKLM\...\{26B8A445-02C6-4F87-AD2A-024BBFC99A06}_is1) (Version: 1.0 - RAF)
Cannon Fodder (HKLM\...\GOGPACKCANNONFODDER_is1) (Version: 2.0.0.3 - GOG.com)
Capitalism 2 (HKLM\...\GOGPACKCAPITALISM2_is1) (Version: 2.0.0.5 - GOG.com)
Castle of Illusion (HKLM\...\Q2FzdGxlb2ZJbGx1c2lvbg==_is1) (Version: 1 - )
Castlevania Lords of Shadow (HKLM\...\{F14EDCE5-B45D-4D77-A5B8-C7513E5C7BDA}) (Version: 6.0 - Black Box)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP)
CDex - Open Source Digital Audio CD Extractor (HKLM\...\CDex) (Version: 1.72.1.2014 - Georgy Berdyshev)
Chaos auf Deponia Demo (HKLM\...\Deponia 2 Demo) (Version: 1.0 - Daedalic Entertainment)
Cheat Engine 6.2 (HKLM\...\Cheat Engine 6.2_is1) (Version: - Dark Byte)
Cheatbook Database 2014 (HKLM\...\Cheatbook Database 2014) (Version: - )
ClamWin Free Antivirus 0.98.4.1 (HKLM\...\ClamWin Free Antivirus_is1) (Version: - alch)
ClassicPro© v2.01 (HKLM\...\ClassicPro) (Version: 2.01 - Skin Consortium)
ClearProg 1.6.1 Beta 8 (HKLM\...\ClearProg) (Version: 1.6.1 Beta 8 - Sven Hoffman)
CLICKBIOSII (HKLM\...\{EBCB111F-4907-4B28-BD03-F5BD901106D2}_is1) (Version: 1.0.123 - MSI)
Colin McRae Rally Remastered (HKLM\...\Colin McRae Rally Remastered_is1) (Version: - )
Command & Conquer 3 (HKLM\...\{B0C30E93-D3D9-4F04-A2AC-54749B573275}) (Version: 1.00.0000 - Ihr Firmenname)
Command & Conquer Alarmstufe Rot 2 (HKLM\...\Red Alert 2) (Version: - )
Command & Conquer Generals (HKLM\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command & Conquer Generals (Version: 0.50.0000 - Electronic Arts) Hidden
Command & Conquer Teil 3: Operation Tiberian Sun (HKLM\...\Tiberian Sun) (Version: - )
Command & Conquer™ 3: Kanes Rache (HKLM\...\{CC2422C9-F7B5-4175-B295-5EC2283AA674}) (Version: 1.00.0000 - Ihr Firmenname)
Command & Conquer™ 4 Tiberian Twilight (HKLM\...\{82696435-8572-4D8B-A230-D1AA567D0F0F}) (Version: 1.0.0.0 - Electronic Arts)
Command & Conquer™ Alarmstufe Rot 3 (HKLM\...\{296D8550-CB06-48E4-9A8B-E5034FB64715}) (Version: 1.0.1.0 - Electronic Arts)
Command & Conquer™ Alarmstufe Rot 3 Der Aufstand (HKLM\...\{DDE59617-F59A-473B-BC4E-C2B81F6CD38D}) (Version: 1.0.1.0 - Electronic Arts)
Command && Conquer Alarmstufe Rot 2 - Yuris Rache (HKLM\...\Yuri's Revenge) (Version: - )
Command and Conquer(TM) Generäle Die Stunde Null (HKLM\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
Command and Conquer(TM) Generäle Die Stunde Null (Version: 1.00.0000 - Electronic Arts) Hidden
Commando (HKLM\...\ComandoDeinstKey) (Version: - )
Commandos 2: Men of Courage (HKLM\...\{F7963BA0-EE1C-11D4-9FA5-00A0C9E6A342}) (Version: - )
Commandos 3 - Destination Berlin (HKLM\...\{C270BC04-1540-4673-960F-A546B2C860CD}) (Version: - )
ConvertAll (HKLM\...\ConvertAll) (Version: - )
Corel Graphics - Windows Shell Extension (HKLM\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Common (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Connect (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Custom Data (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - DE (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Draw (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - EN (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - ES (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (HKLM\...\_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}) (Version: - Corel Corporation)
CorelDRAW Essentials X5 - Extra Content (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Filters (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - FR (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IPM (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IT (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - PHOTO-PAINT (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Redist (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Setup Files (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - WT (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 (HKLM\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.2.0.686 - Corel Corporation)
CorelDRAW Essentials X5 (Version: 15.3 - Corel Corporation) Hidden
Counter-Strike Nexon: Zombies (HKLM\...\Steam App 273110) (Version: - Nexon)
Counter-Strike: Global Offensive - SDK (HKLM\...\Steam App 745) (Version: - )
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Crysis® 2 (HKLM\...\{6033673D-2530-4587-8AD0-EB059FC263F9}) (Version: 1.0.0.0 - Electronic Arts)
Crysis®3 (HKLM\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.1.0.0 - Electronic Arts)
CrystalDiskMark 3.0.3a (HKLM\...\CrystalDiskMark_is1) (Version: 3.0.3a - Crystal Dew World)
CyberLink PowerDVD 11 (HKLM\...\InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}) (Version: 11.0.1620.51 - CyberLink Corp.)
Dark Souls Prepare to Die Edition (HKLM\...\GFWL_{4E4D0FA1-F880-4CCB-999A-501000008200}) (Version: 1.0.0000.130 - NAMCO BANDAI Games Europe S.A.S.)
Dark Souls Prepare to Die Edition (Version: 1.0.0000.130 - NAMCO BANDAI Games Europe S.A.S.) Hidden
Darksiders 1.1(CREATED BY XEONKING©) (HKLM\...\Darksiders_is1) (Version: 1.1 - )
Das Haus am See - Kinder der Stille Sammleredition 1.0.0.0 (HKLM\...\Das Haus am See - Kinder der Stille Sammleredition 1.0.0.0) (Version: 1.0.0.0 - Shadow - Time to play)
Das Telefonbuch Deutschland (HKLM\...\DasTelefonbuch Deutschland) (Version: - TVG Telefonbuch- und Verzeichnisverlag GmbH & Co. KG)
Datennetzwerktechnik (HKLM\...\Datennetzwerktechnik) (Version: - )
Dead Island Riptide (c) Deep Silver version 1 (HKLM\...\RGVhZCBJc2xhbmQgUmlwdGlkZSAoYykgRGVlcCBTaWx2ZXI=_is1) (Version: 1 - )
Dead Space (HKLM\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
Dead Space™ 2 (HKLM\...\{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}) (Version: 1.0.941.0 - Electronic Arts)
Delta Force (HKLM\...\Delta Force) (Version: - )
Delta Force 2 (HKLM\...\Delta Force 2) (Version: - )
Descent and Descent 2 (HKLM\...\Descent and Descent 2_is1) (Version: - GOG.com)
DesignSpark Mechanical 2.0 (HKLM\...\{ADF11148-6555-FFFF-A320-274AF0C42282}) (Version: 10.0.0 - SpaceClaim Corporation)
Deus EX Human Revolution Version v1.1 (HKLM\...\{2DDC57D4-594D-4F30-8D81-27FDB2243644}_is1) (Version: v1.1 - ZKY)
D-Fend Reloaded 1.3.6 (deinstallieren) (HKLM\...\D-Fend Reloaded) (Version: 1.3.6 - Alexander Herzog)
Dia (nur entfernen) (HKLM\...\Dia) (Version: - )
Die Siedler II - Die nächste Generation (HKLM\...\S2TNG) (Version: - )
Die Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.9.22 - Electronic Arts)
D-Info mit Rückwärtssuche Frühjahr 2012 (HKLM\...\{36F8E574-A5D0-425C-AF52-FFA2D4616ED6}) (Version: 1.00.0000 - telegate MEDIA AG)
DirSync 2.96 (HKLM\...\DirSync) (Version: - Stephen Kalisch)
DiRT 3 (HKLM\...\GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}) (Version: 1.0.0000.130 - Codemasters)
DiRT 3 (Version: 1.0.0000.130 - Codemasters) Hidden
DLH98 v1.44 (HKLM\...\DLH98) (Version: - )
Doc Scrubber v1.1 (HKLM\...\Doc Scrubber_is1) (Version: 1.1 - Javacool Software LLC)
Dolphin x86 (HKLM\...\Dolphin x86) (Version: 4.0.2 - Dolphin Development Team)
Doom 3: BFG Edition (HKLM\...\{2EBA122F-BB93-4FCF-ACC3-59374E7CF3C9}_is1) (Version: 1.0 - RAF)
Dr_Brain_GJ_Vol2 (HKU\S-1-5-21-3642466463-2128021046-2334674927-1002\...\Dr_Brain_GJ_Vol2) (Version: - )
Dracula Origin (HKLM\...\Dracula Origin_is1) (Version: - )
Duke Nukem Forever DELUXE EDITION incl. dem DLC The Doctor Who Cloned Me 1.01 (HKLM\...\Duke Nukem Forever DELUXE EDITION incl. dem DLC The Doctor Who Cloned Me 1.01) (Version: - )
DVD Identifier (HKLM\...\DVD Identifier_is1) (Version: 5.2.0 - Kris Schoofs)
DVD-lab PRO 2.0 (HKLM\...\DVD-lab PRO 2.0 deutsch_is1) (Version: - )
Earthworm Jim 3D (HKLM\...\Earthworm Jim 3D_is1) (Version: - GOG.com)
EAX Unified (HKLM\...\EAX Unified) (Version: - )
Elektronik 2 V2.0 (HKLM\...\Elektronik 2 V2.0) (Version: - )
eLicenser Control (HKLM\...\eLicenser Control) (Version: - Steinberg Media Technologies GmbH)
EMET 5.1 (HKLM\...\{72E7AE20-5B12-4F27-AF5E-DA03E3C09466}) (Version: 5.1 - Microsoft Corporation)
Emsisoft HiJackFree 4.5 (HKLM\...\Emsisoft HiJackFree_is1) (Version: 4.5 - Emsisoft GmbH)
Enclave (HKLM\...\Steam App 253980) (Version: - Topware)
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
EVEREST Ultimate Edition v5.30 (HKLM\...\EVEREST Ultimate Edition_is1) (Version: 5.30 - Lavalys, Inc.)
Everything 1.3.4.686 (x86) (HKLM\...\Everything) (Version: - )
Far Cry 3 (HKLM\...\{3E7F5A51-7657-43D6-A9B3-C3A21473834B}_is1) (Version: 1.01 - RAF)
FEZ (HKLM\...\FEZ_is1) (Version: - Trapdoor)
FIFA 14 Version 1.0 u1 (HKLM\...\FIFA 14_is1) (Version: 1.0 u1 - EA Games)
FileZilla Client 3.10.2 (HKLM\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
Fischer Weltalmanach und Atlas 2012 (HKLM\...\InstallShield_{8B1B9DF1-DB57-4A69-8047-D64C0F46ADA7}) (Version: 1.00.0000 - USM)
Fischer Weltalmanach und Atlas 2012 (Version: 1.00.0000 - USM) Hidden
FixFoto 3.00 (HKLM\...\FixFoto_is1) (Version: - Joachim Koopmann Software)
Flash Drive Tester v1.14 (HKLM\...\{272C8DEE-F54F-406C-9AA6-B4DE2985A47C}) (Version: 1.14 - Virtual Console)
Fraps (remove only) (HKLM\...\Fraps) (Version: - )
FreeFileSync 6.13 (HKLM\...\FreeFileSync_is1) (Version: 6.13 - www.FreeFileSync.org)
FUEL (HKLM\...\{F51FF206-2273-4B3E-A90A-4752AE288C12}) (Version: 1.00.0000 - Codemasters)
Futuremark SystemInfo (HKLM\...\{A7E0E8D0-2E06-428A-8A8A-83BFF0B4DFE6}) (Version: 4.34.498.0 - Futuremark)
Gabelstapler 2014 1.0.2 (HKLM\...\{9B9000F2-DD0C-40AA-9ED6-6776B83894E1}_is1) (Version: - UIG Entertainment)
Gabriel Knight - Sins of the Fathers Demo (HKLM\...\Steam App 318170) (Version: - Phoenix Online Studios)
GALCOM Echo Squad SE Demo Docs (HKLM\...\GALCOM Echo Squad SE Demo Docs) (Version: - 3000AD, Inc.)
Game Compatibility Database (HKLM\...\{0e82bf4c-b906-4635-a97e-6a9740686b33}.sdb) (Version: - )
Gameforge Live 2.0.6 (HKLM\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.6 - Gameforge)
Gas Guzzlers Combat Carnage (HKLM\...\Gas Guzzlers Combat Carnage_is1) (Version: - )
gbrainy 2.06 (HKLM\...\gbrainy) (Version: 2.06 - )
GCFScape 1.8.4 (HKLM\...\GCFScape_is1) (Version: - Ryan Gregg)
Gears of War (HKLM\...\InstallShield_{1170D24F-42B7-40CF-AA1B-6395CE562354}) (Version: 1.00.0000 - Microsoft Game Studios)
Gears of War (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Geeks3D PhysX FluidMark v1.5.2 (HKLM\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version: - Geeks3D.com)
Geeks3D.com FurMark 1.10.1 (HKLM\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D.com)
Gehirnjogging - Generations (HKLM\...\CD_Gehirnjogging_Generations_DE) (Version: - )
Gehirnjogging 4 (HKLM\...\Gehirnjogging 4) (Version: 1.0 - SBT)
Gemeinsam genutzte Internet-Komponenten von Westwood (HKLM\...\WOLAPI) (Version: - )
GetRight (HKLM\...\GetRight_is1) (Version: - Headlight Software, Inc.)
Gods Will Be Watching (HKLM\...\1207664883_is1) (Version: 2.0.0.1 - GOG.com)
GoldWave v5.66 (HKLM\...\GoldWave v5.66) (Version: - )
Goodbye Deponia Demo (HKLM\...\Steam App 262880) (Version: - Daedalic Entertainment)
Google Earth Pro (HKLM\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
GPS-Track-Analyse.NET 6.0 (HKLM\...\GPS-Track-Analyse.NET 6.0_is1) (Version: - )
Grand Theft Auto IV (HKLM\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto IV (Version: 1.0.0011.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto IV (Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
GRID Autosport (HKLM\...\GRID Autosport_is1) (Version: GRID Autosport - )
GSAK 8.4.0.0 (HKLM\...\GSAK_is1) (Version: - CWE computer services)
GTA IV Vehicle Mod Installer v1.2 (HKLM\...\GTA IV Vehicle Mod Installer v1.2_is1) (Version: - MobileD2)
Gunpoint Demo (HKLM\...\Steam App 240570) (Version: - )
Half-Life Singleplayer Edition (HKLM\...\{D2FEF059-3942-4E50-B825-4E208DBC63F2}_is1) (Version: 1.1.2010 - Valve)
HashTab 5.2.0.14 (HKLM\...\HashTab) (Version: 5.2.0.14 - Implbits Software)
Haunted Past - Im Reich der Geister 1.00 (HKLM\...\Haunted Past - Im Reich der Geister 1.00) (Version: - )
HD Tune Pro 5.00 (HKLM\...\HD Tune Pro_is1) (Version: - EFD Software)
Heaven Benchmark version 4.0 (HKLM\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Heaven DX11 Benchmark version 3.0 (HKLM\...\Unigine Heaven DX11 Benchmark (Basic Edition)_is1) (Version: 3.0 - Unigine Corp.)
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
Hitman Absolution (HKLM\...\Hitman Absolution_is1) (Version: - )
Homebrew - Vehicle Sandbox Demo (HKLM\...\Steam App 327770) (Version: - Copybugpaste)
Homefront (HKLM\...\Homefront_is1) (Version: - )
HWiNFO32 Version 4.42 (HKLM\...\HWiNFO32_is1) (Version: 4.42 - Martin Malík - REALiX)
HyperSnap 6 (HKLM\...\HyperSnap 6) (Version: 6.70.02 - Hyperionics Technology LLC)
IconPackager (HKLM\...\IconPackager) (Version: 5.10.032 - Stardock Corporation)
IconPackager (Version: 5.10.032 - Stardock Corporation) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Incredipede (HKLM\...\GOGPACKINCREDIPEDE_is1) (Version: 2.0.0.4 - GOG.com)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
IsoBuster 3.5 (HKLM\...\IsoBuster_is1) (Version: 3.5 - Smart Projects)
IT-Sicherheit (HKLM\...\IT-Sicherheit) (Version: - )
Jagged Alliance (HKLM\...\Jagged Alliance_is1) (Version: - GOG.com)
Jagged Alliance 2 (HKLM\...\Jagged Alliance 2_is1) (Version: - GOG.com)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JonDo (HKLM\...\JonDoUninstall) (Version: - )
jStrip 3.3 (HKLM\...\jStrip_is1) (Version: 3.3 - David Crowell)
Kalenderchen 5 (HKLM\...\{11464943-4682-4F6B-A96D-D4E8C26DD111}_is1) (Version: - Daniel Manger)
KaloMa 4.92 (HKLM\...\KaloMa_is1) (Version: - Frank Böpple)
KeePass Password Safe 2.27 (HKLM\...\KeePassPasswordSafe2_is1) (Version: 2.27 - Dominik Reichl)
Kingdoms of Amalur: Reckoning (HKLM\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts)
KKND Krossfire (HKLM\...\KKND Krossfire) (Version: - )
K-Lite Codec Pack 11.0.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 11.0.0 - )
K-Meleon 74.0 (x86 en-US) (HKLM\...\K-Meleon 74.0 (x86 en-US)) (Version: 74.0 - kmeleonbrowser.org)
Knights and Merchants (HKLM\...\Steam App 253900) (Version: - Topware Interactive)
Kolor Autopano Giga 3.6 (HKLM\...\AutopanoGiga3.6) (Version: V3.6.3 - Kolor)
Lara Croft and the Guardian of Light (HKLM\...\Lara Croft and the Guardian of Light_is1) (Version: - )
LauschAngriff (HKLM\...\LauschAngriff) (Version: - )
LEGO - The Hobbit (HKLM\...\TEVHT1RoZUhvYmJpdA==_is1) (Version: 1 - )
LEGO Batman 3 - Beyond Gotham (HKLM\...\TEVHT0JhdG1hbjNCZXlvbmRHb3RoYW0=_is1) (Version: 1 - )
LEGO Digital Designer (HKLM\...\New LEGO Digital Designer) (Version: - LEGO A/S)
LEGO MARVEL Super Heroes (HKLM\...\LEGO MARVEL Super Heroes_is1) (Version: - Warner Bros. Games)
LEGO® Batman™ (HKLM\...\InstallShield_{398AB469-77FC-4935-820B-D419388C0A6A}) (Version: 1.00.0000 - Warner Bros. Interactive Entertainment)
LEGO® Batman™ (Version: 1.00.0000 - Warner Bros. Interactive Entertainment) Hidden
LEGO® Der Herr der Ringe™ (HKLM\...\{C6F20FA7-342A-47A9-A3C8-EB36CABE6419}) (Version: 1.0.0.0 - Warner Bros. Interactive Entertainment)
LEGO® Pirates of the Caribbean Das Videospiel (HKLM\...\{64958DA4-79D3-43FD-AF06-720DAD044F9E}) (Version: 1.0.0.0 - Disney Interactive Studios)
Leistungselektronik (HKLM\...\Leistungselektronik) (Version: - )
Life Goes On Demo (HKLM\...\Steam App 246380) (Version: - )
Lightworks (HKLM\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 12.0.2.0 - Lightworks)
Logitech Gaming Software 5.10 (HKLM\...\{60D32CDC-E3BE-4578-BA10-29322307CDDC}) (Version: 5.10.127 - Logitech)
LOST PLANET 2 (HKLM\...\{737369DC-08E8-4787-A78C-F86943247BDF}) (Version: 1.0.0.129 - CAPCOM CO., LTD.)
MadOnion.com/3DMark2000 (HKLM\...\MadOnion.com/3DMark2000) (Version: - )
MadOnion.com/3DMark2001 SE (HKLM\...\{91B323B5-A79C-4D23-BD6D-046C565F9BCF}) (Version: - )
Magic Games II (HKLM\...\{AB38070F-5479-4F76-8419-80A758B7B16B}) (Version: 1.0.0 - magicn)
Magic The Gathering - Duels of the Planeswalkers (HKLM\...\Magic The Gathering - Duels of the Planeswalkers_is1) (Version: - )
Magical Jelly Bean KeyFinder (HKLM\...\KeyFinder_is1) (Version: 2.0.9.8 - Magical Jelly Bean)
MahJong Suite 2011 v8.2 (HKLM\...\MahJong Suite_is1) (Version: - TreeCardGames)
Majesty 2: The Fantasy Kingdom Sim (HKLM\...\{CDCA3C32-FCE7-40E8-8CB5-7B0E87ADDFC9}_is1) (Version: 1.0.0.0 - Paradox Interactive)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mandelbulber (HKLM\...\35A39AB0-5E9F-4B70-98DA-4B8158C89C4B) (Version: 1.21-1 - )
Maniac Mansion Deluxe (HKLM\...\Maniac Mansion Deluxe) (Version: - )
Medal of Honor™ Warfighter Deutsch Patch 1.00 (HKLM\...\Medal of Honor™ Warfighter Deutsch Patch 1.00) (Version: - )
MediaCoder 0.8.30.5622 (HKLM\...\MediaCoder) (Version: 0.8.30.5622 - Mediatronic)
Memoria Demo (HKLM\...\Steam App 250940) (Version: - Daedalic Entertainment)
Metro Last Light Update 12 (v1.0.0.14) Plus limited First Edition DLCs Plus Chronicles Pack DLC v1.0.0.14 (HKLM\...\Metro Last Light Update 12 (v1.0.0.14) Plus limited First Edition DLCs Plus Chronicles Pack DLC v1.0.0.14) (Version: - )
Metro: Last Light (c) Deep Silver version 1 (HKLM\...\TWV0cm9MYXN0TGlnaHQ=_is1) (Version: 1 - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Age of Empires Gold (HKLM\...\Age of Empires Gold 1.0) (Version: - )
Microsoft Age of Empires II (HKLM\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft Baseline Security Analyzer 2.3 (HKLM\...\{C3013E88-B772-4446-A0AE-A7F37180B9F1}) (Version: 2.3.2208 - Microsoft Corporation)
Microsoft Flight Simulator X Service Pack 2 (HKLM\...\{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}) (Version: 10.0.61472.0 - Microsoft Game Studios)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Image Composite Editor (HKLM\...\{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft Keyboard Layout Creator 1.4 (HKLM\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft Corp.)
Microsoft LifeCam (HKLM\...\{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{485DE620-A598-4481-ACDC-61734504DB74}) (Version: 11.0.2318.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Performance Toolkit (HKLM\...\{E7F9E526-2324-437B-A609-E8C5309465CB}) (Version: 4.8.0 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.1) (HKLM\...\SDKSetup_7.1.7600.0.30514) (Version: 7.1.7600.0.30514 - Microsoft Corporation)
Microsoft WorldWide Telescope (HKLM\...\{7785F029-FBFF-4572-8E1C-596D8A28B548}) (Version: 5.1.09 - Microsoft Research)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Midori 0.5.9 (HKLM\...\Midori) (Version: 0.5.9 - Christian Dywan)
Mind Path to Thalamus (HKLM\...\Mind Path to Thalamus_is1) (Version: - )
Minecraft1.7.9 (HKLM\...\Minecraft1.7.9) (Version: - )
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
mirkes.de Tiny Hexer (HKLM\...\{CC399A03-4695-432E-AE6E-BB450DDE5248}_is1) (Version: 1.8 - markus stephany)
Mirror's Edge™ (HKLM\...\{AEDBD563-24BB-4EE3-8366-A654DAC2D988}) (Version: 1.0.0.0 - Electronic Arts)
Monitor Calibration Wizard 1.0 (HKLM\...\Monitor Calibration Wizard) (Version: - )
Monkey Island™ Special Edition Collection (HKLM\...\MISEC) (Version: 1.0.0.0 - LucasArts)
MonochromiX 1.39 (HKLM\...\MonochromiX_is1) (Version: - Joachim Koopmann Software)
Monopoly (HKLM\...\{D7E7EC5E-4349-4E40-B37C-4342188B86EC}) (Version: - )
Moo0 System Monitor 1.76 (HKLM\...\Moo0 SystemMonitor) (Version: - )
Moorhuhn Remake (HKLM\...\{52210D57-0B1F-4681-90DD-8659DF4BCC40}) (Version: 1.00.0000 - )
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 36.0.4 (x86 de) (HKLM\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MPU (HKLM\...\{18F6D695-66FF-411C-9347-55D1140A7D7B}) (Version: 1.1.8 - Hergarten Media)
MSI Afterburner 4.0.0 (HKLM\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyFFVideoConverter (HKLM\...\MyFFVideoConverter) (Version: 1.0.0.0 - Pergel.hu)
NASA World Wind 1.4 (HKLM\...\NASA World Wind 1.4) (Version: - )
NASAEyes (HKLM\...\{3E9B108D-9985-4043-B0B0-29F29221C9A6}) (Version: 1.0.0.0 - JPL/NASA-Caltech)
Native Instruments Traktor DJ Studio 3 (HKLM\...\Native Instruments Traktor DJ Studio 3) (Version: - )
Need for Speed™ ProStreet (HKLM\...\{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}) (Version: 1.0.1.0 - Electronic Arts)
Need for Speed™ Rivals (HKLM\...\{E0A32336-AA27-4053-99B2-C3380B7B95AC}) (Version: 1.3.0.0 - Electronic Arts)
Need For Speed™ World (HKLM\...\{3AF1B16A-7DC9-4C80-BAEC-70B088A7C5B8}) (Version: 1.0.0.0 - Electronic Arts)
Nemeth Designs Bell UH-1 Huey for Microsoft Flight Simulator X (HKLM\...\Nemeth Designs Bell UH-1 Huey for Microsoft Flight Simulator X) (Version: - )
NetLimiter 3 (HKLM\...\{913923AB-3AAB-4870-8910-627C4CD82789}) (Version: 3.0.0.11 - Locktime Software s.r.o.)
NetSetMan 3.7.3 (HKLM\...\NetSetMan_is1) (Version: 3.7.3 - Ilja Herlein)
NetSpeedMonitor 2.5.4.0 x86 (HKLM\...\{86501894-E722-4385-A792-B7C2F28FAE7B}) (Version: 2.5.4.0 - Florian Gilles)
NetTools 5.0 (HKLM\...\NetTools_is1) (Version: 5.0 - Mohammad Ahmadi Bidakhvidi)
NexusFont 2.5 (ver 2.5.8.1582) (HKLM\...\{EFEDD205-43FE-4208-B682-0937E803E19E}_is1) (Version: - xiles)
NNScript (HKU\S-1-5-21-3642466463-2128021046-2334674927-1002\...\NoNameScript) (Version: 4.22 - ESNation)
Notepad++ (HKLM\...\Notepad++) (Version: 6.5.3 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA Alien vs. Triangles demo (HKLM\...\Alien vs. Triangles) (Version: 1.0 - NVIDIA Corporation)
NVIDIA FaceWorks: Real-time Performance Capture Demo (HKLM\...\FaceWorks) (Version: 1.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA Hair Demo (HKLM\...\{BF2D55FB-975E-4B59-9C10-439A975701FF}) (Version: 1.00 - )
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Screen Saver 1.2 (HKLM\...\NVIDIA Screen Saver_is1) (Version: - )
NVIDIA Supersonic Sled demo (HKLM\...\Supersonic Sled) (Version: - )
O&O Defrag Professional (HKLM\...\{24CD85A3-6562-4C24-8257-27826C7CF7FE}) (Version: 15.8.813 - O&O Software GmbH)
O&O SafeErase Professional (HKLM\...\{4649998A-0D48-45C2-AF5B-FBD5ECF536ED}) (Version: 5.1.636 - O&O Software GmbH)
O&O UnErase (HKLM\...\{37F6190F-8A86-4B19-86A3-5A59BEA62823}) (Version: 6.0.1899 - O&O Software GmbH)
OMSI - Der Omnibussimulator (HKLM\...\{9AE850A4-B89D-4875-A159-B1B64D717EFB}) (Version: 1.06 - aerosoft)
OpenAL (HKLM\...\OpenAL) (Version: - )
OpenVPN 2.3.4-I603 (HKLM\...\OpenVPN) (Version: 2.3.4-I603 - )
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Oracle VM VirtualBox 4.3.26 (HKLM\...\{26B8608D-6C29-4171-9751-67621C834AA3}) (Version: 4.3.26 - Oracle Corporation)
Orcs Must Die 2 - Language Addon (HKLM\...\Orcs Must Die 2_is1) (Version: - )
Orcs Must Die! Unchained (HKLM\...\{8EBA33AF-48E0-4207-A4EE-96029415AD76}_is1) (Version: - Gameforge 4D GmbH)
Origin (HKLM\...\Origin) (Version: 9.1.11.2678 - Electronic Arts, Inc.)
PA38 Tomahawk FSX/P3D (HKLM\...\PA38 Tomahawk FSX/P3D) (Version: 1.00.00.00 - ALABEO)
PAC-MAN Championship Edition DX+ Demo (HKLM\...\Steam App 247260) (Version: - Mine Loader Software Co., Ltd.)
Painkiller Hell and Damnation (HKLM\...\Painkiller Hell and Damnation_is1) (Version: - )
Paragon ExtFS for Windows (HKLM\...\ParagonExtFS) (Version: - )
Paragon Hard Disk Manager™ 14 Suite (HKLM\...\{29258311-EA49-11DE-967C-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Path of Exile (HKLM\...\Steam App 238960) (Version: - Grinding Gear Games)
Pazera Free Audio Extractor 1.4 (HKLM\...\{6899C238-3E4A-4A04-B251-A0C9EDC7EDBC}_is1) (Version: 1.4 - Pazera Jacek)
PC Tune-Up (Version: 2.2.0.1 - ZoneAlarm) Hidden
PCMark 7 (HKLM\...\{75C3C9C0-6CE6-42FA-A0E9-658E8F539124}) (Version: 1.4.0 - Futuremark)
PCSX2 - Playstation 2 Emulator (HKLM\...\pcsx2-r5875) (Version: - )
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.311.0 - Tracker Software Products Ltd)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PeerGuardian 2.0 (HKLM\...\PeerGuardian_is1) (Version: 2.0.6.4 - Methlabs Productions)
Pluto Client (HKLM\...\{F8584160-CC6E-11d5-954F-5254AB1A4DB7}) (Version: - )
Portal 2 Version 1.0 u23 (HKLM\...\Portal 2_is1) (Version: 1.0 u23 - Valve)
Portrait Professional Studio 9.8 (HKLM\...\PortraitProfessionalStudio9_is1) (Version: 9.8 - Anthropics Technology Ltd.)
Pro Evolution Soccer 2014 - World Challenge (HKLM\...\Pro Evolution Soccer 2014 - World Challenge_is1) (Version: - )
Pro Evolution Soccer 2015 Demo (HKLM\...\Steam App 321280) (Version: - KONAMI Digital Entertainment)
Prototype 2 (HKLM\...\Prototype 2_is1) (Version: - )
Prototype(TM) (HKLM\...\InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}) (Version: 1.0 - Activision)
Prototype(TM) (Version: 1.0 - Activision) Hidden
Puppet Show 5 - Ungewisses Schicksal Sammleredition (HKLM\...\Puppet Show 5 - Ungewisses Schicksal Sammleredition 1.0) (Version: 1.0 - Dok)
Quake (HKLM\...\Quake_is1) (Version: - )
Quake 4 1.4.2 (HKLM\...\Quake 4 1.4.2) (Version: - )
Quake III Arena (HKLM\...\Quake III Arena) (Version: - )
Quest for Infamy (HKLM\...\Quest for Infamy) (Version: - Infamous Quests)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rage Complete Edition MULTi-9 1.3 (HKLM\...\Rage Complete Edition MULTi-9 1.3) (Version: - )
Railworks 3 Train Simulator 2012 Deluxe (HKLM\...\Railworks 3 Train Simulator 2012 Deluxe_is1) (Version: - )
RamDisk Plus 11.6 (HKLM\...\{D96E4F17-2635-4CBD-9308-F99228929C41}) (Version: 11.6.795 - SuperSpeed LLC)
Rapture3D 2.4.8 Game (HKLM\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound)
Ravensburger Puzzle 2 (HKLM\...\Ravensburger Puzzle 2) (Version: 1.0 - Ravensburger Digital)
Rayman 2 - The Great Escape (HKLM\...\GOGPACKRAYMAN2_is1) (Version: 2.0.0.38 - GOG.com)
Rayman Forever (HKLM\...\GOGPACKRAYMANFOREVER_is1) (Version: 2.0.0.15 - GOG.com)
Rayman Legends Demo (HKLM\...\Steam App 243340) (Version: - )
Razer Imperator (HKLM\...\{C05905B9-775A-4894-A4DF-B57C15250958}) (Version: 2.02.00 - Razer USA Ltd.)
Razer Synapse (HKLM\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.24565 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7399 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM\...\{0DF70CB6-553A-4C57-8E6D-87635EECFB78}) (Version: 1.00.0145 - ALFA NETWORK Inc..)
REAPER (HKLM\...\REAPER) (Version: - )
Recovery Toolbox for CD Free 2.1 (HKLM\...\Recovery Toolbox for CD Free_is1) (Version: - Recovery Toolbox, Inc.)
Redneck Rampage Collection (HKLM\...\Redneck Rampage Collection_is1) (Version: - GOG.com)
Renegade X Black Dawn (HKLM\...\UDK-5848cd63-de6d-4847-9e8d-6abc3bcd6aef) (Version: - Epic Games, Inc.)
RESIDENT EVIL 5 (HKLM\...\{AC08BBA0-96B9-431A-A7D0-D8598E493775}) (Version: 1.0.0.129 - CAPCOM CO., LTD.)
Resident Evil 6 Benchmark (HKLM\...\{0343CD8E-625A-47FF-BC7E-92BCDF2E5929}) (Version: 1.00.0000 - CAPCOM CO., LTD.)
Resident Evil 6 version 1 (HKLM\...\UmVzaWRlbnQgRXZpbCA2_is1) (Version: 1 - )
Resident Evil Revelations (HKLM\...\Resident Evil Revelations_is1) (Version: - Capcom)
Resident Evil: Operation Raccoon City (HKLM\...\{43430FA1-12BB-4D88-862E-4F1000008400}) (Version: 1.0.0.0 - CAPCOM U.S.A., INC)
RetroShare (HKLM\...\RetroShare) (Version: - )
REX 4 - Texture Direct (HKLM\...\{CACCC25C-70B5-4FD1-AF01-10D11B87DED8}) (Version: 4.0.2013.1215 - REX Game Studios, LLC.)
rFactor Demo (HKLM\...\Steam App 353320) (Version: - Image Space Incorporated)
Rise of the Triad (HKLM\...\GOGPACKROTT2013_is1) (Version: 2.1.0.6 - GOG.com)
RivaTuner Statistics Server 6.2.0 (HKLM\...\RTSS) (Version: 6.2.0 - Unwinder)
RMPrepUSB (HKLM\...\RMPrepUSB) (Version: - )
RollerCoaster Tycoon 2 Triple Thrill Pack (German) (HKLM\...\GOGPACKRCT2_is1) (Version: 2.0.0.6 - GOG.com)
RollerCoaster Tycoon 3 (HKLM\...\RollerCoaster Tycoon 3_is1) (Version: - Atari)
RollerCoaster Tycoon Deluxe (German) (HKLM\...\GOGPACKRTC_is1) (Version: 2.1.0.18 - GOG.com)
S.T.A.L.K.E.R. - Call Of Pripyat [v1.6.01] (HKLM\...\{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1) (Version: 1.6.01 - bitComposer Games)
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0006] (HKLM\...\S.T.A.L.K.E.R. - Shadow of Chernobyl_is1) (Version: 1.0006 - THQ)
Saints Row The Third (HKLM\...\Saints Row The Third_is1) (Version: - )
Sang-Froid - Tales of Werewolves Demo (HKLM\...\Steam App 261240) (Version: - Artifice Studio)
SCANIA Truck Driving Simulator 1.0.0 (HKLM\...\SCANIA Truck Driving Simulator) (Version: 1.0.0 - SCS Software)
Schlag den Raab - Das 3. Spiel (HKLM\...\SDR3) (Version: 1.0 - Sproing Interactive GmbH)
Schlagwortsuche 1.14 (HKLM\...\Schlagwortsuche_is1) (Version: - Joachim Koopmann Software)
SDFormatter (HKLM\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SILENT HILL 4 (HKLM\...\{00BD992A-D4C7-447D-8AA1-60B5759EA30D}) (Version: 1.00.000 - )
SimCity 2000 Special Edition (HKLM\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
Singularity(TM) (HKLM\...\InstallShield_{3FAD68D9-1FA1-4871-9ADF-9151D969E943}) (Version: 1.00.0000 - Activision)
SiSoftware Sandra Lite 2014.SP2 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.28.2014.5 - SiSoftware)
SMAC 2.7 (HKLM\...\SMAC 2.7) (Version: - )
Sniper - Ghost Warrior (HKLM\...\Sniper - Ghost Warrior_is1) (Version: - )
Sniper Elite V2 (HKLM\...\Steam App 63380) (Version: - Rebellion)
Sniper: Ghost Warrior - Map Pack (HKLM\...\Sniper - Ghost Warrior - Map Pack/EN-English_is1) (Version: - City Interactive)
SniperEliteV2 Benchmark 1.05 (HKLM\...\{2BA01EC9-E9F3-453C-AF5B-51E87FD4A0F1}) (Version: 1.05.0000 - Rebellion)
Software Director (HKLM\...\Cloanto Software Director) (Version: 3.8.8.0 - Cloanto Corporation)
Sonic the Hedgehog 4 - Episode II (c) SEGA version 1 (HKLM\...\Sonic the Hedgehog 4 - Episode II (c) SEGA_is1) (Version: 1 - )
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
Spintires (HKLM\...\Spintires_is1) (Version: - )
Splinter Cell: Blacklist (HKLM\...\{28B718F4-73E8-4541-909C-0BA05F7402C2}_is1) (Version: 1.01 - Ubisoft)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spyware Terminator 2012 (HKLM\...\{56736259-613E-4A3B-B428-6235F2E76F44}_is1) (Version: 3.0.0.80 - Crawler.com)
SRWare Iron Version SRWare Iron 41.2200.0 (HKLM\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 41.2200.0 - SRWare)
Star Wars: The Old Republic (HKLM\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Starbound with Update 9.5 (HKLM\...\Starbound with Update 9.5) (Version: with Update 9.5 - by Unterbilker)
Starcraft (HKLM\...\Starcraft) (Version: - )
StarCraft™ II Wings of Liberty (HKLM\...\{7586F650-5D7F-471a-941E-FEF33E580524}_is1) (Version: 1.3.6 - QfG)
StarWind V2V Image Converter V5.6 (build 2011-05-10) (HKLM\...\StarWind Converter_is1) (Version: - StarWind Software)
StaudSoft's Synthetic World Demo (HKLM\...\Steam App 344920) (Version: - StaudSoft)
Stone Giant 1.0 (HKLM\...\{1FC46D21-F4A4-42DF-B9A4-27F8A702EBC5}_is1) (Version: - BitSquid & Fatshark)
Streamripper (Remove only) (HKLM\...\Streamripper) (Version: - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Syndicate (HKLM\...\Syndicate_is1) (Version: - )
System Shock2 Demo (HKLM\...\SShockDeinstallKey) (Version: - )
TAP-Windows 9.21.0 (HKLM\...\TAP-Windows) (Version: 9.21.0 - )
Technitium MAC Address Changer v6.0.5 (HKLM\...\TMACv6.0) (Version: 6.0.5 - Technitium)
Teenagent (HKLM\...\GOGPACKTEENAGENT_is1) (Version: 2.0.0.12 - GOG.com)
Telefonbuch für Deutschland (HKLM\...\Telefonbuch für Deutschland) (Version: - )
Test Drive Unlimited 2 (HKLM\...\Test Drive Unlimited 2_is1) (Version: - Atari)
Test Drive: Ferrari Racing Legends (HKLM\...\Test Drive: Ferrari Racing Legends_is1) (Version: - )
The Dude (HKLM\...\Dude) (Version: - )
The LEGO Movie - Videogame (HKLM\...\The LEGO Movie - Videogame_is1) (Version: - Warner Bros. Interactive Entertainment)
The Lost Watch II NV 3D Screensaver 1.0 (HKLM\...\The Lost Watch II NV 3D Screensaver_is1) (Version: 1.0 - 3Planesoft)
The Night of the Rabbit Demo (HKLM\...\Steam App 241890) (Version: - Daedalic Entertainment)
The Witcher 2 - Assassins of Kings Enhanced Edition (HKLM\...\The Witcher 2 - Assassins of Kings Enhanced Edition_is1) (Version: - GOG.com)
Theme Hospital (HKLM\...\Theme Hospital_is1) (Version: - GOG.com)
Tom Clancy's Rainbow Six Vegas 2 (HKLM\...\{FD416706-875C-4B0B-A23A-9E740DAE029E}) (Version: 1.00 - Ubisoft)
Tor (remove only) (HKLM\...\Tor) (Version: - )
Tormentum - Dark Sorrow Demo (HKLM\...\Steam App 347680) (Version: - OhNoo Studio)
Trend Micro RUBotted 2.0 Beta (HKLM\...\{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1) (Version: 2.0.0.1034 - Trend Micro, Inc.)
Trials Evolution Gold Edition (HKLM\...\InstallShield_{07D857B8-C956-401D-BC8F-EDA8459AF037}) (Version: 1.0.0.1 - Ubisoft)
Trials Evolution Gold Edition (Version: 1.0.0.1 - Ubisoft) Hidden
Tribler (HKLM\...\Tribler) (Version: 6.4.3 - The Tribler Team)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Ultra Defragmenter (HKLM\...\UltraDefrag) (Version: 6.0.4 - UltraDefrag Development Team)
Unigine Valley Benchmark version 1.0 (HKLM\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.)
Universal Adb Driver (HKLM\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Universal Extractor 1.6.1 (HKLM\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland)
Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Unreal Gold (HKLM\...\Unreal Gold_is1) (Version: - GOG.com)
Unreal Tournament – Game of the Year Edition (HKLM\...\Unreal Tournament – Game of the Year Edition_is1) (Version: - GOG.com)
Unreal Tournament 2003 (HKLM\...\UT2003) (Version: - )
Unreal Tournament 2004 (HKLM\...\Unreal Tournament 2004_is1) (Version: - GOG.com)
Unreal Tournament 3 Black Edition (HKLM\...\Unreal Tournament 3 Black Edition_is1) (Version: - )
Uplay (HKLM\...\Uplay) (Version: 4.9 - Ubisoft)
Uplink (HKLM\...\Uplink_is1) (Version: - GOG.com)
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
Virtual CD v10 (HKLM\...\{10C51313-A308-4B40-90E3-B368D5882660}) (Version: 10.10.14 - H+H Software GmbH)
Vistumbler (HKLM\...\Vistumbler) (Version: v10 - Vistumbler.net)
Visual Basic 5.0 (HKLM\...\ST5UNST #1) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
VMware Workstation (HKLM\...\VMware_Workstation) (Version: 10.0.3 - VMware, Inc)
VMware Workstation (Version: 10.0.3 - VMware, Inc.) Hidden
VobSub v2.23 (Remove Only) (HKLM\...\VobSub) (Version: - )
VPNTunnel 2.0.1.0 (HKLM\...\VPNTunnel) (Version: 2.0.1.0 - )
VTFEdit 1.3.3 (HKLM\...\VTFEdit_is1) (Version: - Neil Jedrzejewski & Ryan Gregg)
War Thunder Launcher 1.0.1.322 (HKLM\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - 2013 Gaijin Entertainment Corporation)
WaveLab 6 (HKLM\...\WaveLabPro) (Version: 6.1.1.353 - Steinberg)
WebcamMax (HKLM\...\WebcamMax) (Version: 7.8.8.8.MultiLanguage - COOLWAREMAX)
Western Railway NV 3D Screensaver 2.0 (HKLM\...\Western Railway NV 3D Screensaver_is1) (Version: 2.0 - 3Planesoft)
Westwood Chat (HKLM\...\Westwood Chat_is1) (Version: - )
WhoCrashed 5.03 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3642466463-2128021046-2334674927-1002\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
Wing Commander III (HKLM\...\{F96B9930-E22A-44D6-81B5-6C8E92C21B4B}) (Version: 2.0.0.2 - Electronic Arts)
Wings 3D 1.5.2 (HKLM\...\Wings 3D 1.5.2) (Version: - )
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinPlay3 (HKLM\...\WinPlay3) (Version: - )
WinRAR 5.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinSCP 5.5.1 (HKLM\...\winscp3_is1) (Version: 5.5.1 - Martin Prikryl)
Wireshark 1.12.3 (32-bit) (HKLM\...\Wireshark) (Version: 1.12.3 - The Wireshark developer community, hxxp://www.wireshark.org)
Wolfenstein 1.11(CREATED BY XEONKING©) (HKLM\...\Wolfenstein 1.11_is1) (Version: - )
World Racing (HKLM\...\InstallShield_{B151F020-1DEE-4716-944F-2759FC3C51DA}) (Version: 1.01.01 - SYNETIC)
World Racing (Version: 1.01.01 - SYNETIC) Hidden
Worms Armageddon (HKLM\...\Worms Armageddon) (Version: - )
Worms Reloaded (HKLM\...\Worms Reloaded_is1) (Version: - )
Wuala (HKU\S-1-5-21-3642466463-2128021046-2334674927-1002\...\Wuala) (Version: 1.0.444.0 - LaCie)
x86crt (HKLM\...\{50CBA9D7-4A12-44CA-8E75-9FD7374FBD12}) (Version: 1.0.0 - Microsoft)
XEOX Gamepad SL-6556-BK (HKLM\...\{5E7F3FD4-503B-4451-B2EB-AC8C82DBA32F}) (Version: 1.00.0000 - )
XviD MPEG4 Video Codec (remove only) (HKLM\...\XviD MPEG4 Video Codec) (Version: - )
yEd Graph Editor 3.13 (HKLM\...\3309-7404-0599-8908) (Version: 3.13 - yWorks GmbH)
You Don't Know Jack 4 1.00 (HKLM\...\You Don't Know Jack 4) (Version: 1.00 - Take 2 Interactive)
Your Freedom 20140128-01 (HKLM\...\Your_Deploy_0) (Version: - )
Ys Origin English Edition v1.1 - Uninstallation (HKLM\...\Ys Origin English Edition v1.1 - Uninstallation) (Version: - )
Zak McKracken - Between Time and Space (HKLM\...\Zak McKracken - Between Time and Space) (Version: - )
Zattoo Live TV (HKU\S-1-5-21-3642466463-2128021046-2334674927-1002\...\6d7aa3e3bf931c56) (Version: 1.0.0.47 - Zattoo Europa AG)
Zip Motion Block Video codec (Remove Only) (HKLM\...\ZMBV) (Version: - DOSBox Team)
ZoneAlarm Antivirus (Version: 13.2.015.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Extreme Security (HKLM\...\ZoneAlarm Extreme Security) (Version: 13.2.015.000 - Check Point)
ZoneAlarm Find My Laptop (Version: 13.2.015.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (Version: 13.2.015.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security (Version: 13.2.015.000 - Check Point Software Technologies Ltd.) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3642466463-2128021046-2334674927-1002_Classes\CLSID\{07474513-7B58-45c7-B3E6-13A3669B1AFD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642466463-2128021046-2334674927-1002_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642466463-2128021046-2334674927-1002_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Trials Evolution Gold Edition\datapack\orbit\npuplaypc.dll (Ubisoft)
CustomCLSID: HKU\S-1-5-21-3642466463-2128021046-2334674927-1002_Classes\CLSID\{2BFFE1F1-509C-5018-A65D-701A661E27A7}\InprocServer32 -> C:\Users\Friedrich\AppData\Roaming\JPLNASAVTAD\NASAEyes\1.0.0.0\npNASAEyes.dll (JPL/NASA-Caltech)
CustomCLSID: HKU\S-1-5-21-3642466463-2128021046-2334674927-1002_Classes\CLSID\{5b55a44a-d008-49aa-9234-86fb7709bc0a}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642466463-2128021046-2334674927-1002_Classes\CLSID\{97D17A04-4438-4C8E-BAC7-BC21B8B9E999}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
==================== Restore Points =========================
18-03-2015 21:09:31 Entfernt Realtek High Definition Audio Driver
18-03-2015 21:14:53 Installiert Realtek High Definition Audio Driver
18-03-2015 21:25:07 Installed Oracle VM VirtualBox 4.3.26
19-03-2015 00:23:03 Entfernt Tt eSPORTS Challenger Ultimate
20-03-2015 18:08:00 Removed Apple Application Support
21-03-2015 18:05:52 Removed Apple Software Update
21-03-2015 19:27:15 Camtasia Studio 8 wird entfernt
22-03-2015 18:37:18 Windows Update
22-03-2015 18:57:47 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-03-19 11:38 - 2015-03-23 05:07 - 00524794 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip4.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {77F35997-F6F3-4A1B-A6EF-DCB05DBF7FCB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {8DBE0222-73D8-4AC7-BCD5-659CD14297A0} - System32\Tasks\{BF9086B8-0A25-4AB1-8F13-BBB7BC85052F} => pcalua.exe -a C:\Users\Friedrich\Desktop\setup.exe -d C:\Users\Friedrich\Desktop
Task: {F0EBA85F-D539-4520-B198-A26C60FF4DED} - System32\Tasks\{2B4B59FD-A0E1-438D-8B62-9502AF180507} => pcalua.exe -a "E:\Programme\Outlook Express\setup50.exe" -d "E:\Programme\Outlook Express"
Task: {F3596DCE-98A3-45AC-B9EC-3B5823977BDB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Loaded Modules (whitelisted) ==============
2014-08-25 12:15 - 2014-08-25 12:15 - 00022736 _____ () C:\Program Files\Paragon Software\Paragon ExtFS for Windows\Dokan\DokanLibrary\mounter.exe
2014-06-12 17:22 - 2014-06-12 17:22 - 01261272 _____ () C:\Program Files\VMware\VMware Workstation\libxml2.dll
2014-01-11 03:10 - 2015-02-05 19:27 - 00108864 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-07-04 22:32 - 2010-07-04 22:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2013-02-04 01:56 - 2008-04-19 16:35 - 00081920 _____ () C:\Program Files\ClamWin\bin\ExpShell.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00260096 _____ () C:\Program Files\Notepad++\NppShell_05.dll
2014-03-16 05:52 - 2008-08-18 16:08 - 00050688 _____ () C:\Program Files\Virtual CD v10\System\ogg.dll
2014-03-16 05:52 - 2008-08-18 16:11 - 01237504 _____ () C:\Program Files\Virtual CD v10\System\vorbis.dll
2015-02-05 10:20 - 2015-02-05 10:20 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:06A7F9ED
AlternateDataStreams: C:\ProgramData\TEMP:8FCD8443
AlternateDataStreams: C:\ProgramData\TEMP:A5B56640
AlternateDataStreams: C:\ProgramData\TEMP:DA5888A7
AlternateDataStreams: C:\ProgramData\TEMP:FB6A21E3
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3642466463-2128021046-2334674927-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-3642466463-2128021046-2334674927-500 - Administrator - Disabled)
Gast (S-1-5-21-3642466463-2128021046-2334674927-501 - Limited - Disabled)
Friedrich (S-1-5-21-3642466463-2128021046-2334674927-1002 - Administrator - Enabled) => C:\Users\Friedrich
==================== Faulty Device Manager Devices =============
Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/23/2015 03:38:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RzSynapse.exe, Version: 1.18.19.24565, Zeitstempel: 0x54f18610
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x531599f6
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000812f
ID des fehlerhaften Prozesses: 0xdf0
Startzeit der fehlerhaften Anwendung: 0xRzSynapse.exe0
Pfad der fehlerhaften Anwendung: RzSynapse.exe1
Pfad des fehlerhaften Moduls: RzSynapse.exe2
Berichtskennung: RzSynapse.exe3
Error: (03/23/2015 03:38:40 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: RzSynapse.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.IO.FileNotFoundException
Stapel:
bei Razer.Emily.UI.AppEntryPoint.Main(System.String[])
Error: (03/23/2015 03:38:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_seclogon, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003224d
ID des fehlerhaften Prozesses: 0x5b0
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_seclogon0
Pfad der fehlerhaften Anwendung: svchost.exe_seclogon1
Pfad des fehlerhaften Moduls: svchost.exe_seclogon2
Berichtskennung: svchost.exe_seclogon3
Error: (03/23/2015 03:38:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_NlaSvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: nlasvc.dll, Version: 6.1.7601.18685, Zeitstempel: 0x54827c5e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00007cd8
ID des fehlerhaften Prozesses: 0x688
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_NlaSvc0
Pfad der fehlerhaften Anwendung: svchost.exe_NlaSvc1
Pfad des fehlerhaften Moduls: svchost.exe_NlaSvc2
Berichtskennung: svchost.exe_NlaSvc3
Error: (03/23/2015 03:38:15 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: EMET_Agent.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.IO.FileNotFoundException
Stapel:
bei HelperProcess.Program.Main(System.String[])
Error: (03/23/2015 03:38:08 AM) (Source: WinMgmt) (EventID: 29) (User: )
Description: 0x80041014
Error: (03/23/2015 03:00:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: fsbl.exe, Version: 2.2.1092.0, Zeitstempel: 0x48a543e2
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0dce68b8
ID des fehlerhaften Prozesses: 0x5d0
Startzeit der fehlerhaften Anwendung: 0xfsbl.exe0
Pfad der fehlerhaften Anwendung: fsbl.exe1
Pfad des fehlerhaften Moduls: fsbl.exe2
Berichtskennung: fsbl.exe3
Error: (03/23/2015 02:59:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: fsbl.exe, Version: 2.2.1092.0, Zeitstempel: 0x48a543e2
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0dce68b8
ID des fehlerhaften Prozesses: 0xd50
Startzeit der fehlerhaften Anwendung: 0xfsbl.exe0
Pfad der fehlerhaften Anwendung: fsbl.exe1
Pfad des fehlerhaften Moduls: fsbl.exe2
Berichtskennung: fsbl.exe3
System errors:
=============
Error: (03/23/2015 05:28:04 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Trend Micro RUBotted Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/23/2015 05:09:11 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR6 gefunden.
Error: (03/23/2015 05:09:10 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR6 gefunden.
Error: (03/23/2015 05:09:10 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR6 gefunden.
Error: (03/23/2015 05:09:09 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR6 gefunden.
Error: (03/23/2015 04:16:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (03/23/2015 04:16:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (03/23/2015 04:16:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (03/23/2015 04:16:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (03/23/2015 04:16:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Microsoft Office Sessions:
=========================
Error: (03/23/2015 03:38:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: RzSynapse.exe1.18.19.2456554f18610KERNELBASE.dll6.1.7601.18409531599f6e04343520000812fdf001d06512786e2714C:\Program Files\Razer\Synapse\RzSynapse.exeC:\Windows\system32\KERNELBASE.dllbf9dd1ad-d105-11e4-81fc-005056c00008
Error: (03/23/2015 03:38:40 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: RzSynapse.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.IO.FileNotFoundException
Stapel:
bei Razer.Emily.UI.AppEntryPoint.Main(System.String[])
Error: (03/23/2015 03:38:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_seclogon6.1.7600.163854a5bc100ntdll.dll6.1.7601.18247521ea91cc00000050003224d5b001d06512501a7710C:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dlla9e0806c-d105-11e4-81fc-005056c00008
Error: (03/23/2015 03:38:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_NlaSvc6.1.7600.163854a5bc100nlasvc.dll6.1.7601.1868554827c5ec000000500007cd868801d0651251ce12e2C:\Windows\system32\svchost.exec:\windows\system32\nlasvc.dlla8555bff-d105-11e4-81fc-005056c00008
Error: (03/23/2015 03:38:15 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: EMET_Agent.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.IO.FileNotFoundException
Stapel:
bei HelperProcess.Program.Main(System.String[])
Error: (03/23/2015 03:38:08 AM) (Source: WinMgmt) (EventID: 29) (User: )
Description: 0x80041014
Error: (03/23/2015 03:00:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: fsbl.exe2.2.1092.048a543e2unknown0.0.0.000000000c00000050dce68b85d001d0650d0d55d59dC:\Users\Friedrich\Desktop\fsbl.exeunknown5503a924-d100-11e4-a045-005056c00008
Error: (03/23/2015 02:59:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: fsbl.exe2.2.1092.048a543e2unknown0.0.0.000000000c00000050dce68b8d5001d0650cf995ead7C:\Users\Friedrich\Desktop\fsbl.exeunknown3b46c82d-d100-11e4-a045-005056c00008
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 38%
Total physical RAM: 3293.82 MB
Available physical RAM: 2041.08 MB
Total Pagefile: 3342.12 MB
Available Pagefile: 2234.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.98 MB
==================== Drives ================================
Drive c: (Lokaler Datenträger) (Fixed) (Total:2048 GB) (Free:81.9 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Medien Datenträger) (Fixed) (Total:1863.01 GB) (Free:332.27 GB) NTFS
Drive f: (Backup Datenträger RED 3TB) (Fixed) (Total:2048 GB) (Free:327.4 GB) NTFS
Drive h: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive i: (64bitGaming) (Fixed) (Total:1862.92 GB) (Free:1537.26 GB) NTFS
Drive x: (RamDisk) (Fixed) (Total:3.89 GB) (Free:3.8 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 379CF46E)
Partition 1: (Active) - (Size=2048 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 02962212)
Partition 1: (Not Active) - (Size=2048 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 0FD998DB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (Size: 1863 GB) (Disk ID: 03AA03A9)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)
========================================================
Disk: 4 (Size: 3.9 GB) (Disk ID: BCB028AD)
Partition 1: (Not Active) - (Size=3.9 GB) - (Type=07 NTFS)
==================== End Of Log ============================
__________________ Where do you want to go today?  |
|
23.03.2015, 15:51
| #5 |
| /// the machine /// TB-Ausbilder | svchost.exe greift auf clickhosterseiten zu (im hintergrund) hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.03.2015, 20:57
| #6 |
| | re3 Combofix wie Befohlen ausgeführt. Gab keine Probleme während der Ausführung. Clickhosterseiten werden weiterhin von svchost besucht. (in abständen von ca 1 minute, mal länger mal kürzer) Combofix-Log: Code:
ATTFilter ComboFix 15-03-23.01 - Friedrich 23.03.2015 19:55:21.2.8 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3294.2308 [GMT 1:00]
ausgeführt von:: c:\users\Friedrich\Desktop\Combo-Fix.exe
FW: ZoneAlarm Extreme Security Firewall *Disabled* {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Updated* {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\lmhosts
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-02-23 bis 2015-03-23 ))))))))))))))))))))))))))))))
.
.
2015-03-23 19:08 . 2015-03-23 19:08 -------- d-----w- c:\users\hedev\AppData\Local\temp
2015-03-23 19:08 . 2015-03-23 19:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-23 08:32 . 2015-03-23 08:33 -------- d-----w- c:\program files\MiniTool Partition Wizard Free 9.0
2015-03-23 07:20 . 2015-03-23 07:20 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2015-03-23 05:22 . 2015-03-23 05:22 238288 ----a-w- c:\windows\system32\mfevtps.exe
2015-03-23 05:22 . 2015-03-23 05:22 91840 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2015-03-23 05:22 . 2015-03-23 05:22 648552 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2015-03-23 02:07 . 2015-03-23 04:29 -------- d-----w- C:\FRST
2015-03-22 23:40 . 2015-03-22 23:40 -------- d---a-w- c:\windows\VDLL.DLL
2015-03-22 23:40 . 2015-03-22 23:40 -------- d---a-w- c:\windows\system32\runouce.exe
2015-03-22 23:40 . 2015-03-22 23:40 -------- d---a-w- c:\windows\RUNDL132.EXE
2015-03-22 23:40 . 2015-03-22 23:40 -------- d---a-w- c:\windows\logo_1.exe
2015-03-22 23:29 . 2015-03-22 23:29 34048 ----a-w- c:\windows\system32\eEmpty.exe
2015-03-22 23:29 . 2015-03-22 23:29 -------- d-----w- c:\program files\Common Files\MicroWorld
2015-03-22 23:29 . 2015-03-22 23:29 -------- d-----w- c:\programdata\MicroWorld
2015-03-22 19:37 . 2015-03-22 19:37 -------- d-----w- c:\programdata\Trend Micro
2015-03-20 22:13 . 2015-03-20 22:13 -------- d-----w- c:\program files\Trend Micro
2015-03-20 21:57 . 2015-03-20 21:57 -------- d-----w- c:\program files\Emsisoft HiJackFree
2015-03-20 19:08 . 2015-03-23 03:16 -------- d-----w- c:\users\Friedrich\AppData\Local\ElevatedDiagnostics
2015-03-20 18:07 . 2015-03-20 18:11 -------- d-----w- C:\TDSSKiller_Quarantine
2015-03-18 20:39 . 2010-04-07 01:29 81920 ----a-w- c:\windows\system32\GkSui20.EXE
2015-03-18 20:26 . 2015-03-16 17:44 749664 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2015-03-18 20:25 . 2015-03-16 17:42 104384 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2015-03-18 20:25 . 2015-03-18 20:25 -------- d-----w- c:\program files\Oracle
2015-03-18 20:17 . 2015-03-18 20:17 -------- d-----w- c:\windows\system32\RTCOM
2015-03-18 20:15 . 2013-10-11 04:47 92584 ----a-w- c:\windows\system32\CONEQMSAPOGUILibrary.dll
2015-03-18 20:15 . 2012-03-08 03:47 95840 ----a-w- c:\windows\system32\AERTARen.dll
2015-03-18 20:15 . 2014-06-06 16:00 519368 ----a-w- c:\windows\system32\AERTACap.dll
2015-03-16 17:42 . 2015-03-16 17:42 115672 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2015-03-12 14:27 . 2015-03-23 18:50 -------- d-----w- c:\users\Friedrich\AppData\Roaming\Everything
2015-03-11 19:41 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\system32\msi.dll
2015-03-11 19:41 . 2014-08-01 11:35 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
2015-03-11 19:41 . 2014-10-03 01:45 248832 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2015-03-11 19:41 . 2014-10-03 01:45 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2015-03-11 19:41 . 2014-10-03 01:45 145920 ----a-w- c:\windows\system32\WsmAuto.dll
2015-03-11 19:41 . 2014-10-03 01:45 1177088 ----a-w- c:\windows\system32\WsmSvc.dll
2015-03-11 19:41 . 2014-10-03 01:44 198656 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2015-03-11 19:01 . 2015-01-17 02:30 828928 ----a-w- c:\windows\system32\msctf.dll
2015-03-11 19:01 . 2015-02-03 03:12 1230848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-03-11 19:01 . 2015-02-03 03:12 171520 ----a-w- c:\windows\system32\ubpm.dll
2015-03-11 19:01 . 2015-02-26 03:11 2381312 ----a-w- c:\windows\system32\win32k.sys
2015-03-11 19:01 . 2015-02-04 02:54 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2015-03-11 19:01 . 2015-02-20 04:13 26624 ----a-w- c:\windows\system32\lpk.dll
2015-03-11 19:01 . 2015-02-20 04:13 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-03-11 19:01 . 2015-02-20 04:13 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-03-11 19:01 . 2015-02-20 04:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-03-11 19:01 . 2015-02-20 03:09 299008 ----a-w- c:\windows\system32\atmfd.dll
2015-03-11 19:00 . 2014-12-08 02:46 308224 ----a-w- c:\windows\system32\scesrv.dll
2015-03-11 16:12 . 2007-08-13 13:51 446464 ----a-w- c:\windows\system32\wmvdmoe.dll
2015-03-11 16:12 . 2015-03-11 16:27 -------- d-----w- c:\program files\Active WebCam
2015-03-11 15:57 . 2015-03-11 16:03 -------- d-----w- c:\users\Friedrich\AppData\Roaming\WebcamZoneTrigger
2015-03-11 11:19 . 2015-03-11 11:19 -------- d-----w- c:\windows\system32\DCS
2015-03-08 01:02 . 2015-03-08 01:02 -------- d-----w- c:\program files\LEGO Batman 3 - Beyond Gotham
2015-03-06 04:12 . 2015-03-06 04:12 -------- d-----w- c:\users\Friedrich\AppData\Local\Apple Computer
2015-03-06 04:11 . 2015-03-06 04:11 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2015-03-06 04:11 . 2015-03-06 04:11 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2015-03-06 04:11 . 2015-03-06 04:11 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2015-03-06 04:11 . 2015-03-06 04:11 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2015-03-06 04:11 . 2015-03-06 04:11 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2015-03-06 04:10 . 2015-03-06 04:12 -------- d-----w- c:\programdata\Apple Computer
2015-03-06 03:28 . 2015-03-06 03:28 -------- d-----w- c:\program files\Common Files\Java
2015-03-05 20:53 . 2015-03-05 20:53 -------- d-----w- c:\users\Friedrich\AppData\Local\Stardock
2015-03-05 06:50 . 2015-03-05 06:50 -------- d-----w- c:\users\Friedrich\AppData\Roaming\com.ohnoo.TormentumDemo
2015-03-05 06:31 . 2015-03-05 06:31 -------- d-----w- c:\users\Friedrich\AppData\Local\SpriteLampWinforms
2015-03-05 05:58 . 2015-03-05 06:03 -------- d-----w- c:\program files\TClock
2015-03-05 05:04 . 2015-03-05 05:04 -------- d-----w- C:\Windows Anmeldesounds +Icons AlleSys Bildschirmschoner
2015-03-05 04:49 . 2015-03-05 04:49 -------- d-----w- c:\programdata\Stardock
2015-03-05 04:48 . 2015-03-05 04:48 -------- dc-h--w- c:\programdata\{9C3F823B-4738-4CAF-A6B2-69E87FB636C0}
2015-03-05 04:48 . 2015-03-05 04:48 -------- d-----w- c:\program files\Stardock
2015-03-05 04:47 . 2015-03-05 04:47 -------- d-----w- c:\users\Friedrich\AppData\Local\PackageAware
2015-03-05 04:28 . 2015-03-05 04:28 -------- d-----w- c:\program files\MPU
2015-03-05 04:20 . 2015-03-05 04:20 -------- d-----w- c:\users\Friedrich\AppData\Roaming\Lern-o-Mat
2015-03-05 04:14 . 2015-03-05 04:14 -------- d-----w- c:\program files\DVDlabPro2
2015-03-05 04:13 . 2015-03-05 04:13 -------- d-----w- c:\program files\Doc Scrubber
2015-03-05 04:12 . 2015-03-05 04:12 -------- d-----w- c:\users\Friedrich\AppData\Roaming\jStrip
2015-03-05 04:12 . 2015-03-05 04:12 -------- d-----w- c:\program files\jStrip
2015-03-05 04:12 . 1999-10-30 01:00 167936 ----a-w- c:\windows\system32\ccrpftv6.ocx
2015-03-04 05:03 . 2015-03-12 11:34 -------- d-----w- c:\users\Friedrich\.mediathek3
2015-03-04 05:03 . 2015-03-04 05:03 -------- d-----w- c:\program files\Mediathekview
2015-03-03 18:32 . 2015-03-03 18:32 -------- d-----w- c:\program files\K-Lite Codec Pack
2015-03-02 06:04 . 2015-03-23 15:41 -------- d-----w- c:\program files\Bandicam
2015-03-02 06:04 . 2015-03-02 06:04 -------- d-----w- c:\program files\BandiMPEG1
2015-02-28 17:06 . 2015-02-05 17:51 621384 ----a-w- c:\windows\system32\nvStreaming.exe
2015-02-27 15:04 . 2015-02-27 18:00 -------- d-----w- c:\program files\EMET 5.1
2015-02-26 17:36 . 2015-02-26 17:36 -------- d-----w- c:\program files\Cain
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-23 05:01 . 2014-11-15 19:35 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-23 05:00 . 2014-03-23 14:42 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-12 15:44 . 2013-01-29 21:44 778928 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-03-12 15:44 . 2013-01-29 21:44 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-06 03:25 . 2014-01-15 05:51 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-02-17 14:26 . 2015-02-17 14:26 1217184 ----a-w- c:\windows\system32\FM20.DLL
2015-02-12 07:55 . 2015-02-12 07:55 9728 ----a-w- c:\windows\system32\RzStats.IPC.dll
2015-02-05 20:48 . 2014-06-25 13:21 14119744 ----a-w- c:\windows\system32\nvd3dum.dll
2015-02-05 20:48 . 2014-04-07 23:21 2902784 ----a-w- c:\windows\system32\nvapi.dll
2015-02-05 20:48 . 2014-01-11 02:10 60560 ----a-w- c:\windows\system32\OpenCL.dll
2015-02-05 20:48 . 2014-01-11 02:09 908608 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2015-02-05 18:27 . 2014-01-11 02:10 4404552 ----a-w- c:\windows\system32\nvcpl.dll
2015-02-05 18:27 . 2014-01-11 02:10 3058320 ----a-w- c:\windows\system32\nvsvc.dll
2015-02-05 18:27 . 2014-01-11 02:10 670536 ----a-w- c:\windows\system32\nvvsvc.exe
2015-02-05 18:27 . 2014-01-11 02:10 2554000 ----a-w- c:\windows\system32\nvsvcr.dll
2015-02-05 18:27 . 2014-01-11 02:10 61768 ----a-w- c:\windows\system32\nvshext.dll
2015-02-05 18:27 . 2014-01-11 02:10 375112 ----a-w- c:\windows\system32\nvmctray.dll
2015-02-05 00:24 . 2014-12-14 02:10 20416 ----a-w- c:\windows\system32\drivers\rzpmgrk.sys
2015-02-04 00:30 . 2015-02-04 00:30 225 ----a-w- c:\users\Friedrich\IP_Log_Data.js
2015-01-14 10:27 . 2014-09-12 19:21 2894848 ----a-w- c:\windows\system32\pwNative.exe
2014-12-30 09:35 . 2014-12-30 09:35 151336 ----a-w- c:\windows\system32\drivers\rzudd.sys
2014-12-30 09:28 . 2014-12-30 09:28 990720 ----a-w- c:\windows\system32\rzdevicedll.dll
2014-12-30 09:28 . 2014-12-30 09:28 78848 ----a-w- c:\windows\system32\rzvirtualdev.dll
2014-12-30 09:28 . 2014-12-30 09:28 155136 ----a-w- c:\windows\system32\rztouchdll.dll
2014-12-30 09:28 . 2014-12-30 09:28 117248 ----a-w- c:\windows\system32\rzdisplaydll.dll
2014-12-30 09:28 . 2014-12-30 09:28 419840 ----a-w- c:\windows\system32\rzaudiodll.dll
2013-07-08 16:34 . 2013-10-28 20:15 2699264 ----a-w- c:\program files\wPrime.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DMS-Kalenderchen"="c:\program files\Kalenderchen\Kalenderchen.exe" [2010-05-18 3498496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VC10Player"="c:\program files\Virtual CD v10\System\VC10Play.exe" [2011-10-19 411976]
"USB3MON"="c:\program files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-02-22 292088]
"ISW"="c:\program files\CheckPoint\AKL\AkSA.exe" [2014-05-14 638584]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"Razer Synapse"="c:\program files\Razer\Synapse\RzSynapse.exe" [2015-02-28 590144]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]
.
c:\users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
allSnap.lnk - c:\program files\allSnap\allSnap.exe [2013-1-30 90112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
R1 Uim_Vim;UIM Virtual Image Plugin;c:\windows\system32\Drivers\Uim_Vim.sys [2012-11-22 283600]
R2 nlndis;NetLimiter 3 NDIS driver;c:\program files\NetLimiter Ndis Miniport Service\nlndis.exe [2011-10-05 32768]
R2 VMwareHostd;VMware Workstation Server;c:\program files\VMware\VMware Workstation\vmware-hostd.exe [2014-06-12 14407384]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\SystemInfo\FMSISvc.exe [2015-02-09 614624]
R3 GKBFltr;Gaming Keyboard;c:\windows\system32\Drivers\GameKB.sys [2009-12-29 19328]
R3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [2010-03-10 13952]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
R3 icsak;icsak;c:\program files\CheckPoint\AKL\ak\icsak.sys [2014-05-14 39296]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-02-20 102912]
R3 IswSvc;ZoneAlarm AntiKeylogger IswSvc;c:\program files\CheckPoint\AKL\AkSVC.exe [2014-05-14 749176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2015-03-23 91840]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [2011-03-21 5230088]
R3 Origin Client Service;Origin Client Service;c:\program files\Origin\OriginClientService.exe [2015-03-04 1910640]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-11-24 13440]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2013-09-30 15688]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2013-09-30 10320]
R3 Realtek87B;Realtek87B;c:\program files\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [2009-12-07 40960]
R3 RTCore32;RTCore32;c:\program files\MSI Afterburner\RTCore32.sys [2013-03-11 5632]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2013-04-10 651848]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-07 375808]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 t_mouse.sys;HID-compliand device;c:\windows\system32\DRIVERS\t_mouse.sys [2012-12-19 5120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R4 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-04-20 83240]
R4 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-03-31 70952]
R4 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-03-31 312616]
R4 EMET_Service;Microsoft EMET Service;c:\program files\EMET 5.1\EMET_Service.exe [2014-11-09 31880]
R4 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [x]
R4 Razer Game Scanner Service;Razer Game Scanner;c:\program files\Razer\Razer Services\GSS\GameScannerService.exe [2015-02-05 187072]
R4 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe [2013-07-25 443416]
R4 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\Spyware Terminator\st_rsser.exe [2013-01-14 587912]
S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys [2012-09-01 532536]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys [2012-09-01 25656]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\drivers\iusb3hcs.sys [2013-02-22 16880]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2013-01-30 436792]
S0 SscRdBus;RamDisk bus enumerator;c:\windows\system32\DRIVERS\SscRdBus.sys [2014-11-22 88296]
S0 SscRdCls;RAM Disk (SuperSpeed LLC);c:\windows\system32\DRIVERS\SscRdCls.sys [2007-12-19 40984]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2013-10-08 71888]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2013-10-08 63824]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2014-04-30 25696]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2014-04-30 43608]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2014-04-30 144352]
S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys [2011-03-21 5281672]
S1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-06-21 32768]
S1 Uim_DEVIM;UIM Direct Device Image Plugin;c:\windows\system32\DRIVERS\uim_devim.sys [2013-12-26 20616]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2015-03-16 749664]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2015-03-16 104384]
S1 vdrv1000;vdrv1000;c:\windows\system32\DRIVERS\vdrv1000.sys [2011-04-19 186392]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2013/03/04 20:14];c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-04-12 09:16 77296]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2014-08-25 105680]
S2 DokanMounter;DokanMounter;c:\program files\Paragon Software\Paragon ExtFS for Windows\Dokan\DokanLibrary\mounter.exe [2014-08-25 22736]
S2 ISWKL;ZoneAlarm AntiKeylogger ISWKL;c:\program files\CheckPoint\AKL\ISWKL.sys [2014-05-14 42880]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2015-03-23 238288]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2013-03-01 36600]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys [2011-04-20 71664]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2013-01-07 2505160]
S2 ParagonLDM;ParagonLDM;c:\windows\system32\drivers\biont_bs.sys [2014-04-11 24512]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys [2015-02-05 20416]
S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys [2014-11-17 97088]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-02-05 410952]
S2 VC10SecS;Virtual CD v10 Management Service;c:\program files\Virtual CD v10\System\VC10SecS.exe [2011-10-19 144712]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2014-02-27 722624]
S2 vstor2-mntapi20-shared;Vstor2 MntApi 2.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi20-shared.sys [2013-02-22 23632]
S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam.sys [2012-04-15 1068216]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2014-05-29 90936]
S2 ZoneAlarm AntiTheft;ZoneAlarm AntiTheft;c:\program files\CheckPoint\AntiTheft\Antitheft.exe [2014-05-30 3128968]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2013-02-22 352752]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2013-02-22 796656]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt32.sys [2009-11-17 24664]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2012-07-02 55104]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [2011-03-21 5230088]
S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys [2014-12-17 35624]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys [2014-12-30 151336]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2015-03-16 115672]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:Tabs
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
IE: Mit GetRight downloaden - c:\program files\GetRight\GRdownload.htm
IE: Mit Getright-Browser öffnen - c:\program files\GetRight\GRbrowse.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
LSP: %windir%\system32\vsocklib.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{540DE981-1465-410D-993D-5B1652998DCB}: NameServer = 192.168.44.44
FF - ProfilePath - c:\users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: keyword.enabled - false
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 4001
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
HKCU-Run-AdobeBridge - (no file)
AddRemove-KKND Krossfire - c:\windows\IsUn0407.exe
AddRemove-Worms Armageddon - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vdrv1000]
"ImagePath"="system32\DRIVERS\vdrv1000.sys"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3642466463-2128021046-2334674927-1002\Software\SecuROM\License information*]
"datasecu"=hex:c7,15,75,53,3d,b3,5d,7f,9b,c6,f5,f3,2f,c2,16,a3,da,53,25,de,e3,
99,91,51,ff,53,aa,05,db,39,b7,46,71,16,a9,07,e4,85,4f,1c,70,3b,b7,71,2f,ed,\
"rkeysecu"=hex:57,0c,82,4e,90,49,51,8c,16,37,44,be,9c,90,bb,17
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_134_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_134_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="25B6FBFD8570F38A4FDD7964F47D6A3BCED895794865D15C39AFE4FBD07F3CFE14A09F4B53DC58661DE0FB61102A5370961C1022DEE24545AD50CEF4564AB0DF6C7707B48BC492DEBBFC0167D8F2FB2DF58B9CCFB724C5F3881E12462D934D5FA6EF2F68C7FE42328F2FB4119F0205AD5A883829FDC817C05DFE1C43FA1095132016970644F44DD35CC4C9EBDC95556090C6E44980853D39232C603406874F4797C7C2A461A1DA6C4AE4F3F92900946CC950A84032208420B5B35655BAD507F832B739CCA59857D6E884EBB042A630A81F810D8F2AF4FA695576F6D5296C0B5BF86E067A397EF2A1296FEC7B8A85D8230A0B1F30FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407FEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3D82685B72FADFCBC06DDD0F896D8D2E61006487386AF94E34CC9115591A00930D3C0E25EE7E03258D94EFAA86C470D1F61BEC8570289F844035DD07C0E3F34D872C097926B559734C7148450BF28B22FBF8789A10A3AF1AD0AB37354BC039F67BD575A15FEB278D9E3B59A85C470848A0AE6B32F9D6D7A542B91A491973233A0FDC07AA164C82C999D2A9E1F1F9E2EA8471C27843219AC0629117B37B255940620901E27BE8D9054937544279A56BB8C19C8D6035C6CD0C7705D1267862563B04C9BC6071B8EA21A990065ED3C747E3E1AD6E204DED992AB98E82994B9AE7DCFA2E28F910924A012EA7818F93C2EF22654A9DB2BCA2FDBF52C7F5C8E223B2DC3E6CC44C23365F8FBDEA1D7303DEB12CBDB7E4556AD44B7964F10DB16134AB783DDB2738A9C365382F6CC36A1FC42C40D1E1A58AEED6A785826FBA971EE91EED577AF86057406EEA5361731A958256A07D56519718600D9535C9880421C42981616AF72E1496DB1EEAA43E6CCD8B771190486E08668DC860782C923FAB293F79246DF4CCF91366482DB2C90D5FB6AC5D4C0F9BA911DDFCA13BE68759AFE028A4DEED552D5B671AE743AE526D17BCE6D16826850E01B31F18626EAC265395FCCF40799182B8A8567DCADD2444F4BDE9C011AAEF0BD3577905C6D85BBBF05A2D4F6E41B746CBD04E8CD52A22082DBAD0FEE3E032BCD9F22A3033E27EF596A17CFA8218E8B3FEBC8A1EEBA2C1F8A89A0666F3AF387E99972264E86C17740745002E8979DA4B722EE64085778F1605284B56492280F44C37A76E1A7AB899B901A4498301D6D1784A138090FEA7A41111B5AEDDE51E05602AD324EF330C0D59F3A630E66EB8CD1A9A1377F0B4BD2E5369AD55214FB9D8772C945987E2CDB8C2251B499BA8730D928DBE3A7AB3170181A56FB3F6D40DDEE45BAC6A6E7BCD4D0A7B6781FEB78B9E5172C0E778C08EAC8A208D38351168C9343C31B4AA8E70BDF4"
"OODEFRAG15.00.00.01PROFESSIONAL"="C7B67DAA3183EB11CDFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407BA7FD869164D67949DB7CE019D40AA5C9DB7CE019D40AA5CDB37C3DAD8801333340B3D7D88419060679E51434A6B4530B9D835E36DAE465EF06D40058639422FD35E6C2D19BDEF23788A2E458F0943C8E74D1B2C05A504110E2AD657DC981FBAF68D600A2AA25FD1621A1F8FE998DEB32689CD968BC9D82C5817A88DC8F5C623580278974D574AD015196090B0B2EC8DB75A879ABD0228A90CA30CC60C2CC658C76C46C069470D2A16975F1A8EF2381AF7D134932B3D4AA2F8818905BD18A46DAC3E12503962F88AFEE9416084FB7F3D56C5F33EB9EC885602A65EB1459E591A7DB0D377CC9C52427D285E7E66717303534D9C3D2207A3A71ECCFB17E2244EBB453EBC49856CD2C651AEBFEFDBFABA988747B59871844D9DD77489662795E5D026252DBF9ACF2631529E279760466FCE9AD4FBB907E32CE2CFDB5FB0775FF2FDD369BC3696C36F3DE6D987B943059F9CCBD960ED9926DBC6B88D0CED0FF53E0B9651366E594DC24D0E89070129E84C9A6E008569B0516CBB5A504F7979CF8362C969178A947429E5D79B037A0A2E6C8968B44741296F5FD910339F941B66F117DF7F9394CEC39E2FEBBC0A96310FEA4832A92FF0340D2DD9470926DFA7B92E5ADAA710F863CB96F50164E0ABBE4C24DD5C527FD5D5BBBE9B86E7C1E32A4B5105D3B7A807019F73AC66497DF225AB6B7408E9AB33E81375A3E129828D7FA2E513F7CCABF42B579066FB668B89AE7505D96CEBDDAE172AA39686EB2EAADA49ECA306459AD8B70FB8DD36FDEAF074F52D7FD11BF053E3218EC03311BEEDBF4FD8FCD3C32D31D0E42EED2193AF0FE7FC117C187B758EA217F3113A40E0708A47930448AF4EDD77FDA59958EE21ACCB62D109B256B0357C3480980462F72DE64679C660341AA27C01C8058C9BB9F7397B8605A5B79B7AEDA059100DA69703D7E7D7F22CC0E52707993578046B2B019AA5B9700BF2617AC80A945262FE8AB4B24BF45FD08836F992F879E018F1D63FB0C2E672939CE23430A33CDD27A04D6BA01309018482C70A6CD09CCFB48555098EB503D4FE0D36089E205155150792B221E53E76956885ACB8D917785DC4721F1DE9F20526E122BE5EBB440075EE3F77046C36FD64BB961AEE4F56B7A58EAC2017C81014F0FCA38093B3FE48A8DB6C0F705884FBE3BE4DED5871B986370738140C4429B9DD02EBDDB0495ABD2192E730DF5AB1F79B7837A813839907CF97FC62615200CE01DA5E4800C0A692661F34761F29B81EAA34112F14CC3BFDC0EA95594DE94BD17F3414959CE6269E924D8562D1000A3EBE00CD4AA0995ED4EE72D129DB88B36493015901778610DCD7314555EB9E09"
"OOSAFEERASE04.00.00.01MSWINDOWS"="B69E66F040165E9246AA6B4660FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407BA7FD869164D67949DB7CE019D40AA5C5D575E7D6A3B9808D748C5EDAF1BF2D57E92655A2BFDEC17789422B74739FD39AED5896BB2B3A3B6D0679E4A4B8C412BC0876D5B8383E18C5DD1789185F8457D9404702CB47344274B4DB915F73D7FAC8BB5495D580DE1268D894A416B426BB00CE29540122DD88EE7B9FC3F016B11501D046444A1D0E39904EA25BABEE59DEA6D0CCCCA7AEA64847C4D213DA37AECCFE6BE7AF54CACF4E1EF8AEC76B6599C88C1FC3FF516DB7C689010B20C15F01DAB0F949FDD371F37403361D86E03B53F2A4B15E66E7DD04BD960EA13A5FA79C2A26E99B7E9B64CDBB6E44B72A2C1B6ECB2FB9C16633F40103EDD2C758EF0E3103E93C47C0D147C2C0CCE0A18190ABE24C9FC3BED8A5DC39CBF2C87E3CA06224DC6BD727DBE881B854C6F407ED5E45175DE28FD671CCE99564AA3133BE3BCCB554AE4609B78C738D6467976AA66CE99071E0D574E55FB23380FD2C82C688D9C161B32B28B397208258B541B795B386111FEF01DC2F643E6D005F6863B6AE0F095D08171588323E188F5197B9747861BE237C88737C4F60E42E10810C0FD984DE843E5075FDE64C1AD1F17CE88C113DCDAC343B47407DDE643A62C8AE9BD8659BB9225C3D2543648D4E651AB22E52B5E6FE4BCA5168CB0649D12410138C6705FCD1FB6DA37F38D39516F7D8F91540F7B2B9FCAC08C239D1AAEA9D6E17FBB13CC71904A6267CFD17B0DA006DA53317437AABA344D1B2248C4E9B6327F69411EB60F5041D712FE5F9C022589513BA203351E42747AD9DF453FD547CB11F002B153A20D2F99371C064AC1EC5B1A7055DABD4B88BBD933BB1E0E0C2BCF2FE92B67FC39B8DF6BAC450ADA712A82C4EC78893F8C9FEC5FE793D2553A781ED9F5EDC8B1F6094FF39D9DA2C448D4B6BFFE40164A4D5F9FE50C4DD3DFA4874DF18F7FD6171478B0BE864B7D239228695F4B63781311659F2907D1071C1FF524BF831C82F1DA45E6BB3A793938B0A2BBDCC69E1FF2EA116CCC158D489A16A49FEB71FDB3AEAB710F3EDE57E9E5170804553DB1E9E6068739D345F0631186B9F006CF6944DA78C2F2FCEB169735CE5E4E464DDE2E109E2FEDA97BF09B5B839D7B80E52385294944179531EC3FD1F172D79668EE34B20635269AEF8526F532FCD73151F339713843AE04CF17CF0B33D1938ED72DBA37A28AB0D82EAC2E03CD4954D2822B952FF6D2A4AD3ED2AE5555D027D8346971AB6B6111F89666D0C924396F03BD99C77FC6C817DA45E2B2C831066E07ED767DC16F3400F45BB6213198C25E459D94EC267F3ED5B4038D28A033CDF78E46AD78CB4FBD68A98626234920A609FE0D"
"OOSE05.00.00.01PRO"="A661E26EF493636F9AA5990DD794AB4924380A2B8563524362ECA0B895919B328B22C5FD1E87CB2F8AE45FA0327ED5226EAD9FAC3FFA4CDD202DA7B52BE630BC76A3F30848AA855E0C4B2260A06BBD6CF2D5FD3F8140EEEEA973E248E612DCB56CEF6CACAEF2544DD1DCF52E1897CC85B2CAEDA71ED868886C9371B41CC0B600EA3742D3BCB551CE044384B2C3A54252A3CF4CEF9FCCBC3E4C098683CE852681604B9EA796AEEB383EC788570218B1B92E480C613E0AC52A1EF166823758FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D14079DB7CE019D40AA5CBA7FD869164D6794A6A0AC4980AC793381594EF6A22DB11FEB5FE823B521F0156622E1820C429B0307C38B702663B757A208EA01DF13AE1A3FE6EE529335F38860B3855F0B357B339CD771EF3CC1F9300794F813DE9BFEDD695B622548775336C9B2BF6E9D653233C5B08DCB56D84ABCB9FD1CEA89AC172EB86CCF92114CFE6A551FA87E78584D78BCC0A44ABCED73BC994767695E6D1E37D15039B4C25D1C580E7F5183E25910DF0F7D75D64A8E73D45979E4926D4970052CBD9448C2180415CEDD3B143775EDA71D632F82F1087D8EFE9E91105BF11E099473CC300AAD419CC7C65EE966FE91F49E70F400356E7654E5475E2FE3D9E7192A30BFF1A792954D804B26E4F18BD84D1C27E0282E187AF7BC07305FD1BA486DE03A3FB8BE017568CF8370887277D41EF48E7D7788A2D8AC077560360710E8257F5990CF05758995628711F992DD4A3459314B0C0469118C1BAE3BEDF91AAA40A25A6E2A43B02D5FB9F44F06122434C5CF1C3DAA76125C1223D18262B2DB1FA43A8E085FD939F132AA6E651BC3ECBE68B165BDBB4604241F1E816B13CE1F8F9B0AC8FD273BD61DE15C19024A8EA54C18ACA0264AF06808F760671EA7FEEFF7D3A8E3E5E06C9626A44E9D4ACC6E7A7234C2E9480786B059440EAEB7670A1D855C84BA4A0D86CA39164F2A537C725D79FE4A5F66C4AB0F9E112386CA3F483C1E2D5A2F29533B88373205F028D83E0661A1EB24BBFC17F9934E6FA15A4027A4D89CBFA5757BC9A7B55DE728C70408EDD82727DD70CA96AC2450143A601F27F27F6B1C8615F50BC67BDCC48727459CD2477FCBB8A7ED0B27F5CF098949B55F871338AABD60D2E6C606DBBCCE2B87D93745FB01617349E62D5E6998CF777F7785488A7C3EA6C85BCB8668C3BDB059B3E1A055BF8C5DE632C3E71D6152BE1E2D5683CAF3792AB0FDBE5FF3239B046EB1DADBA6D57060718BB7505057D569D652A46245C96BA00A72CEACD677B1EB9D6FF22B7066C66C39A1988A49BE29B113CA62342D898E34F473EBB6CA324D9BE01A3AF894654E65B1B8B63E36B498CB5D12C1FC9712E302B84F4B016D97BE"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-03-23 20:12:05
ComboFix-quarantined-files.txt 2015-03-23 19:12
.
Vor Suchlauf: 33 Verzeichnis(se), 87.921.111.040 Bytes frei
Nach Suchlauf: 34 Verzeichnis(se), 87.566.884.864 Bytes frei
.
- - End Of File - - 3CCC0EA501EA2F616C499AF40A4FF115
A36C5E4F47E84449FF07ED3517B43A31
__________________ --> svchost.exe greift auf clickhosterseiten zu (im hintergrund) Geändert von Friedrich_ (23.03.2015 um 21:16 Uhr) |
|
24.03.2015, 10:34
| #7 |
| /// the machine /// TB-Ausbilder | svchost.exe greift auf clickhosterseiten zu (im hintergrund) Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.03.2015, 09:21
| #8 |
| | re4 Malwarebytes-LOG Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Update, 25.03.2015 06:56:02, SYSTEM, DSLSERVICE, Manual, Malware Database, 2015.3.25.1, 2015.3.25.2, Update, 25.03.2015 06:56:11, SYSTEM, DSLSERVICE, Manual, Failed, Unable to access update server, Scan, 25.03.2015 07:25:35, SYSTEM, DSLSERVICE, Manual, Start: % 1 "% 2", Dauer: % 1 min 29 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, 0-Malwareerkennung, (end) nicht gelöschte Beiträge sind FALSE-POSITIVES! und gehören zu meinem Programm und einstellungsrepertoire Code:
ATTFilter # AdwCleaner v4.113 - Bericht erstellt 25/03/2015 um 07:37:05
# Aktualisiert 22/03/2015 von Xplode
# Datenbank : 2015-03-23.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x86)
# Benutzername : Friedrich - DSLSERVICE
# Gestarted von : C:\Users\Friedrich\Desktop\Sicherheitsprogramme\AdwCleaner_4.113.exe
# Option : Löschen
***** [ Dienste ] *****
[x] Nicht Gelöscht : sp_rsdrv2
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Windows\Uninstaller
Ordner Gelöscht : C:\Users\Friedrich\AppData\Local\PackageAware
[x] Nicht Gelöscht : C:\Windows\system32\drivers\sp_rsdrv2.sys
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
[x] Nicht Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Hard Disk Manager™ 14 Suite\Uninstall Paragon Hard Disk Manager™.lnk
[x] Nicht Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NovaLogic\Delta Force 2\Uninstall.lnk
[x] Nicht Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NovaLogic\Delta Force\Uninstall.lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Schlüssel Gelöscht : HKCU\Software\Headlight
Schlüssel Gelöscht : HKLM\SOFTWARE\Headlight
[x] Nicht Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\allSnap_is1
[x] Nicht Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sonic the Hedgehog 4 - Episode II (c) SEGA_is1
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17689
-\\ Mozilla Firefox v36.0.4 (x86 de)
-\\ Chromium v
*************************
AdwCleaner[R0].txt - [2696 Bytes] - [05/07/2014 01:32:15]
AdwCleaner[R10].txt - [2972 Bytes] - [19/03/2015 05:08:27]
AdwCleaner[R11].txt - [3033 Bytes] - [19/03/2015 08:52:58]
AdwCleaner[R12].txt - [2906 Bytes] - [22/03/2015 22:42:07]
AdwCleaner[R13].txt - [2748 Bytes] - [23/03/2015 03:01:35]
AdwCleaner[R14].txt - [2898 Bytes] - [25/03/2015 07:30:51]
AdwCleaner[R1].txt - [2108 Bytes] - [05/07/2014 01:44:43]
AdwCleaner[R2].txt - [2092 Bytes] - [05/07/2014 01:51:47]
AdwCleaner[R3].txt - [2152 Bytes] - [22/07/2014 16:45:56]
AdwCleaner[R4].txt - [2309 Bytes] - [27/08/2014 00:30:24]
AdwCleaner[R5].txt - [2646 Bytes] - [27/08/2014 15:45:37]
AdwCleaner[R6].txt - [2706 Bytes] - [27/08/2014 15:51:46]
AdwCleaner[R7].txt - [2858 Bytes] - [01/09/2014 18:35:30]
AdwCleaner[R8].txt - [2695 Bytes] - [20/12/2014 19:07:20]
AdwCleaner[R9].txt - [2912 Bytes] - [10/03/2015 19:00:19]
AdwCleaner[S0].txt - [2649 Bytes] - [05/07/2014 01:39:52]
AdwCleaner[S1].txt - [2061 Bytes] - [05/07/2014 01:48:59]
AdwCleaner[S2].txt - [2843 Bytes] - [19/03/2015 09:34:59]
AdwCleaner[S3].txt - [2996 Bytes] - [25/03/2015 07:37:05]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [3055 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.5 (03.17.2015:1)
OS: Windows 7 Professional x86
Ran by Friedrich on 25.03.2015 at 7:50:49,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.03.2015 at 7:53:27,97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Friedrich (administrator) on DSLSERVICE on 25-03-2015 07:57:30
Running from C:\Users\Friedrich\Desktop\Sicherheitsprogramme
Loaded Profiles: Friedrich (Available profiles: Friedrich)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\Paragon Software\Paragon ExtFS for Windows\Dokan\DokanLibrary\mounter.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(H+H Software GmbH) C:\Program Files\Virtual CD v10\System\VC10SecS.exe
(VMware, Inc.) C:\Windows\System32\vmnat.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(H+H Software GmbH) C:\Program Files\Virtual CD v10\System\VC10Play.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\AKL\AkSA.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\AntiTheft\Antitheft.exe
(VMware, Inc.) C:\Windows\System32\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(NirSoft) C:\Program Files\TcpLogView v1.12\TcpLogView.exe
(NirSoft) C:\Program Files\HTTPNetworkSniffer v1.35\HTTPNetworkSniffer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [VC10Player] => C:\Program Files\Virtual CD v10\System\VC10Play.exe [411976 2011-10-19] (H+H Software GmbH)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM\...\Run: [ISW] => C:\Program Files\CheckPoint\AKL\AkSA.exe [638584 2014-05-14] (Check Point Software Technologies LTD)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM\...\Run: [Razer Synapse] => C:\Program Files\Razer\Synapse\RzSynapse.exe [590144 2015-02-28] (Razer Inc.)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [153672 2010-06-14] (Logitech Inc.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3642466463-2128021046-2334674927-1002\...\Run: [DMS-Kalenderchen] => C:\Program Files\Kalenderchen\Kalenderchen.exe [3498496 2010-05-18] (Daniel Manger Software)
HKU\S-1-5-21-3642466463-2128021046-2334674927-1002\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3642466463-2128021046-2334674927-1002\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\allSnap.lnk
ShortcutTarget: allSnap.lnk -> C:\Program Files\allSnap\allSnap.exe (Ivan Heckman)
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
BootExecute: autocheck autochk * OODBS
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3642466463-2128021046-2334674927-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3642466463-2128021046-2334674927-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3642466463-2128021046-2334674927-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-06] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-06] (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{540DE981-1465-410D-993D-5B1652998DCB}: [NameServer] 192.168.44.44
FireFox:
========
FF ProfilePath: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default
FF NewTab:
FF Homepage: about:blank
FF NetworkProxy: "user_pref("extensions.foxtor.network.proxy.http", "");
FF NetworkProxy: "user_pref("extensions.foxtor.network.proxy.http_port", 0);
FF NetworkProxy: "user_pref("extensions.foxtor.network.proxy.no_proxies_on", "");
FF NetworkProxy: "user_pref("extensions.foxtor.network.proxy.share_proxy_settings", true);
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF NetworkProxy: "backup.ftp", "127.0.0.1"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.gopher", "www-proxy.t-online.de"
FF NetworkProxy: "backup.gopher_port", 80
FF NetworkProxy: "backup.socks", "127.0.0.1"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "127.0.0.1"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "127.0.0.1"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "gopher", "127.0.0.1"
FF NetworkProxy: "gopher_port", 4001
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "pong", ""
FF NetworkProxy: "pong_port", 0
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-12] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF-XChange Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @esn/npbattlelog,version=2.4.0 -> C:\Program Files\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-06] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll [2013-12-13] (Nullsoft, Inc.)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF-XChange Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin HKU\S-1-5-21-3642466463-2128021046-2334674927-1002: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF-XChange Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-3642466463-2128021046-2334674927-1002: eyes.nasa.gov/NASAEyes -> C:\Users\Friedrich\AppData\Roaming\JPLNASAVTAD\NASAEyes\1.0.0.0\npNASAEyes.dll [2013-08-02] (JPL/NASA-Caltech)
FF Plugin HKU\S-1-5-21-3642466463-2128021046-2334674927-1002: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Trials Evolution Gold Edition\datapack\orbit\npuplaypc.dll [2013-03-18] (Ubisoft)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-03-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-03-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-03-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-03-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-03-06] (Apple Inc.)
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\a9.xml [2013-06-01]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\blekko-https.xml [2015-03-18]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\blekko.xml [2015-03-18]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\duckduckgo.xml [2012-07-03]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\expediadotcom.xml [2007-03-08]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\flickr-tags.xml [2013-07-08]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\geizhalseu.xml [2015-03-02]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\geo-ip-tool.xml [2014-10-04]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\gutscheinrauschde-suche.xml [2011-03-22]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\hollywoodcom.xml [2013-10-05]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\imdb.xml [2008-10-22]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\ixquick-ssl.xml [2014-03-06]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\lycos-europe.xml [2007-03-06]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\MSN.xml [2013-10-05]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\neckermannde.xml [2007-03-06]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\otto.xml [2007-03-06]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\qwantcom.xml [2014-03-06]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\spinde.xml [2009-03-16]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\t-online.xml [2007-03-06]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\weathercom.xml [2015-03-18]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\wolframalpha.xml [2014-03-06]
FF SearchPlugin: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\searchplugins\youtube-videosuche.xml [2015-03-19]
FF Extension: Cache Status - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\cache@status.org [2014-05-03]
FF Extension: Chromifox Basic - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\chromifox@altmusictv.com [2013-01-29]
FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\donottrackplus@abine.com [2014-11-22]
FF Extension: FoxyProxy Standard - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\foxyproxy@eric.h.jung [2015-03-22]
FF Extension: HTTPS-Everywhere - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\https-everywhere@eff.org [2015-01-23]
FF Extension: GutscheinRausch.de - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\jl@leimbach-it.de [2013-01-29]
FF Extension: rein - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\rein@notiz.jp [2013-04-30]
FF Extension: TinEye Reverse Image Search - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\tineye@ideeinc.com [2013-01-29]
FF Extension: Forecastfox - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2013-01-29]
FF Extension: Elementary - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{05e38d80-09c1-11dd-bd0b-0800200c9a66} [2013-01-29]
FF Extension: Vista-aero - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{07b2a769-ed19-4483-87ce-c643914c81bb} [2013-01-29]
FF Extension: PONG! - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{1368F36C-0370-419a-A408-28F94FD35974} [2013-01-29]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013-01-29]
FF Extension: hmmXP - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{224d6e00-0336-11dd-95ff-0800200c9a66} [2013-01-29]
FF Extension: 8 Ultimo - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{2b6788a0-0ccd-11e1-be50-0800200c9a66} [2013-01-29]
FF Extension: HostIP.info Geolocation Plugin - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{49eba0b5-0393-4e13-8cc4-06298a281c5d} [2013-01-29]
FF Extension: Aero Fox XL - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} [2013-01-29]
FF Extension: FT DeepDark - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-02-27]
FF Extension: W3v8 for Firefox - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{7DA90D46-1B69-4cc5-9ACE-CB64D8D85B00} [2013-01-29]
FF Extension: iMacros for Firefox - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2015-02-19]
FF Extension: Nightly Tester Tools - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29} [2013-11-01]
FF Extension: Proto_Dust - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{8a39fe10-f553-11dd-87af-0800200c9a66} [2013-01-29]
FF Extension: Live HTTP Headers - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2013-06-12]
FF Extension: Bamboo Feed Reader - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{b2e69492-2358-071a-7056-24ad0c3defb1} [2015-02-21]
FF Extension: Gnome - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{bdc06860-70c3-11dd-ad8b-0800200c9a66} [2013-01-29]
FF Extension: iPox - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66} [2013-01-29]
FF Extension: User Agent Switcher - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1} [2013-01-29]
FF Extension: PageZoom [de] - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{eeb299da-31d8-4683-aad4-9c9a045e0351} [2013-01-29]
FF Extension: CustomizeGoogle - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb} [2013-01-29]
FF Extension: SEOpen - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{ff6bdc07-eed6-4815-ad95-d7938b673ab5} [2013-01-29]
FF Extension: Classic Theme Restorer - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-06-16]
FF Extension: Classic Toolbar Buttons - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\CSTBB@NArisT2_Noia4dev.xpi [2014-06-19]
FF Extension: Firebug - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\firebug@software.joehewitt.com.xpi [2013-01-29]
FF Extension: Ghostery - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\firefox@ghostery.com.xpi [2015-02-24]
FF Extension: Glaze Black - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\glaze_black@www.theme-oasis.org.xpi [2013-01-29]
FF Extension: ipFuck - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\ipfuck@p4ul.info.xpi [2014-03-07]
FF Extension: Lightbeam - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2013-01-29]
FF Extension: NASA Night Launch - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\nasanightlaunch@example.com.xpi [2013-01-29]
FF Extension: Netscape Navigator Nostalgia - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\Netscape@gideas.xpi [2013-01-29]
FF Extension: Niederschlagsradar - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\niederschlagsradar@sensiva.net.xpi [2013-01-29]
FF Extension: Classic Compact Options - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\notreal.ccoptions@environmentalchemistry.com.xpi [2013-01-29]
FF Extension: RightBar - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\rightbar@realmtech.net.xpi [2014-06-19]
FF Extension: Secret Agent - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\SecretAgent@Dephormation.org.uk.xpi [2014-03-12]
FF Extension: Secure Login - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\secureLogin@blueimp.net.xpi [2015-02-11]
FF Extension: MZ8 - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\someone@somewhere.xpi [2014-07-27]
FF Extension: Throbber Restored - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\Throbber-Restored@jetpack.xpi [2014-09-07]
FF Extension: Flagfox - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-10]
FF Extension: Image Zoom - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2013-04-16]
FF Extension: Aeon Colors - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{1DEAE5AA-E19E-458b-9C8C-73CB651B9A58}.xpi [2013-01-29]
FF Extension: LittleFox - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}.xpi [2014-06-20]
FF Extension: Leet Key - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{3335F91D-2AEF-4097-B831-C96C60349822}.xpi [2013-01-29]
FF Extension: Organize Status Bar - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}.xpi [2013-01-29]
FF Extension: Qute Classic - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{5514CFC3-D9A8-4f1a-8DF1-930EBFB59901}.xpi [2013-01-29]
FF Extension: STEAM - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{678156d0-0e01-11df-8a39-0800200c9a66}.xpi [2013-01-29]
FF Extension: Nautipolis for Firefox - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{6C4BAFB6-2AC2-4405-A98D-546B55B3AE92}.xpi [2013-01-29]
FF Extension: NoScript - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-01-29]
FF Extension: ReloadEvery - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2013-01-29]
FF Extension: n2scape - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{962229ad-1a31-4d4f-ac5b-a86cbc38f6bb}.xpi [2013-01-29]
FF Extension: Tamper Data - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2013-01-29]
FF Extension: Video DownloadHelper - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-06]
FF Extension: Sothink Flash Downloader for Firefox - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{BAEBEF65-9289-47c5-8524-C345CC5D860D}.xpi [2013-01-29]
FF Extension: Web Developer - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013-01-29]
FF Extension: classiccompact - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}.xpi [2013-01-29]
FF Extension: FOXSCAPE - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{da7f40f0-8675-11db-b606-0800200c9a66}.xpi [2013-01-29]
FF Extension: DownThemAll! - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-01-29]
FF Extension: Torbutton - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi [2013-01-29]
FF Extension: HackBar - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}.xpi [2013-10-05]
FF Extension: Mosaic-Fox - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{f9bddc00-152b-11de-8c30-0800200c9a66}.xpi [2013-01-29]
FF Extension: Firefox 2, the theme, reloaded - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\bmct2hvv.default\Extensions\{fd2f951f-77ea-4938-9493-0c892c027a13}.xpi [2014-06-19]
FF Extension: QuickStores-Toolbar - C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de.xpi [2015-03-22]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 CLHNServiceForPowerDVD; C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [83240 2011-04-20] ()
S4 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [70952 2011-03-31] (CyberLink)
S4 CyberLink PowerDVD 11.0 Service; C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [312616 2011-03-31] (CyberLink)
R2 DokanMounter; C:\Program Files\Paragon Software\Paragon ExtFS for Windows\Dokan\DokanLibrary\mounter.exe [22736 2014-08-25] ()
S4 EMET_Service; C:\Program Files\EMET 5.1\EMET_Service.exe [31880 2014-11-09] (Microsoft Corporation)
S3 Futuremark SystemInfo Service; C:\Program Files\Futuremark\SystemInfo\FMSISvc.exe [614624 2015-02-09] (Futuremark)
S3 ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 IswSvc; C:\Program Files\CheckPoint\AKL\AkSVC.exe [749176 2014-05-14] (Check Point Software Technologies LTD)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [238288 2015-03-23] (McAfee, Inc.)
S2 nlndis; C:\Program Files\NetLimiter Ndis Miniport Service\nlndis.exe [32768 2011-10-05] (Locktime Software) [File not signed]
S3 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1126400 2013-02-20] (Locktime Software) [File not signed]
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [2505160 2013-01-07] (O&O Software GmbH)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [32568 2014-08-07] (The OpenVPN Project)
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [1910640 2015-03-04] (Electronic Arts)
S4 Razer Game Scanner Service; C:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
S3 Realtek87B; C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [File not signed]
S3 RUBotSrv; C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.)
S4 ST2012_Svc; C:\Program Files\Spyware Terminator\st_rsser.exe [587912 2013-01-14] (Crawler.com)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VC10SecS; C:\Program Files\Virtual CD v10\System\VC10SecS.exe [144712 2011-10-19] (H+H Software GmbH)
R2 VMAuthdService; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [86744 2014-06-12] (VMware, Inc.)
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [359128 2014-06-12] (VMware, Inc.)
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [722624 2014-02-27] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [437976 2014-06-12] (VMware, Inc.)
S2 VMwareHostd; C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe [14407384 2014-06-12] ()
S3 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-05-30] (Check Point Software Technologies Ltd.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [90936 2014-05-29] (Check Point Software Technologies, Ltd.)
R2 ZoneAlarm AntiTheft; C:\Program Files\CheckPoint\AntiTheft\Antitheft.exe [3128968 2014-05-30] (Check Point Software Technologies Ltd.)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 CrystalSysInfo; C:\Program Files\MediaCoder\SysInfo.sys [15152 2007-09-25] ()
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [105680 2014-08-25] (Windows (R) Win 7 DDK provider)
S3 ENTECH; C:\Windows\system32\DRIVERS\ENTECH.sys [21664 2004-10-25] (EnTech Taiwan) [File not signed]
S3 es1371; C:\Windows\System32\drivers\es1371mp.sys [40832 2002-06-03] (Creative Technology Ltd.)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 GKBFltr; C:\Windows\System32\Drivers\GameKB.sys [19328 2009-12-29] ()
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [43840 2014-02-27] (VMware, Inc.)
S3 HH10Help.sys; C:\Windows\system32\drivers\HH10Help.sys [13952 2010-03-10] (H+H Software GmbH) [File not signed]
R0 iaStorA; C:\Windows\System32\drivers\iaStorA.sys [532536 2012-09-01] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [25656 2012-09-01] (Intel Corporation)
S3 icsak; C:\Program Files\CheckPoint\AKL\ak\icsak.sys [39296 2014-05-14] (Check Point Software Technologies LTD)
R2 ISWKL; C:\Program Files\CheckPoint\AKL\ISWKL.sys [42880 2014-05-14] (Check Point Software Technologies LTD)
R0 iusb3hcs; C:\Windows\System32\drivers\iusb3hcs.sys [16880 2013-02-22] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [352752 2013-02-22] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [796656 2013-02-22] (Intel Corporation)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-04-30] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [488032 2014-04-30] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2014-04-30] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [43608 2014-04-30] (Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144352 2014-04-30] (Kaspersky Lab ZAO)
R3 MBfilt; C:\Windows\System32\drivers\MBfilt32.sys [24664 2009-11-18] (Creative Technology Ltd.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-02] (Intel Corporation)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [648552 2015-03-23] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [91840 2015-03-23] (McAfee, Inc.)
R3 NLNdisMP; C:\Windows\System32\DRIVERS\nlndis.sys [5230088 2011-03-21] (Locktime Software)
S3 NLNdisPT; C:\Windows\System32\DRIVERS\nlndis.sys [5230088 2011-03-21] (Locktime Software)
R1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [5281672 2011-03-21] (Locktime Software)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R2 ntk_PowerDVD; C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys [71664 2011-04-20] (Cyberlink Corp.)
R2 ParagonLDM; C:\Windows\system32\drivers\biont_bs.sys [24512 2014-04-11] (Paragon Software GmbH)
S3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13440 2011-11-24] (June Fabrics Technology Inc.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
S3 RTCore32; C:\Program Files\MSI Afterburner\RTCore32.sys [5632 2013-03-11] () [File not signed]
S3 RTL8187; C:\Windows\System32\DRIVERS\rtl8187.sys [375808 2010-01-07] (Realtek Semiconductor Corporation )
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [35624 2014-12-17] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [20416 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [97088 2014-11-17] (Razer, Inc.)
R3 rzudd; C:\Windows\System32\DRIVERS\rzudd.sys [151336 2014-12-30] (Razer Inc)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [436792 2013-01-30] () [File not signed]
R1 sp_rsdrv2; C:\Windows\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] () [File not signed]
R0 SscRdBus; C:\Windows\System32\DRIVERS\SscRdBus.sys [88296 2014-11-22] (SuperSpeed LLC) [File not signed]
R0 SscRdCls; C:\Windows\System32\DRIVERS\SscRdCls.sys [40984 2007-12-19] (SuperSpeed LLC)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2014-04-08] (The OpenVPN Project)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [5120 2012-12-19] ()
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [91016 2013-12-26] ()
R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [20616 2013-12-26] ()
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [540168 2013-12-26] ()
S1 Uim_Vim; C:\Windows\System32\Drivers\Uim_Vim.sys [283600 2012-11-22] (Paragon)
R1 vdrv1000; C:\Windows\System32\DRIVERS\vdrv1000.sys [186392 2011-04-19] (H+H Software GmbH)
R3 vmkbd2; C:\Windows\system32\drivers\VMkbd.sys [26456 2014-06-12] (VMware, Inc.)
R3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [17104 2014-06-12] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [37456 2014-06-12] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [26968 2014-06-12] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [66136 2014-06-12] (VMware, Inc.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [456088 2014-05-30] (Check Point Software Technologies Ltd.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [63824 2013-10-08] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\System32\drivers\vstor2-mntapi20-shared.sys [23632 2013-02-22] (VMware, Inc.)
R2 WCMVCAM; C:\Windows\System32\DRIVERS\wcmvcam.sys [1068216 2012-04-15] (Windows (R) Win 7 DDK provider)
R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
S3 WmHidLo; C:\Windows\System32\drivers\WmHidLo.sys [31816 2010-04-27] (Logitech Inc.)
R3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [77296 2011-04-12] (CyberLink Corp.)
S3 catchme; \??\C:\Users\HAKENN~1\AppData\Local\Temp\catchme.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2014-04-30] (Kaspersky Lab ZAO)
S4 NvStUSB; \SystemRoot\system32\drivers\nvstusb.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad32v.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-23 09:32 - 2015-03-23 09:33 - 00000000 ____D () C:\Program Files\MiniTool Partition Wizard Free 9.0
2015-03-23 09:32 - 2015-03-23 09:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Free 9.0
2015-03-23 08:20 - 2015-03-23 08:20 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-03-23 06:22 - 2015-03-23 06:22 - 00648552 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys
2015-03-23 06:22 - 2015-03-23 06:22 - 00238288 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2015-03-23 06:22 - 2015-03-23 06:22 - 00091840 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mferkdet.sys
2015-03-23 03:20 - 2015-03-25 07:46 - 00000000 ____D () C:\Windows\erdnt
2015-03-23 03:07 - 2015-03-25 07:57 - 00000000 ____D () C:\FRST
2015-03-23 02:18 - 2015-03-23 09:37 - 00172576 _____ () C:\Users\Friedrich\Documents\pinfect.zip
2015-03-23 00:40 - 2015-03-23 00:40 - 00000000 ____D () C:\Windows\VDLL.DLL
2015-03-23 00:40 - 2015-03-23 00:40 - 00000000 ____D () C:\Windows\system32\runouce.exe
2015-03-23 00:40 - 2015-03-23 00:40 - 00000000 ____D () C:\Windows\RUNDL132.EXE
2015-03-23 00:40 - 2015-03-23 00:40 - 00000000 ____D () C:\Windows\logo_1.exe
2015-03-23 00:29 - 2015-03-23 09:36 - 00000054 _____ () C:\Windows\Lic.xxx
2015-03-23 00:29 - 2015-03-23 00:29 - 00034048 _____ (MicroWorld Technologies Inc.) C:\Windows\system32\eEmpty.exe
2015-03-23 00:29 - 2015-03-23 00:29 - 00000000 ____D () C:\ProgramData\MicroWorld
2015-03-23 00:29 - 2015-03-23 00:29 - 00000000 ____D () C:\Program Files\Common Files\MicroWorld
2015-03-23 00:29 - 2005-09-22 23:22 - 00000522 _____ () C:\Windows\system32\Microsoft.VC80.CRT.manifest
2015-03-23 00:22 - 2015-03-25 06:58 - 00000000 ____D () C:\Users\Friedrich\Desktop\Sammlung fürs Board
2015-03-22 20:37 - 2015-03-22 20:37 - 00000000 ____D () C:\ProgramData\Trend Micro
2015-03-22 20:25 - 2015-03-22 20:28 - 00000353 _____ () C:\Users\Friedrich\Desktop\Office AUTOKMS sehr Wichtig.txt
2015-03-22 19:00 - 2015-03-22 19:00 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-03-22 18:29 - 2015-03-22 18:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-20 23:13 - 2015-03-20 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
2015-03-20 23:13 - 2015-03-20 23:13 - 00000000 ____D () C:\Program Files\Trend Micro
2015-03-20 22:57 - 2015-03-20 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree
2015-03-20 22:57 - 2015-03-20 22:57 - 00000000 ____D () C:\Program Files\Emsisoft HiJackFree
2015-03-20 22:56 - 2015-03-20 22:56 - 02925920 _____ (Emsisoft GmbH ) C:\Users\Friedrich\Desktop\EmsisoftHiJackFreeSetup.exe
2015-03-20 22:47 - 2015-03-20 22:51 - 140425968 _____ (Microsoft Corporation) C:\Users\Friedrich\Desktop\Microsoft Security Scanner.exe
2015-03-20 19:07 - 2015-03-20 19:11 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-03-19 01:28 - 2015-03-19 02:52 - 00000000 ____D () C:\Users\Friedrich\Desktop\ThinkpadpunkteVideo
2015-03-19 00:53 - 2015-03-22 19:01 - 00429152 _____ () C:\Users\Friedrich\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-19 00:52 - 2015-03-22 19:12 - 04703120 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-19 00:18 - 2015-03-19 00:20 - 00084562 _____ () C:\Users\Friedrich\Desktop\usbdeview.zip
2015-03-19 00:18 - 2015-03-19 00:20 - 00046516 _____ () C:\Users\Friedrich\Desktop\driverview.zip
2015-03-19 00:17 - 2015-03-19 00:20 - 00068998 _____ () C:\Users\Friedrich\Desktop\bluescreenview.zip
2015-03-18 21:39 - 2015-03-18 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GNavigia
2015-03-18 21:39 - 2010-04-07 02:29 - 00081920 _____ () C:\Windows\system32\GkSui20.EXE
2015-03-18 21:26 - 2015-03-18 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-03-18 21:26 - 2015-03-16 18:44 - 00749664 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2015-03-18 21:25 - 2015-03-18 21:25 - 00000000 ____D () C:\Program Files\Oracle
2015-03-18 21:25 - 2015-03-16 18:42 - 00104384 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2015-03-18 21:17 - 2015-03-18 21:17 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-03-18 21:16 - 2014-12-03 13:51 - 00927960 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2015-03-18 21:16 - 2014-12-03 11:41 - 03365208 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2015-03-18 21:16 - 2014-12-03 10:15 - 01485163 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-03-18 21:16 - 2014-12-02 11:42 - 02381680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2015-03-18 21:16 - 2014-11-27 08:31 - 02510192 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO.dll
2015-03-18 21:16 - 2014-08-06 06:43 - 02588888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2015-03-18 21:16 - 2014-04-10 05:19 - 01940056 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2015-03-18 21:16 - 2014-03-06 09:35 - 01892056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2015-03-18 21:16 - 2014-02-18 10:04 - 02421792 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2015-03-18 21:16 - 2014-01-08 08:25 - 00332568 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp32.dll
2015-03-18 21:16 - 2013-01-11 09:27 - 00563992 _____ (Creative Technology Ltd.) C:\Windows\system32\MBTHX32.dll
2015-03-18 21:16 - 2011-11-22 09:28 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2015-03-18 21:16 - 2010-11-08 00:31 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2015-03-18 21:16 - 2010-11-08 00:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2015-03-18 21:16 - 2010-11-08 00:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2015-03-18 21:16 - 2010-11-08 00:31 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2015-03-18 21:16 - 2010-11-08 00:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2015-03-18 21:16 - 2010-11-08 00:31 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2015-03-18 21:16 - 2010-09-27 02:34 - 00232792 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-03-18 21:16 - 2009-12-04 08:43 - 00132368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
2015-03-18 21:16 - 2009-11-24 02:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2015-03-18 21:16 - 2009-11-24 02:55 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
2015-03-18 21:16 - 2009-11-24 02:55 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
2015-03-18 21:16 - 2009-11-24 02:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2015-03-18 21:16 - 2009-11-18 11:42 - 01783056 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
2015-03-18 21:16 - 2009-11-18 00:12 - 00024664 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\MBfilt32.sys
2015-03-18 21:15 - 2014-06-06 17:00 - 00519368 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2015-03-18 21:15 - 2013-10-11 05:47 - 00092584 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-03-18 21:15 - 2012-03-08 04:47 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2015-03-18 20:49 - 2015-01-25 11:20 - 00000000 ____D () C:\Users\Friedrich\Desktop\Baphomets Fluch 1-5 Deutsch
2015-03-17 14:44 - 2015-03-18 17:10 - 329252864 _____ () C:\Users\Friedrich\Desktop\openSUSE-13.2-DVD-i586.iso
2015-03-17 14:37 - 2015-03-17 14:41 - 79691776 _____ () C:\Users\Friedrich\Desktop\CorePlus-current.iso
2015-03-16 18:42 - 2015-03-16 18:42 - 00115672 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2015-03-12 15:27 - 2015-03-25 06:12 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Everything
2015-03-12 15:27 - 2015-03-12 15:27 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
2015-03-11 20:41 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-11 20:41 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-03-11 20:41 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-03-11 20:41 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-03-11 20:41 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-03-11 20:41 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-03-11 20:41 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-03-11 20:02 - 2015-03-06 06:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 20:02 - 2015-03-06 06:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 20:02 - 2015-03-06 06:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 20:02 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 20:02 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 20:02 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 20:02 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 20:02 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 20:02 - 2015-03-06 06:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 20:02 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 20:02 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 20:02 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 20:02 - 2015-03-06 06:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 20:02 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 20:02 - 2015-03-06 06:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 20:02 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 20:02 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 20:02 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 20:02 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 20:02 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 20:02 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 20:02 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 20:02 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 20:02 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 20:02 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 20:02 - 2015-02-20 03:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 20:02 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 20:02 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 20:02 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 20:02 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 20:02 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 20:02 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 20:02 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 20:02 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 20:02 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 20:02 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 20:02 - 2015-02-20 02:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 20:02 - 2015-02-20 02:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 20:02 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 20:02 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 20:02 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 20:02 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 20:02 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 20:02 - 2015-02-20 02:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 20:02 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 20:02 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 20:02 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 20:02 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 20:02 - 2015-01-31 00:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 20:02 - 2015-01-29 04:05 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-11 20:02 - 2015-01-29 04:05 - 03917752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 20:02 - 2015-01-29 04:01 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 20:02 - 2015-01-29 04:01 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 20:02 - 2015-01-29 04:01 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 20:02 - 2015-01-29 04:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 20:02 - 2015-01-29 04:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 20:02 - 2015-01-29 03:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 20:01 - 2015-02-26 04:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 20:01 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 20:01 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 20:01 - 2015-02-20 05:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 20:01 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 20:01 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 20:01 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 20:01 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 20:01 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 20:01 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 20:01 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 20:00 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-03-11 17:12 - 2015-03-11 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PY Software
2015-03-11 17:12 - 2007-08-13 14:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\wmvdmoe.dll
2015-03-11 16:57 - 2015-03-11 17:03 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\WebcamZoneTrigger
2015-03-11 16:12 - 2015-03-11 16:12 - 00000000 ____D () C:\Users\Public\Documents\Xeoma
2015-03-11 12:19 - 2015-03-11 12:19 - 00000000 ____D () C:\Windows\system32\DCS
2015-03-11 01:10 - 2015-03-11 01:10 - 00003584 _____ () C:\Users\Friedrich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-08 10:55 - 2015-03-08 10:55 - 06208736 _____ (Tim Kosse) C:\Users\Friedrich\Downloads\FileZilla_3.10.2_win32-setup.exe
2015-03-08 10:55 - 2015-03-08 10:55 - 06057862 _____ (Tim Kosse) C:\Users\Friedrich\Downloads\FileZilla_3.9.0.5_win32-setup.exe
2015-03-08 03:47 - 2015-03-08 03:47 - 00000216 _____ () C:\Users\Friedrich\Desktop\rFactor Demo.url
2015-03-08 02:07 - 2015-03-08 02:07 - 00000623 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Batman 3 - Beyond Gotham.lnk
2015-03-08 02:02 - 2015-03-08 02:02 - 00000000 ____D () C:\Program Files\LEGO Batman 3 - Beyond Gotham
2015-03-06 05:12 - 2015-03-06 05:12 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Apple Computer
2015-03-06 05:10 - 2015-03-06 05:12 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-03-06 05:10 - 2015-03-06 05:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-03-06 05:08 - 2015-03-21 19:35 - 00000000 ____D () C:\Users\Friedrich\Desktop\LightWorks DE Tutorials
2015-03-06 04:28 - 2015-03-06 04:28 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-03-05 21:53 - 2015-03-05 21:53 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Stardock
2015-03-05 20:41 - 2015-03-13 19:42 - 00000000 ____D () C:\Users\Friedrich\Desktop\Chromanova.fm - crazy freak dance 24-7-
2015-03-05 07:50 - 2015-03-05 07:50 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\com.ohnoo.TormentumDemo
2015-03-05 07:31 - 2015-03-05 07:31 - 00000000 ____D () C:\Users\Friedrich\Documents\SpriteLamp
2015-03-05 07:31 - 2015-03-05 07:31 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\SpriteLampWinforms
2015-03-05 06:58 - 2015-03-05 07:03 - 00000000 ____D () C:\Program Files\TClock
2015-03-05 06:04 - 2015-03-05 06:04 - 00000000 ____D () C:\Windows Anmeldesounds +Icons AlleSys Bildschirmschoner
2015-03-05 05:49 - 2015-03-05 05:49 - 00000000 ____D () C:\ProgramData\Stardock
2015-03-05 05:48 - 2015-03-05 05:48 - 00000000 __HDC () C:\ProgramData\{9C3F823B-4738-4CAF-A6B2-69E87FB636C0}
2015-03-05 05:48 - 2015-03-05 05:48 - 00000000 ____D () C:\Users\Public\Documents\Stardock
2015-03-05 05:48 - 2015-03-05 05:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2015-03-05 05:48 - 2015-03-05 05:48 - 00000000 ____D () C:\Program Files\Stardock
2015-03-05 05:28 - 2015-03-05 05:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPU
2015-03-05 05:28 - 2015-03-05 05:28 - 00000000 ____D () C:\Program Files\MPU
2015-03-05 05:20 - 2015-03-05 05:20 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Lern-o-Mat
2015-03-05 05:14 - 2015-03-05 05:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD-lab PRO 2.0
2015-03-05 05:14 - 2015-03-05 05:14 - 00000000 ____D () C:\Program Files\DVDlabPro2
2015-03-05 05:13 - 2015-03-05 05:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Doc Scrubber
2015-03-05 05:13 - 2015-03-05 05:13 - 00000000 ____D () C:\Program Files\Doc Scrubber
2015-03-05 05:12 - 2015-03-05 05:12 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\jStrip
2015-03-05 05:12 - 2015-03-05 05:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jStrip
2015-03-05 05:12 - 2015-03-05 05:12 - 00000000 ____D () C:\Program Files\jStrip
2015-03-05 05:12 - 1999-10-30 02:00 - 00167936 _____ (Common Controls Replacement Project (CCRP)) C:\Windows\system32\ccrpftv6.ocx
2015-03-04 06:03 - 2015-03-12 12:34 - 00000000 ____D () C:\Users\Friedrich\.mediathek3
2015-03-04 06:03 - 2015-03-04 06:03 - 00000000 ____D () C:\Program Files\Mediathekview
2015-03-03 19:32 - 2015-03-03 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-03-03 19:32 - 2015-03-03 19:32 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack
2015-03-03 18:52 - 2015-03-03 18:54 - 63361024 _____ () C:\Users\Friedrich\Desktop\EpicGamesLauncherInstaller-2.0.0-2465596.msi
2015-03-03 18:13 - 2015-03-03 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3
2015-03-02 07:05 - 2015-03-02 07:05 - 00000000 ____D () C:\Users\Friedrich\Documents\Bandicam
2015-03-02 07:04 - 2015-03-23 16:41 - 00000000 ____D () C:\Program Files\Bandicam
2015-03-02 07:04 - 2015-03-02 07:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2015-03-02 07:04 - 2015-03-02 07:04 - 00000000 ____D () C:\Program Files\BandiMPEG1
2015-03-01 23:52 - 2015-03-01 23:52 - 00000000 ____D () C:\Users\Friedrich\Desktop\Silent Hill Downpour (Xbox 360 Gamerip)
2015-02-28 18:06 - 2015-02-05 18:51 - 00621384 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2015-02-28 18:05 - 2015-02-05 21:48 - 24768144 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 20465808 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 16016848 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 10773520 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 10713256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 08473928 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-28 18:05 - 2015-02-05 21:48 - 03247248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 01047880 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3234752.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 00931136 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 00912528 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3234752.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 00909120 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 00877816 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshim.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 00399504 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 00345928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 00305136 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim32.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 00164568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinit.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 00161424 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda32v.sys
2015-02-28 18:05 - 2015-02-05 21:48 - 00027280 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap32.dll
2015-02-27 16:04 - 2015-02-27 19:00 - 00000000 ____D () C:\Program Files\EMET 5.1
2015-02-27 16:04 - 2015-02-27 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit
2015-02-27 03:00 - 2015-02-27 03:00 - 00000216 _____ () C:\Users\Friedrich\Desktop\Tormentum - Dark Sorrow Demo.url
2015-02-26 18:36 - 2015-02-26 18:36 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cain
2015-02-26 18:36 - 2015-02-26 18:36 - 00000000 ____D () C:\Program Files\Cain
2015-02-24 19:24 - 2015-03-20 23:09 - 00000000 ____D () C:\Users\Friedrich\Documents\Survarium
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-25 07:57 - 2013-01-30 06:57 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\NetSpeedMonitor
2015-03-25 07:57 - 2013-01-30 01:23 - 00000000 ____D () C:\Users\Friedrich\Desktop\Sicherheitsprogramme
2015-03-25 07:46 - 2010-11-20 22:01 - 01639348 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-25 07:46 - 2009-07-14 05:34 - 00034848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-25 07:46 - 2009-07-14 05:34 - 00034848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-25 07:42 - 2013-01-29 18:50 - 01286151 _____ () C:\Windows\WindowsUpdate.log
2015-03-25 07:39 - 2013-02-17 07:38 - 00000000 ____D () C:\ProgramData\VMware
2015-03-25 07:38 - 2014-07-03 02:07 - 00067682 _____ () C:\Windows\setupact.log
2015-03-25 07:38 - 2014-01-11 03:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-25 07:38 - 2013-01-30 08:01 - 01846372 _____ () C:\Windows\system32\oodbs.lor
2015-03-25 07:38 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-25 07:37 - 2014-07-05 01:31 - 00000000 ____D () C:\AdwCleaner
2015-03-25 06:56 - 2014-11-15 20:35 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-25 06:54 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Registration
2015-03-25 04:44 - 2013-01-30 05:14 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\CrashDumps
2015-03-23 20:27 - 2013-03-02 16:35 - 00000000 ____D () C:\Program Files\Pluto Client
2015-03-23 20:15 - 2014-07-05 01:41 - 00607496 _____ () C:\Windows\PFRO.log
2015-03-23 20:12 - 2014-01-11 01:33 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Apps\2.0
2015-03-23 20:12 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-03-23 20:08 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-03-23 16:50 - 2013-02-11 06:02 - 00000000 ____D () C:\Users\Friedrich\Desktop\Magic.Games.II
2015-03-23 16:41 - 2013-01-30 06:17 - 00000000 ____D () C:\Program Files\mIRC
2015-03-23 16:39 - 2013-02-18 03:52 - 00000000 ____D () C:\Program Files\Dead Space 3 Limited Edition uncut
2015-03-23 16:39 - 2013-02-09 08:44 - 00000000 ____D () C:\Program Files\Magic The Gathering - Duels of the Planeswalkers
2015-03-23 16:39 - 2013-02-04 05:20 - 00000000 ____D () C:\Program Files\Serials World
2015-03-23 16:38 - 2014-01-29 18:03 - 00000000 ____D () C:\Program Files\DLH98
2015-03-23 16:37 - 2013-01-31 03:54 - 00000000 ____D () C:\Program Files\DiRT 3
2015-03-23 16:34 - 2014-07-06 04:05 - 00000000 ____D () C:\Program Files\Assetto Corsa
2015-03-23 16:34 - 2013-02-11 03:53 - 00000000 ____D () C:\Program Files\Ricochet Infinity
2015-03-23 16:33 - 2014-06-12 00:18 - 00000000 ____D () C:\Program Files\HD Video Repair Utility
2015-03-23 16:33 - 2013-03-02 16:32 - 00000000 ____D () C:\Program Files\Portrait Professional Studio 9
2015-03-23 08:21 - 2013-01-30 01:31 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\KeePass
2015-03-23 08:21 - 2013-01-30 01:20 - 00042334 _____ () C:\Users\Friedrich\NeueDatenbank.kdbx
2015-03-23 08:21 - 2013-01-29 18:50 - 00000000 ____D () C:\Users\Friedrich
2015-03-23 07:02 - 2013-02-05 00:25 - 00000000 ____D () C:\Program Files\stinger
2015-03-23 06:21 - 2013-06-04 01:27 - 00000000 ____D () C:\Stinger_Quarantine
2015-03-23 06:15 - 2014-03-23 15:43 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-23 06:00 - 2014-03-23 15:42 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-23 05:25 - 2013-01-30 04:08 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\vlc
2015-03-23 04:16 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-23 03:38 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-23 02:47 - 2014-11-16 21:36 - 00000000 ____D () C:\Program Files\Spezial 5.0
2015-03-22 22:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-03-22 22:10 - 2013-01-30 01:23 - 00000000 ____D () C:\Users\Friedrich\Desktop\Weitere Programme
2015-03-22 21:36 - 2013-01-30 06:18 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\NoNameScript
2015-03-22 20:24 - 2014-10-20 17:53 - 00000000 ____D () C:\ProgramData\GalaxyClient
2015-03-22 19:59 - 2013-01-30 06:17 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\mIRC
2015-03-22 19:03 - 2013-11-22 18:50 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\AIMP3
2015-03-22 19:03 - 2013-01-30 03:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-22 18:56 - 2014-05-14 17:55 - 00000000 ____D () C:\Users\Friedrich\Desktop\Rap Mai 2014
2015-03-22 18:44 - 2013-02-06 04:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-22 18:23 - 2014-02-07 14:18 - 00000600 _____ () C:\Users\Friedrich\AppData\Roaming\winscp.rnd
2015-03-22 18:10 - 2014-08-20 05:17 - 00000000 ____D () C:\Windows\Minidump
2015-03-21 06:12 - 2013-01-30 05:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-20 22:23 - 2013-02-06 02:07 - 00000000 ____D () C:\Temp
2015-03-20 21:39 - 2013-01-30 06:49 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2015-03-20 19:34 - 2014-05-04 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
2015-03-20 19:34 - 2014-05-04 18:34 - 00000000 ____D () C:\Program Files\WhoCrashed
2015-03-20 18:06 - 2013-02-01 15:18 - 00000000 ____D () C:\Program Files\Vuze
2015-03-19 07:56 - 2013-01-29 23:12 - 00000000 ____D () C:\Windows\pss
2015-03-19 06:48 - 2013-03-25 17:56 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\NPE
2015-03-19 03:53 - 2013-01-30 08:07 - 00000000 ____D () C:\Program Files\Steam
2015-03-19 02:39 - 2013-03-04 20:10 - 00000000 ____D () C:\Program Files\KaloMa
2015-03-19 00:48 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-03-19 00:26 - 2014-06-16 02:02 - 00064681 ____H () C:\Windows\system32\BTImages.dat
2015-03-19 00:25 - 2013-01-25 15:30 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-03-19 00:21 - 2013-02-04 05:24 - 00000000 ____D () C:\Program Files\USB Deview
2015-03-19 00:20 - 2014-09-14 21:01 - 00000000 ____D () C:\Program Files\Bluescreen View
2015-03-19 00:20 - 2014-02-14 02:24 - 00000000 ____D () C:\Program Files\DriverView v1.45
2015-03-18 22:11 - 2013-07-16 15:55 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\FileZilla
2015-03-18 21:27 - 2014-02-24 06:30 - 00000000 ____D () C:\Users\Friedrich\.VirtualBox
2015-03-18 21:17 - 2013-01-25 15:37 - 00000000 ___HD () C:\Program Files\Temp
2015-03-18 21:04 - 2013-02-01 15:18 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Azureus
2015-03-18 18:45 - 2013-02-17 08:12 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\VMware
2015-03-18 18:45 - 2013-02-17 08:12 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\VMware
2015-03-16 21:48 - 2013-01-30 01:16 - 00000000 ____D () C:\Users\Friedrich\Mädels u. Chatter
2015-03-16 14:56 - 2015-02-09 11:04 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\.Tribler
2015-03-15 13:50 - 2013-01-31 03:07 - 00000000 ____D () C:\Program Files\Trillian
2015-03-14 17:20 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-03-12 16:44 - 2014-08-17 15:52 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Adobe
2015-03-12 16:44 - 2013-01-29 22:44 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-12 16:44 - 2013-01-29 22:44 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-12 15:27 - 2013-02-01 15:44 - 00000000 ____D () C:\Program Files\Search Everything
2015-03-12 15:24 - 2013-03-19 12:11 - 00000000 ____D () C:\Windows\system32\MAGIX
2015-03-12 15:19 - 2013-01-30 02:18 - 00000000 ____D () C:\Users\Friedrich\Desktop\Spiele
2015-03-12 01:23 - 2013-02-01 16:32 - 00000000 ____D () C:\ProgramData\Origin
2015-03-11 20:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-03-11 20:32 - 2014-02-19 19:09 - 00000000 ___RD () C:\Users\Friedrich\Virtual Machines
2015-03-11 20:17 - 2013-08-03 23:48 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 15:19 - 2013-01-29 22:28 - 00007655 _____ () C:\Users\Friedrich\AppData\Local\Resmon.ResmonCfg
2015-03-11 13:36 - 2014-07-24 00:39 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\.minecraft
2015-03-11 13:26 - 2013-02-07 04:13 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Razer
2015-03-11 13:26 - 2013-02-07 04:12 - 00000000 ____D () C:\ProgramData\Razer
2015-03-11 13:26 - 2013-01-30 05:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-03-11 13:26 - 2013-01-30 05:03 - 00000000 ____D () C:\Program Files\Razer
2015-03-11 12:11 - 2013-08-21 03:42 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\midori
2015-03-11 02:35 - 2013-02-06 02:14 - 00000000 ____D () C:\ProgramData\TEMP
2015-03-10 04:18 - 2014-06-24 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron
2015-03-10 04:18 - 2014-06-24 16:21 - 00000000 ____D () C:\Program Files\SRWare Iron
2015-03-09 09:57 - 2013-04-11 01:04 - 00000000 ____D () C:\Program Files\SpeedFan
2015-03-09 08:08 - 2014-08-23 16:30 - 00000000 ____D () C:\Users\Friedrich\Desktop\New Handy Root und ähnliches Tutorials
2015-03-08 10:56 - 2013-07-16 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-03-08 10:56 - 2013-07-16 15:55 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2015-03-08 04:48 - 2014-01-22 17:33 - 00000000 ____D () C:\Users\Friedrich\.dbus-keyrings
2015-03-08 04:25 - 2014-07-15 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2015-03-08 04:25 - 2014-07-15 21:51 - 00000000 ____D () C:\Program Files\GameforgeLive
2015-03-08 03:47 - 2014-04-09 00:13 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-03-08 02:35 - 2013-11-19 10:19 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Warner Bros. Interactive Entertainment
2015-03-06 05:11 - 2013-02-14 06:50 - 00000000 ____D () C:\Program Files\QuickTime
2015-03-06 04:28 - 2013-09-19 21:42 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-06 04:25 - 2014-01-15 06:51 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-03-06 04:25 - 2013-03-05 05:07 - 00000000 ____D () C:\Program Files\Java
2015-03-05 08:01 - 2013-08-13 00:14 - 00000000 ____D () C:\Users\Friedrich\Documents\3DMark
2015-03-05 07:58 - 2014-06-16 05:52 - 00000022 _____ () C:\Windows\GPU-Z.INI
2015-03-05 07:04 - 2013-01-29 23:29 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-05 07:04 - 2013-01-29 23:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-05 05:28 - 2013-02-05 07:26 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2015-03-05 05:11 - 2013-02-07 01:16 - 00000000 ____D () C:\Westwood
2015-03-05 05:10 - 2013-02-07 01:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Westwood
2015-03-05 03:01 - 2014-04-11 03:10 - 00000000 ____D () C:\Program Files\prime95 v279
2015-03-05 02:40 - 2015-02-11 15:43 - 00000000 ____D () C:\Users\Friedrich\Desktop\Spionaufnahmen mit LifeCam
2015-03-05 02:18 - 2015-02-12 12:20 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\GetRight
2015-03-04 05:16 - 2014-03-11 20:56 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\MPC-HC
2015-03-04 01:56 - 2013-02-01 16:32 - 00000000 ____D () C:\Program Files\Origin
2015-03-04 00:57 - 2013-07-24 22:30 - 00000000 ____D () C:\HammerAutosave
2015-03-03 18:13 - 2013-11-22 18:50 - 00000000 ____D () C:\Program Files\AIMP3
2015-03-02 18:21 - 2013-01-30 02:15 - 00000000 ____D () C:\Users\Friedrich\Desktop\Ernährung u Sportinfos zusatz zur MAPPE
2015-03-02 02:15 - 2013-02-26 18:36 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Audacity
2015-03-02 02:11 - 2013-02-26 18:36 - 00001000 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-03-02 02:11 - 2013-02-26 18:36 - 00000000 ____D () C:\Program Files\Audacity
2015-03-01 23:47 - 2015-02-12 12:21 - 00000000 ____D () C:\ProgramData\GetRight
2015-02-28 19:33 - 2013-02-03 00:02 - 02712576 _____ () C:\Users\Friedrich\AppData\Local\file__0.localstorage
2015-02-28 18:06 - 2013-01-25 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-02-28 17:10 - 2013-05-10 04:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster
2015-02-28 17:10 - 2013-05-10 04:41 - 00000000 ____D () C:\Program Files\IsoBuster
2015-02-27 17:38 - 2013-01-30 01:44 - 00000000 ____D () C:\Users\Friedrich\Desktop\Canon Shots
2015-02-27 16:52 - 2013-02-01 16:51 - 00000000 ____D () C:\Program Files\Futuremark
2015-02-27 16:03 - 2013-01-30 02:17 - 00000000 ____D () C:\Users\Friedrich\Desktop\POP-RADIO FAKE ACCOUNTS
2015-02-27 03:26 - 2013-02-26 18:48 - 00000000 ____D () C:\Users\Public\Documents\Lightworks
2015-02-27 03:20 - 2013-02-26 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks
2015-02-27 03:20 - 2013-02-26 18:48 - 00000000 ____D () C:\Program Files\Lightworks
2015-02-26 21:20 - 2011-04-28 16:10 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-26 18:36 - 2013-09-04 05:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
2015-02-25 03:10 - 2014-06-28 07:22 - 00000000 ____D () C:\Users\Friedrich\Documents\EthanMeteorHunterDemo
2015-02-25 01:15 - 2013-01-30 01:16 - 00000000 ____D () C:\Users\Friedrich\Martin Krüger
2015-02-25 01:14 - 2013-05-24 01:11 - 00000132 _____ () C:\Users\Friedrich\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-02-24 16:48 - 2013-01-29 23:37 - 00000000 ____D () C:\Program Files\CCleaner
==================== Files in the root of some directories =======
2013-10-28 21:15 - 2013-07-08 17:34 - 2699264 _____ (wPrime) C:\Program Files\wPrime.exe
2014-04-26 21:08 - 2014-04-26 21:08 - 0000132 _____ () C:\Users\Friedrich\AppData\Roaming\Adobe GIF Format CS5 Prefs
2013-05-24 01:11 - 2015-02-25 01:14 - 0000132 _____ () C:\Users\Friedrich\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-08-06 07:11 - 2014-10-31 04:40 - 0000132 _____ () C:\Users\Friedrich\AppData\Roaming\Adobe Targa Format CS5 Prefs
2015-02-03 18:40 - 2015-02-04 21:05 - 0000623 _____ () C:\Users\Friedrich\AppData\Roaming\All CPU MeterV3_Settings.ini
2013-03-04 20:09 - 2014-02-28 15:35 - 0000540 _____ () C:\Users\Friedrich\AppData\Roaming\AutoGK.ini
2013-05-22 21:43 - 2013-08-25 04:47 - 0000000 _____ () C:\Users\Friedrich\AppData\Roaming\bfe_cddrives
2015-02-04 01:26 - 2015-02-04 01:26 - 0001002 _____ () C:\Users\Friedrich\AppData\Roaming\Currency Meter_Settings.ini
2015-02-04 01:27 - 2015-02-04 01:28 - 0000841 _____ () C:\Users\Friedrich\AppData\Roaming\Drives Meter_Settings.ini
2015-02-03 19:19 - 2015-02-03 19:21 - 0000310 _____ () C:\Users\Friedrich\AppData\Roaming\Earthquakes Meter_Settings.ini
2014-04-20 21:35 - 2015-02-03 17:31 - 0000284 _____ () C:\Users\Friedrich\AppData\Roaming\GPU MeterV2_Settings.ini
2013-06-01 08:16 - 2013-09-22 08:28 - 0001870 _____ () C:\Users\Friedrich\AppData\Roaming\ImperatorProfile0.dat
2013-06-01 08:16 - 2013-09-22 08:28 - 0001872 _____ () C:\Users\Friedrich\AppData\Roaming\ImperatorProfile1.dat
2013-06-01 08:16 - 2013-09-22 08:28 - 0001876 _____ () C:\Users\Friedrich\AppData\Roaming\ImperatorProfile2.dat
2013-09-22 08:27 - 2013-09-22 08:28 - 0001832 _____ () C:\Users\Friedrich\AppData\Roaming\ImperatorProfile3.dat
2015-02-04 01:30 - 2015-02-04 01:30 - 0001209 _____ () C:\Users\Friedrich\AppData\Roaming\Network Meter_Settings.ini
2015-02-04 01:30 - 2015-02-04 01:30 - 0000008 _____ () C:\Users\Friedrich\AppData\Roaming\Network Meter_Usage.ini
2013-02-18 05:16 - 2014-07-16 01:03 - 0138904 _____ () C:\Users\Friedrich\AppData\Roaming\PnkBstrK.sys
2014-04-18 16:25 - 2014-07-02 10:13 - 14315520 _____ () C:\Users\Friedrich\AppData\Roaming\Sandra.mdb
2014-02-07 14:18 - 2015-03-22 18:23 - 0000600 _____ () C:\Users\Friedrich\AppData\Roaming\winscp.rnd
2013-11-15 04:48 - 2013-11-15 05:13 - 0001456 _____ () C:\Users\Friedrich\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2013-10-29 18:14 - 2013-10-29 18:14 - 0242095 _____ () C:\Users\Friedrich\AppData\Local\ars.cache
2013-10-29 18:14 - 2013-10-29 18:14 - 0377163 _____ () C:\Users\Friedrich\AppData\Local\census.cache
2015-03-11 01:10 - 2015-03-11 01:10 - 0003584 _____ () C:\Users\Friedrich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-03 00:02 - 2015-02-28 19:33 - 2712576 _____ () C:\Users\Friedrich\AppData\Local\file__0.localstorage
2013-10-29 17:44 - 2013-10-29 17:44 - 0000036 _____ () C:\Users\Friedrich\AppData\Local\housecall.guid.cache
2014-02-09 23:50 - 2014-06-27 05:58 - 0000600 _____ () C:\Users\Friedrich\AppData\Local\PUTTY.RND
2015-02-02 18:15 - 2015-02-02 18:15 - 0000733 _____ () C:\Users\Friedrich\AppData\Local\recently-used.xbel
2013-01-29 22:28 - 2015-03-11 15:19 - 0007655 _____ () C:\Users\Friedrich\AppData\Local\Resmon.ResmonCfg
2013-03-19 12:49 - 2013-03-19 12:52 - 0000041 ___SH () C:\ProgramData\.zreglib
Files to move or delete:
====================
C:\Users\Friedrich\Bsb.exe
C:\Users\Friedrich\cc_20140124_180349.reg
C:\Users\Friedrich\cc_20140315_160443.reg
C:\Users\Friedrich\cc_20140718_151624.reg
C:\Users\Friedrich\cc_20140905_190648.reg
C:\Users\Friedrich\cc_20141008_060204.reg
C:\Users\Friedrich\IP_Log_Data.js
C:\Users\Friedrich\regsicherung.reg
C:\Users\Friedrich\Sicherung reg von CCleaner 2.reg
Some content of TEMP:
====================
C:\Users\Friedrich\AppData\Local\Temp\Quarantine.exe
C:\Users\Friedrich\AppData\Local\Temp\sqlite3.dll
Some zero byte size files/folders:
==========================
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\VDLL.DLL
C:\Windows\System32\runouce.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-20 19:59
==================== End Of Log ============================
__________________ Where do you want to go today? |
|
25.03.2015, 09:29
| #9 |
| | re5 FRST Addition-LOG Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Friedrich at 2015-03-25 07:57:50
Running from C:\Users\Friedrich\Desktop\Sicherheitsprogramme
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: ZoneAlarm Extreme Security Anti-Spyware (Disabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Extreme Security Firewall (Disabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
«City Car Driving» Releases 1.3.2 (HKLM\...\{CC457F3D-5CDE-4CE8-9685-90A4EDE81374}_is1) (Version: 1.3.2 - Forward Development)
007 Legends 1.0.2 (HKLM\...\007 Legends 1.0.2) (Version: 1.0.2 - Activision Publishing)
3DMark (HKLM\...\{1f6ed41c-36d8-4cb3-82f4-cf7b25f60143}) (Version: 1.4.775.0 - Futuremark)
3DMark (Version: 1.4.775.0 - Futuremark) Hidden
3DMark 11 (HKLM\...\{f9e83b9c-ab7e-4005-8f32-4ea69703a5e4}) (Version: 1.0.132.0 - Futuremark)
3DMark 11 (Version: 1.0.132.0 - Futuremark) Hidden
3DMark03 (HKLM\...\{FF35F637-72B9-43BE-A281-06EB2854393A}) (Version: 3.6.0 - )
ACE COMBAT ASSAULT HORIZON Enhanced Edition (HKLM\...\ACE COMBAT ASSAULT HORIZON Enhanced Edition_is1) (Version: - )
Active@ DVD Eraser v 1.1 (HKLM\...\Active@ DVD Eraser v 1.1) (Version: - )
Activision(R) (Version: 1.00.0000 - Activision) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Adrenaline Sniper Elite V2 Benchmark Tool 1.0 (Build 1.0.0.1) (HKLM\...\Adrenaline Sniper Elite V2 Benchmark Tool_is1) (Version: - )
Aerosoft's - Kastellorizo X - FSX (HKLM\...\Kastellorizo X - FSX) (Version: 1.00 - )
Aerosoft's - Seychelles X - FSX (HKLM\...\Seychelles X - FSX) (Version: 1.00 - Aerosoft)
Aerosoft's - VFR Germany 2 (HKLM\...\{3BB7B4D3-C534-4700-AA1B-B01A8EA5F27C}) (Version: 1.00 - Aerosoft)
Aerosoft's - VFR Germany 3 (HKLM\...\{61C6337D-EDF5-43F0-9E50-541A389070BD}) (Version: 1.00 - Aerosoft)
Aerosoft's - VFR Germany 4 (HKLM\...\{F7016342-C196-44B1-AAC5-D7BA4708473E}) (Version: 1.00 - Aerosoft)
Afterfall InSanity (HKLM\...\{CE9CAAA6-0431-433B-9FB5-23EE01669AF2}) (Version: 1.00.0000 - Nicolas Games S.A.)
Age of Empires II - the Conquerors WideScreen Patcher (HKLM\...\{BA2F3EBC-FE07-4AB5-B906-14DF2C74C523}) (Version: 1.0.40 - Boekabart)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version: - )
Age of Empires III - The Asian Dynasties (HKLM\...\InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The Asian Dynasties (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III - The WarChiefs (HKLM\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The WarChiefs (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM\...\InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires Online (HKLM\...\Steam App 105430) (Version: - Microsoft)
Age of Mythology: Extended Edition (HKLM\...\QWdlb2ZNeXRob2xvZ3lFeHRlbmRlZEVkaXRpb24=_is1) (Version: 1 - )
AIDA64 Engineer v5.00 (HKLM\...\AIDA64 Engineer_is1) (Version: 5.00 - FinalWire Ltd.)
AIMP3 (HKLM\...\AIMP3) (Version: v3.60.1483, 27.02.2015 - AIMP DevTeam)
Airbus Series Vol.2 (FS X) (HKU\S-1-5-21-3642466463-2128021046-2334674927-1002\...\Airbus Series Vol.2 (FS X)) (Version: - )
Alan Wake (HKLM\...\Alan Wake_is1) (Version: - )
Aliens Colonial Marines Limited Edition DLC Pack Plus Steam Vorbesteller-Bonus 1.0 (HKLM\...\Aliens Colonial Marines Limited Edition DLC Pack Plus Steam Vorbesteller-Bonus 1.0) (Version: 1.0 - .x.X.RIDDICK.X.x.)
Aliens vs Predator Classic 2000 (HKLM\...\1207665883_is1) (Version: 2.0.0.21 - GOG.com)
Aliens vs Predator D3D11 Benchmark V1.03 (HKLM\...\{CC72E6E8-CFFF-43B4-A9BE-C227C088EE95}) (Version: 1.03.0000 - Rebellion)
Aliens: Colonial Marines (HKLM\...\Aliens: Colonial Marines_is1) (Version: - )
allSnap version 1.33.2 (HKLM\...\allSnap_is1) (Version: 1.33 - Ivan Heckman)
Alone In The Dark (HKLM\...\Alone In The Dark_is1) (Version: - Atari)
America's Army 3 (HKLM\...\Steam App 13140) (Version: - U.S. Army)
Amiga Forever (HKLM\...\{DCB8DF8D-6F0E-405B-B870-89709242F5C0}) (Version: 2012.2.0 - Cloanto)
Amnesia: The Dark Descent Demo (HKLM\...\Steam App 57310) (Version: - Frictional Games)
Anark Client 1.0 (HKLM\...\AnarkClient) (Version: - )
AniMake (HKLM\...\AniMake) (Version: - )
ANNO 1503 GOLD (HKLM\...\{DB833EF9-A198-49BE-970A-BD46F30BFBB4}) (Version: 1.05.00 - )
ANNO 1602 Königs-Edition (HKLM\...\{077A7810-A937-4465-AD08-ACED9807995F}) (Version: 1.00 - )
ANNO 2070 (HKLM\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Anomos 0.9.5 (HKLM\...\Anomos) (Version: 0.9.5 - Anomos Liberty Enhancements)
ArCADia-GRAF 1.5 DE (HKLM\...\{887C98A0-1E31-4C8C-8B72-DA10A860AF71}) (Version: 1.5.6.16 - ArCADiasoft Chudzik sp. j.)
ArCon Professional +2011 (HKLM\...\{7C3C04ED-B746-4273-A0C8-997A8823CB36}) (Version: 15.0.0.0 - Eleco)
ArCon Professional +2011 (Version: 15.0.0.0 - Eleco) Hidden
Arma 3 Complete (HKLM\...\QXJtYTM=_is1) (Version: 1 - )
Assassin's Creed (R) III (HKLM\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.01 - Ubisoft)
Assassin's Creed Brotherhood (HKLM\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.00 - Ubisoft)
Attack Surface Analyzer (HKLM\...\{2710505A-D198-4906-8767-F869909D9FA6}) (Version: 5.3.0.0 - Microsoft Corporation)
Audacity 2.0.6 (HKLM\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Auto Gordian Knot 2.55 (HKLM\...\AutoGK) (Version: 2.55 - len0x)
AviSynth 2.5 (HKLM\...\AviSynth) (Version: - )
AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Converter 7 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Baldur's Gate II (HKLM\...\Baldur's Gate II_is1) (Version: - GOG.com)
Bandicam (HKLM\...\Bandicam) (Version: 2.1.2.740 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM\...\BandiMPEG1) (Version: - Bandisoft.com)
Baphomets Fluch - Der schlafende Drache (HKLM\...\Baphomets Fluch - Der schlafende Drache) (Version: - )
Batman: Arkham City Digital Deluxe Edition (HKLM\...\{E8AC6BBD-9A99-404C-9638-F633312CD441}_is1) (Version: 1.0 - RAF)
Battle Realms Complete (HKLM\...\Battle Realms Complete_is1) (Version: - GOG.com)
Battlefield 3™ (HKLM\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield Heroes (HKLM\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version: - EA Digital illusions)
Bejeweled® 3 (HKLM\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
Beneath a Steel Sky (HKLM\...\GOGPACKBENEATH_is1) (Version: 2.0.0.9 - GOG.com)
Bewerbungs-Experte 2011 (HKLM\...\Bewerbungs-Experte_is1) (Version: 3.0.0.0 - haude electronica verlag)
Binary Domain (HKLM\...\Binary Domain_is1) (Version: - )
BioShock 2 (HKLM\...\{4A8B461A-9336-4CF9-98F4-14DD38E673F0}) (Version: 1.00.0000 - 2K Games)
BioShock Infinite (HKLM\...\BioShock Infinite_is1) (Version: - )
Blade Runner (HKLM\...\Blade Runner) (Version: 1.05 - Westwood Studios 1997)
Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation)
Brutal Legend version 1 (HKLM\...\QnJ1dGFsIExlZ2VuZA==_is1) (Version: 1 - )
Bulletstorm (HKLM\...\GFWL_{45410935-3E72-472B-8C35-AB1000008200}) (Version: 1.0.0000.130 - EA)
Bulletstorm (Version: 1.0.0000.130 - EA) Hidden
Burnout(TM) Paradise The Ultimate Box (HKLM\...\{9A996B6A-846E-4A89-B9C4-17546B7BE49F}) (Version: 1.0.0.0 - Electronic Arts)
C&C Der Tiberiumkonflikt (HKLM\...\C&C Der Tiberiumkonflikt_is1) (Version: - )
Cain & Abel 4.9.56 (HKLM\...\Cain & Abel 4.9.56) (Version: - )
calibre (HKLM\...\{0CF3C0FA-02EA-4E15-9495-1C441C0377B3}) (Version: 2.18.0 - Kovid Goyal)
Call of Duty Black Ops GERMAN Uncut 1.00 (HKLM\...\Call of Duty Black Ops GERMAN Uncut 1.00) (Version: - )
Call of Duty Modern Warfare 3 (c) Activision version 1 (HKLM\...\Call of Duty Modern Warfare 3 (c) Activision_is1) (Version: 1 - )
Call of Duty: Black Ops II v1.0 (HKLM\...\{26B8A445-02C6-4F87-AD2A-024BBFC99A06}_is1) (Version: 1.0 - RAF)
Cannon Fodder (HKLM\...\GOGPACKCANNONFODDER_is1) (Version: 2.0.0.3 - GOG.com)
Capitalism 2 (HKLM\...\GOGPACKCAPITALISM2_is1) (Version: 2.0.0.5 - GOG.com)
Castle of Illusion (HKLM\...\Q2FzdGxlb2ZJbGx1c2lvbg==_is1) (Version: 1 - )
Castlevania Lords of Shadow (HKLM\...\{F14EDCE5-B45D-4D77-A5B8-C7513E5C7BDA}) (Version: 6.0 - Black Box)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP)
CDex - Open Source Digital Audio CD Extractor (HKLM\...\CDex) (Version: 1.72.1.2014 - Georgy Berdyshev)
Chaos auf Deponia Demo (HKLM\...\Deponia 2 Demo) (Version: 1.0 - Daedalic Entertainment)
Cheat Engine 6.2 (HKLM\...\Cheat Engine 6.2_is1) (Version: - Dark Byte)
Cheatbook Database 2014 (HKLM\...\Cheatbook Database 2014) (Version: - )
ClamWin Free Antivirus 0.98.4.1 (HKLM\...\ClamWin Free Antivirus_is1) (Version: - alch)
ClassicPro© v2.01 (HKLM\...\ClassicPro) (Version: 2.01 - Skin Consortium)
ClearProg 1.6.1 Beta 8 (HKLM\...\ClearProg) (Version: 1.6.1 Beta 8 - Sven Hoffman)
CLICKBIOSII (HKLM\...\{EBCB111F-4907-4B28-BD03-F5BD901106D2}_is1) (Version: 1.0.123 - MSI)
Colin McRae Rally Remastered (HKLM\...\Colin McRae Rally Remastered_is1) (Version: - )
Command & Conquer 3 (HKLM\...\{B0C30E93-D3D9-4F04-A2AC-54749B573275}) (Version: 1.00.0000 - Ihr Firmenname)
Command & Conquer Alarmstufe Rot 2 (HKLM\...\Red Alert 2) (Version: - )
Command & Conquer Generals (HKLM\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command & Conquer Generals (Version: 0.50.0000 - Electronic Arts) Hidden
Command & Conquer Teil 3: Operation Tiberian Sun (HKLM\...\Tiberian Sun) (Version: - )
Command & Conquer™ 3: Kanes Rache (HKLM\...\{CC2422C9-F7B5-4175-B295-5EC2283AA674}) (Version: 1.00.0000 - Ihr Firmenname)
Command & Conquer™ 4 Tiberian Twilight (HKLM\...\{82696435-8572-4D8B-A230-D1AA567D0F0F}) (Version: 1.0.0.0 - Electronic Arts)
Command & Conquer™ Alarmstufe Rot 3 (HKLM\...\{296D8550-CB06-48E4-9A8B-E5034FB64715}) (Version: 1.0.1.0 - Electronic Arts)
Command & Conquer™ Alarmstufe Rot 3 Der Aufstand (HKLM\...\{DDE59617-F59A-473B-BC4E-C2B81F6CD38D}) (Version: 1.0.1.0 - Electronic Arts)
Command && Conquer Alarmstufe Rot 2 - Yuris Rache (HKLM\...\Yuri's Revenge) (Version: - )
Command and Conquer(TM) Generäle Die Stunde Null (HKLM\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
Command and Conquer(TM) Generäle Die Stunde Null (Version: 1.00.0000 - Electronic Arts) Hidden
Commando (HKLM\...\ComandoDeinstKey) (Version: - )
Commandos 2: Men of Courage (HKLM\...\{F7963BA0-EE1C-11D4-9FA5-00A0C9E6A342}) (Version: - )
Commandos 3 - Destination Berlin (HKLM\...\{C270BC04-1540-4673-960F-A546B2C860CD}) (Version: - )
ConvertAll (HKLM\...\ConvertAll) (Version: - )
Corel Graphics - Windows Shell Extension (HKLM\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Common (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Connect (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Custom Data (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - DE (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Draw (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - EN (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - ES (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (HKLM\...\_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}) (Version: - Corel Corporation)
CorelDRAW Essentials X5 - Extra Content (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Filters (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - FR (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IPM (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IT (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - PHOTO-PAINT (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Redist (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Setup Files (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - WT (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 (HKLM\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.2.0.686 - Corel Corporation)
CorelDRAW Essentials X5 (Version: 15.3 - Corel Corporation) Hidden
Counter-Strike Nexon: Zombies (HKLM\...\Steam App 273110) (Version: - Nexon)
Counter-Strike: Global Offensive - SDK (HKLM\...\Steam App 745) (Version: - )
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Crysis® 2 (HKLM\...\{6033673D-2530-4587-8AD0-EB059FC263F9}) (Version: 1.0.0.0 - Electronic Arts)
Crysis®3 (HKLM\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.1.0.0 - Electronic Arts)
CrystalDiskMark 3.0.3a (HKLM\...\CrystalDiskMark_is1) (Version: 3.0.3a - Crystal Dew World)
CyberLink PowerDVD 11 (HKLM\...\InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}) (Version: 11.0.1620.51 - CyberLink Corp.)
Dark Souls Prepare to Die Edition (HKLM\...\GFWL_{4E4D0FA1-F880-4CCB-999A-501000008200}) (Version: 1.0.0000.130 - NAMCO BANDAI Games Europe S.A.S.)
Dark Souls Prepare to Die Edition (Version: 1.0.0000.130 - NAMCO BANDAI Games Europe S.A.S.) Hidden
Darksiders 1.1(CREATED BY XEONKING©) (HKLM\...\Darksiders_is1) (Version: 1.1 - )
Das Haus am See - Kinder der Stille Sammleredition 1.0.0.0 (HKLM\...\Das Haus am See - Kinder der Stille Sammleredition 1.0.0.0) (Version: 1.0.0.0 - Shadow - Time to play)
Das Telefonbuch Deutschland (HKLM\...\DasTelefonbuch Deutschland) (Version: - TVG Telefonbuch- und Verzeichnisverlag GmbH & Co. KG)
Datennetzwerktechnik (HKLM\...\Datennetzwerktechnik) (Version: - )
Dead Island Riptide (c) Deep Silver version 1 (HKLM\...\RGVhZCBJc2xhbmQgUmlwdGlkZSAoYykgRGVlcCBTaWx2ZXI=_is1) (Version: 1 - )
Dead Space (HKLM\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
Dead Space™ 2 (HKLM\...\{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}) (Version: 1.0.941.0 - Electronic Arts)
Delta Force (HKLM\...\Delta Force) (Version: - )
Delta Force 2 (HKLM\...\Delta Force 2) (Version: - )
Descent and Descent 2 (HKLM\...\Descent and Descent 2_is1) (Version: - GOG.com)
DesignSpark Mechanical 2.0 (HKLM\...\{ADF11148-6555-FFFF-A320-274AF0C42282}) (Version: 10.0.0 - SpaceClaim Corporation)
Deus EX Human Revolution Version v1.1 (HKLM\...\{2DDC57D4-594D-4F30-8D81-27FDB2243644}_is1) (Version: v1.1 - ZKY)
D-Fend Reloaded 1.3.6 (deinstallieren) (HKLM\...\D-Fend Reloaded) (Version: 1.3.6 - Alexander Herzog)
Dia (nur entfernen) (HKLM\...\Dia) (Version: - )
Die Siedler II - Die nächste Generation (HKLM\...\S2TNG) (Version: - )
Die Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.9.22 - Electronic Arts)
D-Info mit Rückwärtssuche Frühjahr 2012 (HKLM\...\{36F8E574-A5D0-425C-AF52-FFA2D4616ED6}) (Version: 1.00.0000 - telegate MEDIA AG)
DirSync 2.96 (HKLM\...\DirSync) (Version: - Stephen Kalisch)
DiRT 3 (HKLM\...\GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}) (Version: 1.0.0000.130 - Codemasters)
DiRT 3 (Version: 1.0.0000.130 - Codemasters) Hidden
DLH98 v1.44 (HKLM\...\DLH98) (Version: - )
Doc Scrubber v1.1 (HKLM\...\Doc Scrubber_is1) (Version: 1.1 - Javacool Software LLC)
Dolphin x86 (HKLM\...\Dolphin x86) (Version: 4.0.2 - Dolphin Development Team)
Doom 3: BFG Edition (HKLM\...\{2EBA122F-BB93-4FCF-ACC3-59374E7CF3C9}_is1) (Version: 1.0 - RAF)
Dr_Brain_GJ_Vol2 (HKU\S-1-5-21-3642466463-2128021046-2334674927-1002\...\Dr_Brain_GJ_Vol2) (Version: - )
Dracula Origin (HKLM\...\Dracula Origin_is1) (Version: - )
Duke Nukem Forever DELUXE EDITION incl. dem DLC The Doctor Who Cloned Me 1.01 (HKLM\...\Duke Nukem Forever DELUXE EDITION incl. dem DLC The Doctor Who Cloned Me 1.01) (Version: - )
DVD Identifier (HKLM\...\DVD Identifier_is1) (Version: 5.2.0 - Kris Schoofs)
DVD-lab PRO 2.0 (HKLM\...\DVD-lab PRO 2.0 deutsch_is1) (Version: - )
Earthworm Jim 3D (HKLM\...\Earthworm Jim 3D_is1) (Version: - GOG.com)
EAX Unified (HKLM\...\EAX Unified) (Version: - )
Elektronik 2 V2.0 (HKLM\...\Elektronik 2 V2.0) (Version: - )
eLicenser Control (HKLM\...\eLicenser Control) (Version: - Steinberg Media Technologies GmbH)
EMET 5.1 (HKLM\...\{72E7AE20-5B12-4F27-AF5E-DA03E3C09466}) (Version: 5.1 - Microsoft Corporation)
Emsisoft HiJackFree 4.5 (HKLM\...\Emsisoft HiJackFree_is1) (Version: 4.5 - Emsisoft GmbH)
Enclave (HKLM\...\Steam App 253980) (Version: - Topware)
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
EVEREST Ultimate Edition v5.30 (HKLM\...\EVEREST Ultimate Edition_is1) (Version: 5.30 - Lavalys, Inc.)
Everything 1.3.4.686 (x86) (HKLM\...\Everything) (Version: - )
Far Cry 3 (HKLM\...\{3E7F5A51-7657-43D6-A9B3-C3A21473834B}_is1) (Version: 1.01 - RAF)
FEZ (HKLM\...\FEZ_is1) (Version: - Trapdoor)
FIFA 14 Version 1.0 u1 (HKLM\...\FIFA 14_is1) (Version: 1.0 u1 - EA Games)
FileZilla Client 3.10.2 (HKLM\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
Fischer Weltalmanach und Atlas 2012 (HKLM\...\InstallShield_{8B1B9DF1-DB57-4A69-8047-D64C0F46ADA7}) (Version: 1.00.0000 - USM)
Fischer Weltalmanach und Atlas 2012 (Version: 1.00.0000 - USM) Hidden
FixFoto 3.00 (HKLM\...\FixFoto_is1) (Version: - Joachim Koopmann Software)
Flash Drive Tester v1.14 (HKLM\...\{272C8DEE-F54F-406C-9AA6-B4DE2985A47C}) (Version: 1.14 - Virtual Console)
Fraps (remove only) (HKLM\...\Fraps) (Version: - )
FreeFileSync 6.13 (HKLM\...\FreeFileSync_is1) (Version: 6.13 - www.FreeFileSync.org)
FUEL (HKLM\...\{F51FF206-2273-4B3E-A90A-4752AE288C12}) (Version: 1.00.0000 - Codemasters)
Futuremark SystemInfo (HKLM\...\{A7E0E8D0-2E06-428A-8A8A-83BFF0B4DFE6}) (Version: 4.34.498.0 - Futuremark)
Gabelstapler 2014 1.0.2 (HKLM\...\{9B9000F2-DD0C-40AA-9ED6-6776B83894E1}_is1) (Version: - UIG Entertainment)
Gabriel Knight - Sins of the Fathers Demo (HKLM\...\Steam App 318170) (Version: - Phoenix Online Studios)
GALCOM Echo Squad SE Demo Docs (HKLM\...\GALCOM Echo Squad SE Demo Docs) (Version: - 3000AD, Inc.)
Game Compatibility Database (HKLM\...\{0e82bf4c-b906-4635-a97e-6a9740686b33}.sdb) (Version: - )
Gameforge Live 2.0.6 (HKLM\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.6 - Gameforge)
Gas Guzzlers Combat Carnage (HKLM\...\Gas Guzzlers Combat Carnage_is1) (Version: - )
gbrainy 2.06 (HKLM\...\gbrainy) (Version: 2.06 - )
GCFScape 1.8.4 (HKLM\...\GCFScape_is1) (Version: - Ryan Gregg)
Gears of War (HKLM\...\InstallShield_{1170D24F-42B7-40CF-AA1B-6395CE562354}) (Version: 1.00.0000 - Microsoft Game Studios)
Gears of War (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Geeks3D PhysX FluidMark v1.5.2 (HKLM\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version: - Geeks3D.com)
Geeks3D.com FurMark 1.10.1 (HKLM\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D.com)
Gehirnjogging - Generations (HKLM\...\CD_Gehirnjogging_Generations_DE) (Version: - )
Gehirnjogging 4 (HKLM\...\Gehirnjogging 4) (Version: 1.0 - SBT)
Gemeinsam genutzte Internet-Komponenten von Westwood (HKLM\...\WOLAPI) (Version: - )
GetRight (HKLM\...\GetRight_is1) (Version: - Headlight Software, Inc.)
Gods Will Be Watching (HKLM\...\1207664883_is1) (Version: 2.0.0.1 - GOG.com)
GoldWave v5.66 (HKLM\...\GoldWave v5.66) (Version: - )
Goodbye Deponia Demo (HKLM\...\Steam App 262880) (Version: - Daedalic Entertainment)
Google Earth Pro (HKLM\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
GPS-Track-Analyse.NET 6.0 (HKLM\...\GPS-Track-Analyse.NET 6.0_is1) (Version: - )
Grand Theft Auto IV (HKLM\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto IV (Version: 1.0.0011.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto IV (Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
GRID Autosport (HKLM\...\GRID Autosport_is1) (Version: GRID Autosport - )
GSAK 8.4.0.0 (HKLM\...\GSAK_is1) (Version: - CWE computer services)
GTA IV Vehicle Mod Installer v1.2 (HKLM\...\GTA IV Vehicle Mod Installer v1.2_is1) (Version: - MobileD2)
Gunpoint Demo (HKLM\...\Steam App 240570) (Version: - )
Half-Life Singleplayer Edition (HKLM\...\{D2FEF059-3942-4E50-B825-4E208DBC63F2}_is1) (Version: 1.1.2010 - Valve)
HashTab 5.2.0.14 (HKLM\...\HashTab) (Version: 5.2.0.14 - Implbits Software)
Haunted Past - Im Reich der Geister 1.00 (HKLM\...\Haunted Past - Im Reich der Geister 1.00) (Version: - )
HD Tune Pro 5.00 (HKLM\...\HD Tune Pro_is1) (Version: - EFD Software)
Heaven Benchmark version 4.0 (HKLM\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Heaven DX11 Benchmark version 3.0 (HKLM\...\Unigine Heaven DX11 Benchmark (Basic Edition)_is1) (Version: 3.0 - Unigine Corp.)
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
Hitman Absolution (HKLM\...\Hitman Absolution_is1) (Version: - )
Homebrew - Vehicle Sandbox Demo (HKLM\...\Steam App 327770) (Version: - Copybugpaste)
Homefront (HKLM\...\Homefront_is1) (Version: - )
HWiNFO32 Version 4.42 (HKLM\...\HWiNFO32_is1) (Version: 4.42 - Martin Malík - REALiX)
HyperSnap 6 (HKLM\...\HyperSnap 6) (Version: 6.70.02 - Hyperionics Technology LLC)
IconPackager (HKLM\...\IconPackager) (Version: 5.10.032 - Stardock Corporation)
IconPackager (Version: 5.10.032 - Stardock Corporation) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Incredipede (HKLM\...\GOGPACKINCREDIPEDE_is1) (Version: 2.0.0.4 - GOG.com)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
IsoBuster 3.5 (HKLM\...\IsoBuster_is1) (Version: 3.5 - Smart Projects)
IT-Sicherheit (HKLM\...\IT-Sicherheit) (Version: - )
Jagged Alliance (HKLM\...\Jagged Alliance_is1) (Version: - GOG.com)
Jagged Alliance 2 (HKLM\...\Jagged Alliance 2_is1) (Version: - GOG.com)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JonDo (HKLM\...\JonDoUninstall) (Version: - )
jStrip 3.3 (HKLM\...\jStrip_is1) (Version: 3.3 - David Crowell)
Kalenderchen 5 (HKLM\...\{11464943-4682-4F6B-A96D-D4E8C26DD111}_is1) (Version: - Daniel Manger)
KaloMa 4.92 (HKLM\...\KaloMa_is1) (Version: - Frank Böpple)
KeePass Password Safe 2.27 (HKLM\...\KeePassPasswordSafe2_is1) (Version: 2.27 - Dominik Reichl)
Kingdoms of Amalur: Reckoning (HKLM\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts)
K-Lite Codec Pack 11.0.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 11.0.0 - )
K-Meleon 74.0 (x86 en-US) (HKLM\...\K-Meleon 74.0 (x86 en-US)) (Version: 74.0 - kmeleonbrowser.org)
Knights and Merchants (HKLM\...\Steam App 253900) (Version: - Topware Interactive)
Kolor Autopano Giga 3.6 (HKLM\...\AutopanoGiga3.6) (Version: V3.6.3 - Kolor)
Lara Croft and the Guardian of Light (HKLM\...\Lara Croft and the Guardian of Light_is1) (Version: - )
LauschAngriff (HKLM\...\LauschAngriff) (Version: - )
LEGO - The Hobbit (HKLM\...\TEVHT1RoZUhvYmJpdA==_is1) (Version: 1 - )
LEGO Batman 3 - Beyond Gotham (HKLM\...\TEVHT0JhdG1hbjNCZXlvbmRHb3RoYW0=_is1) (Version: 1 - )
LEGO Digital Designer (HKLM\...\New LEGO Digital Designer) (Version: - LEGO A/S)
LEGO MARVEL Super Heroes (HKLM\...\LEGO MARVEL Super Heroes_is1) (Version: - Warner Bros. Games)
LEGO® Batman™ (HKLM\...\InstallShield_{398AB469-77FC-4935-820B-D419388C0A6A}) (Version: 1.00.0000 - Warner Bros. Interactive Entertainment)
LEGO® Batman™ (Version: 1.00.0000 - Warner Bros. Interactive Entertainment) Hidden
LEGO® Der Herr der Ringe™ (HKLM\...\{C6F20FA7-342A-47A9-A3C8-EB36CABE6419}) (Version: 1.0.0.0 - Warner Bros. Interactive Entertainment)
LEGO® Pirates of the Caribbean Das Videospiel (HKLM\...\{64958DA4-79D3-43FD-AF06-720DAD044F9E}) (Version: 1.0.0.0 - Disney Interactive Studios)
Leistungselektronik (HKLM\...\Leistungselektronik) (Version: - )
Life Goes On Demo (HKLM\...\Steam App 246380) (Version: - )
Lightworks (HKLM\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 12.0.2.0 - Lightworks)
Logitech Gaming Software 5.10 (HKLM\...\{60D32CDC-E3BE-4578-BA10-29322307CDDC}) (Version: 5.10.127 - Logitech)
LOST PLANET 2 (HKLM\...\{737369DC-08E8-4787-A78C-F86943247BDF}) (Version: 1.0.0.129 - CAPCOM CO., LTD.)
MadOnion.com/3DMark2000 (HKLM\...\MadOnion.com/3DMark2000) (Version: - )
MadOnion.com/3DMark2001 SE (HKLM\...\{91B323B5-A79C-4D23-BD6D-046C565F9BCF}) (Version: - )
Magic Games II (HKLM\...\{AB38070F-5479-4F76-8419-80A758B7B16B}) (Version: 1.0.0 - magicn)
Magic The Gathering - Duels of the Planeswalkers (HKLM\...\Magic The Gathering - Duels of the Planeswalkers_is1) (Version: - )
Magical Jelly Bean KeyFinder (HKLM\...\KeyFinder_is1) (Version: 2.0.9.8 - Magical Jelly Bean)
MahJong Suite 2011 v8.2 (HKLM\...\MahJong Suite_is1) (Version: - TreeCardGames)
Majesty 2: The Fantasy Kingdom Sim (HKLM\...\{CDCA3C32-FCE7-40E8-8CB5-7B0E87ADDFC9}_is1) (Version: 1.0.0.0 - Paradox Interactive)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mandelbulber (HKLM\...\35A39AB0-5E9F-4B70-98DA-4B8158C89C4B) (Version: 1.21-1 - )
Maniac Mansion Deluxe (HKLM\...\Maniac Mansion Deluxe) (Version: - )
Medal of Honor™ Warfighter Deutsch Patch 1.00 (HKLM\...\Medal of Honor™ Warfighter Deutsch Patch 1.00) (Version: - )
MediaCoder 0.8.30.5622 (HKLM\...\MediaCoder) (Version: 0.8.30.5622 - Mediatronic)
Memoria Demo (HKLM\...\Steam App 250940) (Version: - Daedalic Entertainment)
Metro Last Light Update 12 (v1.0.0.14) Plus limited First Edition DLCs Plus Chronicles Pack DLC v1.0.0.14 (HKLM\...\Metro Last Light Update 12 (v1.0.0.14) Plus limited First Edition DLCs Plus Chronicles Pack DLC v1.0.0.14) (Version: - )
Metro: Last Light (c) Deep Silver version 1 (HKLM\...\TWV0cm9MYXN0TGlnaHQ=_is1) (Version: 1 - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Age of Empires Gold (HKLM\...\Age of Empires Gold 1.0) (Version: - )
Microsoft Age of Empires II (HKLM\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft Baseline Security Analyzer 2.3 (HKLM\...\{C3013E88-B772-4446-A0AE-A7F37180B9F1}) (Version: 2.3.2208 - Microsoft Corporation)
Microsoft Flight Simulator X Service Pack 2 (HKLM\...\{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}) (Version: 10.0.61472.0 - Microsoft Game Studios)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Image Composite Editor (HKLM\...\{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft Keyboard Layout Creator 1.4 (HKLM\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft Corp.)
Microsoft LifeCam (HKLM\...\{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{485DE620-A598-4481-ACDC-61734504DB74}) (Version: 11.0.2318.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Performance Toolkit (HKLM\...\{E7F9E526-2324-437B-A609-E8C5309465CB}) (Version: 4.8.0 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.1) (HKLM\...\SDKSetup_7.1.7600.0.30514) (Version: 7.1.7600.0.30514 - Microsoft Corporation)
Microsoft WorldWide Telescope (HKLM\...\{7785F029-FBFF-4572-8E1C-596D8A28B548}) (Version: 5.1.09 - Microsoft Research)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Midori 0.5.9 (HKLM\...\Midori) (Version: 0.5.9 - Christian Dywan)
Mind Path to Thalamus (HKLM\...\Mind Path to Thalamus_is1) (Version: - )
Minecraft1.7.9 (HKLM\...\Minecraft1.7.9) (Version: - )
MiniTool Partition Wizard Free 9.0 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
mirkes.de Tiny Hexer (HKLM\...\{CC399A03-4695-432E-AE6E-BB450DDE5248}_is1) (Version: 1.8 - markus stephany)
Mirror's Edge™ (HKLM\...\{AEDBD563-24BB-4EE3-8366-A654DAC2D988}) (Version: 1.0.0.0 - Electronic Arts)
Monitor Calibration Wizard 1.0 (HKLM\...\Monitor Calibration Wizard) (Version: - )
Monkey Island™ Special Edition Collection (HKLM\...\MISEC) (Version: 1.0.0.0 - LucasArts)
MonochromiX 1.39 (HKLM\...\MonochromiX_is1) (Version: - Joachim Koopmann Software)
Monopoly (HKLM\...\{D7E7EC5E-4349-4E40-B37C-4342188B86EC}) (Version: - )
Moo0 System Monitor 1.76 (HKLM\...\Moo0 SystemMonitor) (Version: - )
Moorhuhn Remake (HKLM\...\{52210D57-0B1F-4681-90DD-8659DF4BCC40}) (Version: 1.00.0000 - )
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 36.0.4 (x86 de) (HKLM\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MPU (HKLM\...\{18F6D695-66FF-411C-9347-55D1140A7D7B}) (Version: 1.1.8 - Hergarten Media)
MSI Afterburner 4.0.0 (HKLM\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyFFVideoConverter (HKLM\...\MyFFVideoConverter) (Version: 1.0.0.0 - Pergel.hu)
NASA World Wind 1.4 (HKLM\...\NASA World Wind 1.4) (Version: - )
NASAEyes (HKLM\...\{3E9B108D-9985-4043-B0B0-29F29221C9A6}) (Version: 1.0.0.0 - JPL/NASA-Caltech)
Native Instruments Traktor DJ Studio 3 (HKLM\...\Native Instruments Traktor DJ Studio 3) (Version: - )
Need for Speed™ ProStreet (HKLM\...\{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}) (Version: 1.0.1.0 - Electronic Arts)
Need for Speed™ Rivals (HKLM\...\{E0A32336-AA27-4053-99B2-C3380B7B95AC}) (Version: 1.3.0.0 - Electronic Arts)
Need For Speed™ World (HKLM\...\{3AF1B16A-7DC9-4C80-BAEC-70B088A7C5B8}) (Version: 1.0.0.0 - Electronic Arts)
Nemeth Designs Bell UH-1 Huey for Microsoft Flight Simulator X (HKLM\...\Nemeth Designs Bell UH-1 Huey for Microsoft Flight Simulator X) (Version: - )
NetLimiter 3 (HKLM\...\{913923AB-3AAB-4870-8910-627C4CD82789}) (Version: 3.0.0.11 - Locktime Software s.r.o.)
NetSetMan 3.7.3 (HKLM\...\NetSetMan_is1) (Version: 3.7.3 - Ilja Herlein)
NetSpeedMonitor 2.5.4.0 x86 (HKLM\...\{86501894-E722-4385-A792-B7C2F28FAE7B}) (Version: 2.5.4.0 - Florian Gilles)
NetTools 5.0 (HKLM\...\NetTools_is1) (Version: 5.0 - Mohammad Ahmadi Bidakhvidi)
NexusFont 2.5 (ver 2.5.8.1582) (HKLM\...\{EFEDD205-43FE-4208-B682-0937E803E19E}_is1) (Version: - xiles)
NNScript (HKU\S-1-5-21-3642466463-2128021046-2334674927-1002\...\NoNameScript) (Version: 4.22 - ESNation)
Notepad++ (HKLM\...\Notepad++) (Version: 6.5.3 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA Alien vs. Triangles demo (HKLM\...\Alien vs. Triangles) (Version: 1.0 - NVIDIA Corporation)
NVIDIA FaceWorks: Real-time Performance Capture Demo (HKLM\...\FaceWorks) (Version: 1.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA Hair Demo (HKLM\...\{BF2D55FB-975E-4B59-9C10-439A975701FF}) (Version: 1.00 - )
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Screen Saver 1.2 (HKLM\...\NVIDIA Screen Saver_is1) (Version: - )
NVIDIA Supersonic Sled demo (HKLM\...\Supersonic Sled) (Version: - )
O&O Defrag Professional (HKLM\...\{24CD85A3-6562-4C24-8257-27826C7CF7FE}) (Version: 15.8.813 - O&O Software GmbH)
O&O SafeErase Professional (HKLM\...\{4649998A-0D48-45C2-AF5B-FBD5ECF536ED}) (Version: 5.1.636 - O&O Software GmbH)
O&O UnErase (HKLM\...\{37F6190F-8A86-4B19-86A3-5A59BEA62823}) (Version: 6.0.1899 - O&O Software GmbH)
OMSI - Der Omnibussimulator (HKLM\...\{9AE850A4-B89D-4875-A159-B1B64D717EFB}) (Version: 1.06 - aerosoft)
OpenAL (HKLM\...\OpenAL) (Version: - )
OpenVPN 2.3.4-I603 (HKLM\...\OpenVPN) (Version: 2.3.4-I603 - )
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Oracle VM VirtualBox 4.3.26 (HKLM\...\{26B8608D-6C29-4171-9751-67621C834AA3}) (Version: 4.3.26 - Oracle Corporation)
Orcs Must Die 2 - Language Addon (HKLM\...\Orcs Must Die 2_is1) (Version: - )
Orcs Must Die! Unchained (HKLM\...\{8EBA33AF-48E0-4207-A4EE-96029415AD76}_is1) (Version: - Gameforge 4D GmbH)
Origin (HKLM\...\Origin) (Version: 9.1.11.2678 - Electronic Arts, Inc.)
PA38 Tomahawk FSX/P3D (HKLM\...\PA38 Tomahawk FSX/P3D) (Version: 1.00.00.00 - ALABEO)
PAC-MAN Championship Edition DX+ Demo (HKLM\...\Steam App 247260) (Version: - Mine Loader Software Co., Ltd.)
Painkiller Hell and Damnation (HKLM\...\Painkiller Hell and Damnation_is1) (Version: - )
Paragon ExtFS for Windows (HKLM\...\ParagonExtFS) (Version: - )
Paragon Hard Disk Manager™ 14 Suite (HKLM\...\{29258311-EA49-11DE-967C-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Path of Exile (HKLM\...\Steam App 238960) (Version: - Grinding Gear Games)
Pazera Free Audio Extractor 1.4 (HKLM\...\{6899C238-3E4A-4A04-B251-A0C9EDC7EDBC}_is1) (Version: 1.4 - Pazera Jacek)
PC Tune-Up (Version: 2.2.0.1 - ZoneAlarm) Hidden
PCMark 7 (HKLM\...\{75C3C9C0-6CE6-42FA-A0E9-658E8F539124}) (Version: 1.4.0 - Futuremark)
PCSX2 - Playstation 2 Emulator (HKLM\...\pcsx2-r5875) (Version: - )
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.311.0 - Tracker Software Products Ltd)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PeerGuardian 2.0 (HKLM\...\PeerGuardian_is1) (Version: 2.0.6.4 - Methlabs Productions)
Pluto Client (HKLM\...\{F8584160-CC6E-11d5-954F-5254AB1A4DB7}) (Version: - )
Portal 2 Version 1.0 u23 (HKLM\...\Portal 2_is1) (Version: 1.0 u23 - Valve)
Portrait Professional Studio 9.8 (HKLM\...\PortraitProfessionalStudio9_is1) (Version: 9.8 - Anthropics Technology Ltd.)
Pro Evolution Soccer 2014 - World Challenge (HKLM\...\Pro Evolution Soccer 2014 - World Challenge_is1) (Version: - )
Pro Evolution Soccer 2015 Demo (HKLM\...\Steam App 321280) (Version: - KONAMI Digital Entertainment)
Prototype 2 (HKLM\...\Prototype 2_is1) (Version: - )
Prototype(TM) (HKLM\...\InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}) (Version: 1.0 - Activision)
Prototype(TM) (Version: 1.0 - Activision) Hidden
Puppet Show 5 - Ungewisses Schicksal Sammleredition (HKLM\...\Puppet Show 5 - Ungewisses Schicksal Sammleredition 1.0) (Version: 1.0 - Dok)
Quake (HKLM\...\Quake_is1) (Version: - )
Quake 4 1.4.2 (HKLM\...\Quake 4 1.4.2) (Version: - )
Quake III Arena (HKLM\...\Quake III Arena) (Version: - )
Quest for Infamy (HKLM\...\Quest for Infamy) (Version: - Infamous Quests)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rage Complete Edition MULTi-9 1.3 (HKLM\...\Rage Complete Edition MULTi-9 1.3) (Version: - )
Railworks 3 Train Simulator 2012 Deluxe (HKLM\...\Railworks 3 Train Simulator 2012 Deluxe_is1) (Version: - )
RamDisk Plus 11.6 (HKLM\...\{D96E4F17-2635-4CBD-9308-F99228929C41}) (Version: 11.6.795 - SuperSpeed LLC)
Rapture3D 2.4.8 Game (HKLM\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound)
Ravensburger Puzzle 2 (HKLM\...\Ravensburger Puzzle 2) (Version: 1.0 - Ravensburger Digital)
Rayman 2 - The Great Escape (HKLM\...\GOGPACKRAYMAN2_is1) (Version: 2.0.0.38 - GOG.com)
Rayman Forever (HKLM\...\GOGPACKRAYMANFOREVER_is1) (Version: 2.0.0.15 - GOG.com)
Rayman Legends Demo (HKLM\...\Steam App 243340) (Version: - )
Razer Imperator (HKLM\...\{C05905B9-775A-4894-A4DF-B57C15250958}) (Version: 2.02.00 - Razer USA Ltd.)
Razer Synapse (HKLM\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.24565 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7399 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM\...\{0DF70CB6-553A-4C57-8E6D-87635EECFB78}) (Version: 1.00.0145 - ALFA NETWORK Inc..)
REAPER (HKLM\...\REAPER) (Version: - )
Redneck Rampage Collection (HKLM\...\Redneck Rampage Collection_is1) (Version: - GOG.com)
Renegade X Black Dawn (HKLM\...\UDK-5848cd63-de6d-4847-9e8d-6abc3bcd6aef) (Version: - Epic Games, Inc.)
RESIDENT EVIL 5 (HKLM\...\{AC08BBA0-96B9-431A-A7D0-D8598E493775}) (Version: 1.0.0.129 - CAPCOM CO., LTD.)
Resident Evil 6 Benchmark (HKLM\...\{0343CD8E-625A-47FF-BC7E-92BCDF2E5929}) (Version: 1.00.0000 - CAPCOM CO., LTD.)
Resident Evil 6 version 1 (HKLM\...\UmVzaWRlbnQgRXZpbCA2_is1) (Version: 1 - )
Resident Evil Revelations (HKLM\...\Resident Evil Revelations_is1) (Version: - Capcom)
Resident Evil: Operation Raccoon City (HKLM\...\{43430FA1-12BB-4D88-862E-4F1000008400}) (Version: 1.0.0.0 - CAPCOM U.S.A., INC)
RetroShare (HKLM\...\RetroShare) (Version: - )
REX 4 - Texture Direct (HKLM\...\{CACCC25C-70B5-4FD1-AF01-10D11B87DED8}) (Version: 4.0.2013.1215 - REX Game Studios, LLC.)
rFactor Demo (HKLM\...\Steam App 353320) (Version: - Image Space Incorporated)
Rise of the Triad (HKLM\...\GOGPACKROTT2013_is1) (Version: 2.1.0.6 - GOG.com)
RivaTuner Statistics Server 6.2.0 (HKLM\...\RTSS) (Version: 6.2.0 - Unwinder)
RMPrepUSB (HKLM\...\RMPrepUSB) (Version: - )
RollerCoaster Tycoon 2 Triple Thrill Pack (German) (HKLM\...\GOGPACKRCT2_is1) (Version: 2.0.0.6 - GOG.com)
RollerCoaster Tycoon 3 (HKLM\...\RollerCoaster Tycoon 3_is1) (Version: - Atari)
RollerCoaster Tycoon Deluxe (German) (HKLM\...\GOGPACKRTC_is1) (Version: 2.1.0.18 - GOG.com)
S.T.A.L.K.E.R. - Call Of Pripyat [v1.6.01] (HKLM\...\{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1) (Version: 1.6.01 - bitComposer Games)
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0006] (HKLM\...\S.T.A.L.K.E.R. - Shadow of Chernobyl_is1) (Version: 1.0006 - THQ)
Saints Row The Third (HKLM\...\Saints Row The Third_is1) (Version: - )
Sang-Froid - Tales of Werewolves Demo (HKLM\...\Steam App 261240) (Version: - Artifice Studio)
SCANIA Truck Driving Simulator 1.0.0 (HKLM\...\SCANIA Truck Driving Simulator) (Version: 1.0.0 - SCS Software)
Schlag den Raab - Das 3. Spiel (HKLM\...\SDR3) (Version: 1.0 - Sproing Interactive GmbH)
Schlagwortsuche 1.14 (HKLM\...\Schlagwortsuche_is1) (Version: - Joachim Koopmann Software)
SDFormatter (HKLM\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SILENT HILL 4 (HKLM\...\{00BD992A-D4C7-447D-8AA1-60B5759EA30D}) (Version: 1.00.000 - )
SimCity 2000 Special Edition (HKLM\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
Singularity(TM) (HKLM\...\InstallShield_{3FAD68D9-1FA1-4871-9ADF-9151D969E943}) (Version: 1.00.0000 - Activision)
SiSoftware Sandra Lite 2014.SP2 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.28.2014.5 - SiSoftware)
SMAC 2.7 (HKLM\...\SMAC 2.7) (Version: - )
Sniper - Ghost Warrior (HKLM\...\Sniper - Ghost Warrior_is1) (Version: - )
Sniper Elite V2 (HKLM\...\Steam App 63380) (Version: - Rebellion)
Sniper: Ghost Warrior - Map Pack (HKLM\...\Sniper - Ghost Warrior - Map Pack/EN-English_is1) (Version: - City Interactive)
SniperEliteV2 Benchmark 1.05 (HKLM\...\{2BA01EC9-E9F3-453C-AF5B-51E87FD4A0F1}) (Version: 1.05.0000 - Rebellion)
Software Director (HKLM\...\Cloanto Software Director) (Version: 3.8.8.0 - Cloanto Corporation)
Sonic the Hedgehog 4 - Episode II (c) SEGA version 1 (HKLM\...\Sonic the Hedgehog 4 - Episode II (c) SEGA_is1) (Version: 1 - )
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
Spintires (HKLM\...\Spintires_is1) (Version: - )
Splinter Cell: Blacklist (HKLM\...\{28B718F4-73E8-4541-909C-0BA05F7402C2}_is1) (Version: 1.01 - Ubisoft)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spyware Terminator 2012 (HKLM\...\{56736259-613E-4A3B-B428-6235F2E76F44}_is1) (Version: 3.0.0.80 - Crawler.com)
SRWare Iron Version SRWare Iron 41.2200.0 (HKLM\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 41.2200.0 - SRWare)
Star Wars: The Old Republic (HKLM\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Starbound with Update 9.5 (HKLM\...\Starbound with Update 9.5) (Version: with Update 9.5 - by Unterbilker)
Starcraft (HKLM\...\Starcraft) (Version: - )
StarCraft™ II Wings of Liberty (HKLM\...\{7586F650-5D7F-471a-941E-FEF33E580524}_is1) (Version: 1.3.6 - QfG)
StarWind V2V Image Converter V5.6 (build 2011-05-10) (HKLM\...\StarWind Converter_is1) (Version: - StarWind Software)
StaudSoft's Synthetic World Demo (HKLM\...\Steam App 344920) (Version: - StaudSoft)
Stone Giant 1.0 (HKLM\...\{1FC46D21-F4A4-42DF-B9A4-27F8A702EBC5}_is1) (Version: - BitSquid & Fatshark)
Streamripper (Remove only) (HKLM\...\Streamripper) (Version: - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Syndicate (HKLM\...\Syndicate_is1) (Version: - )
System Shock2 Demo (HKLM\...\SShockDeinstallKey) (Version: - )
TAP-Windows 9.21.0 (HKLM\...\TAP-Windows) (Version: 9.21.0 - )
Technitium MAC Address Changer v6.0.5 (HKLM\...\TMACv6.0) (Version: 6.0.5 - Technitium)
Teenagent (HKLM\...\GOGPACKTEENAGENT_is1) (Version: 2.0.0.12 - GOG.com)
Telefonbuch für Deutschland (HKLM\...\Telefonbuch für Deutschland) (Version: - )
Test Drive Unlimited 2 (HKLM\...\Test Drive Unlimited 2_is1) (Version: - Atari)
Test Drive: Ferrari Racing Legends (HKLM\...\Test Drive: Ferrari Racing Legends_is1) (Version: - )
The Dude (HKLM\...\Dude) (Version: - )
The LEGO Movie - Videogame (HKLM\...\The LEGO Movie - Videogame_is1) (Version: - Warner Bros. Interactive Entertainment)
The Lost Watch II NV 3D Screensaver 1.0 (HKLM\...\The Lost Watch II NV 3D Screensaver_is1) (Version: 1.0 - 3Planesoft)
The Night of the Rabbit Demo (HKLM\...\Steam App 241890) (Version: - Daedalic Entertainment)
The Witcher 2 - Assassins of Kings Enhanced Edition (HKLM\...\The Witcher 2 - Assassins of Kings Enhanced Edition_is1) (Version: - GOG.com)
Theme Hospital (HKLM\...\Theme Hospital_is1) (Version: - GOG.com)
Tom Clancy's Rainbow Six Vegas 2 (HKLM\...\{FD416706-875C-4B0B-A23A-9E740DAE029E}) (Version: 1.00 - Ubisoft)
Tor (remove only) (HKLM\...\Tor) (Version: - )
Tormentum - Dark Sorrow Demo (HKLM\...\Steam App 347680) (Version: - OhNoo Studio)
Trend Micro RUBotted 2.0 Beta (HKLM\...\{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1) (Version: 2.0.0.1034 - Trend Micro, Inc.)
Trials Evolution Gold Edition (HKLM\...\InstallShield_{07D857B8-C956-401D-BC8F-EDA8459AF037}) (Version: 1.0.0.1 - Ubisoft)
Trials Evolution Gold Edition (Version: 1.0.0.1 - Ubisoft) Hidden
Tribler (HKLM\...\Tribler) (Version: 6.4.3 - The Tribler Team)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Ultra Defragmenter (HKLM\...\UltraDefrag) (Version: 6.0.4 - UltraDefrag Development Team)
Unigine Valley Benchmark version 1.0 (HKLM\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.)
Universal Adb Driver (HKLM\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Universal Extractor 1.6.1 (HKLM\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland)
Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Unreal Gold (HKLM\...\Unreal Gold_is1) (Version: - GOG.com)
Unreal Tournament – Game of the Year Edition (HKLM\...\Unreal Tournament – Game of the Year Edition_is1) (Version: - GOG.com)
Unreal Tournament 2003 (HKLM\...\UT2003) (Version: - )
Unreal Tournament 2004 (HKLM\...\Unreal Tournament 2004_is1) (Version: - GOG.com)
Unreal Tournament 3 Black Edition (HKLM\...\Unreal Tournament 3 Black Edition_is1) (Version: - )
Uplay (HKLM\...\Uplay) (Version: 4.9 - Ubisoft)
Uplink (HKLM\...\Uplink_is1) (Version: - GOG.com)
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
Virtual CD v10 (HKLM\...\{10C51313-A308-4B40-90E3-B368D5882660}) (Version: 10.10.14 - H+H Software GmbH)
Vistumbler (HKLM\...\Vistumbler) (Version: v10 - Vistumbler.net)
Visual Basic 5.0 (HKLM\...\ST5UNST #1) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
VMware Workstation (HKLM\...\VMware_Workstation) (Version: 10.0.3 - VMware, Inc)
VMware Workstation (Version: 10.0.3 - VMware, Inc.) Hidden
VobSub v2.23 (Remove Only) (HKLM\...\VobSub) (Version: - )
VPNTunnel 2.0.1.0 (HKLM\...\VPNTunnel) (Version: 2.0.1.0 - )
VTFEdit 1.3.3 (HKLM\...\VTFEdit_is1) (Version: - Neil Jedrzejewski & Ryan Gregg)
War Thunder Launcher 1.0.1.322 (HKLM\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - 2013 Gaijin Entertainment Corporation)
WaveLab 6 (HKLM\...\WaveLabPro) (Version: 6.1.1.353 - Steinberg)
WebcamMax (HKLM\...\WebcamMax) (Version: 7.8.8.8.MultiLanguage - COOLWAREMAX)
Western Railway NV 3D Screensaver 2.0 (HKLM\...\Western Railway NV 3D Screensaver_is1) (Version: 2.0 - 3Planesoft)
Westwood Chat (HKLM\...\Westwood Chat_is1) (Version: - )
WhoCrashed 5.03 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3642466463-2128021046-2334674927-1002\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
Wing Commander III (HKLM\...\{F96B9930-E22A-44D6-81B5-6C8E92C21B4B}) (Version: 2.0.0.2 - Electronic Arts)
Wings 3D 1.5.2 (HKLM\...\Wings 3D 1.5.2) (Version: - )
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinPlay3 (HKLM\...\WinPlay3) (Version: - )
WinRAR 5.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinSCP 5.5.1 (HKLM\...\winscp3_is1) (Version: 5.5.1 - Martin Prikryl)
Wireshark 1.12.3 (32-bit) (HKLM\...\Wireshark) (Version: 1.12.3 - The Wireshark developer community, hxxp://www.wireshark.org)
Wolfenstein 1.11(CREATED BY XEONKING©) (HKLM\...\Wolfenstein 1.11_is1) (Version: - )
World Racing (HKLM\...\InstallShield_{B151F020-1DEE-4716-944F-2759FC3C51DA}) (Version: 1.01.01 - SYNETIC)
World Racing (Version: 1.01.01 - SYNETIC) Hidden
Worms Reloaded (HKLM\...\Worms Reloaded_is1) (Version: - )
Wuala (HKU\S-1-5-21-3642466463-2128021046-2334674927-1002\...\Wuala) (Version: 1.0.444.0 - LaCie)
x86crt (HKLM\...\{50CBA9D7-4A12-44CA-8E75-9FD7374FBD12}) (Version: 1.0.0 - Microsoft)
XEOX Gamepad SL-6556-BK (HKLM\...\{5E7F3FD4-503B-4451-B2EB-AC8C82DBA32F}) (Version: 1.00.0000 - )
XviD MPEG4 Video Codec (remove only) (HKLM\...\XviD MPEG4 Video Codec) (Version: - )
yEd Graph Editor 3.13 (HKLM\...\3309-7404-0599-8908) (Version: 3.13 - yWorks GmbH)
You Don't Know Jack 4 1.00 (HKLM\...\You Don't Know Jack 4) (Version: 1.00 - Take 2 Interactive)
Your Freedom 20140128-01 (HKLM\...\Your_Deploy_0) (Version: - )
Ys Origin English Edition v1.1 - Uninstallation (HKLM\...\Ys Origin English Edition v1.1 - Uninstallation) (Version: - )
Zak McKracken - Between Time and Space (HKLM\...\Zak McKracken - Between Time and Space) (Version: - )
Zattoo Live TV (HKU\S-1-5-21-3642466463-2128021046-2334674927-1002\...\6d7aa3e3bf931c56) (Version: 1.0.0.47 - Zattoo Europa AG)
Zip Motion Block Video codec (Remove Only) (HKLM\...\ZMBV) (Version: - DOSBox Team)
ZoneAlarm Antivirus (Version: 13.2.015.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Extreme Security (HKLM\...\ZoneAlarm Extreme Security) (Version: 13.2.015.000 - Check Point)
ZoneAlarm Find My Laptop (Version: 13.2.015.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (Version: 13.2.015.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security (Version: 13.2.015.000 - Check Point Software Technologies Ltd.) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3642466463-2128021046-2334674927-1002_Classes\CLSID\{07474513-7B58-45c7-B3E6-13A3669B1AFD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642466463-2128021046-2334674927-1002_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642466463-2128021046-2334674927-1002_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Trials Evolution Gold Edition\datapack\orbit\npuplaypc.dll (Ubisoft)
CustomCLSID: HKU\S-1-5-21-3642466463-2128021046-2334674927-1002_Classes\CLSID\{2BFFE1F1-509C-5018-A65D-701A661E27A7}\InprocServer32 -> C:\Users\Friedrich\AppData\Roaming\JPLNASAVTAD\NASAEyes\1.0.0.0\npNASAEyes.dll (JPL/NASA-Caltech)
CustomCLSID: HKU\S-1-5-21-3642466463-2128021046-2334674927-1002_Classes\CLSID\{5b55a44a-d008-49aa-9234-86fb7709bc0a}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642466463-2128021046-2334674927-1002_Classes\CLSID\{97D17A04-4438-4C8E-BAC7-BC21B8B9E999}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
==================== Restore Points =========================
25-03-2015 07:49:55 ComboFix created restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-03-19 11:38 - 2015-03-25 05:16 - 00524831 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip4.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {77F35997-F6F3-4A1B-A6EF-DCB05DBF7FCB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {8DBE0222-73D8-4AC7-BCD5-659CD14297A0} - System32\Tasks\{BF9086B8-0A25-4AB1-8F13-BBB7BC85052F} => pcalua.exe -a C:\Users\Friedrich\Desktop\setup.exe -d C:\Users\Friedrich\Desktop
Task: {F0EBA85F-D539-4520-B198-A26C60FF4DED} - System32\Tasks\{2B4B59FD-A0E1-438D-8B62-9502AF180507} => pcalua.exe -a "E:\Programme\Outlook Express\setup50.exe" -d "E:\Programme\Outlook Express"
Task: {F3596DCE-98A3-45AC-B9EC-3B5823977BDB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Loaded Modules (whitelisted) ==============
2014-01-11 03:10 - 2015-02-05 19:27 - 00108864 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-08-25 12:15 - 2014-08-25 12:15 - 00022736 _____ () C:\Program Files\Paragon Software\Paragon ExtFS for Windows\Dokan\DokanLibrary\mounter.exe
2014-03-16 05:52 - 2008-08-18 16:08 - 00050688 _____ () C:\Program Files\Virtual CD v10\System\ogg.dll
2014-03-16 05:52 - 2008-08-18 16:11 - 01237504 _____ () C:\Program Files\Virtual CD v10\System\vorbis.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-06-12 17:22 - 2014-06-12 17:22 - 01261272 _____ () C:\Program Files\VMware\VMware Workstation\libxml2.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:06A7F9ED
AlternateDataStreams: C:\ProgramData\TEMP:8FCD8443
AlternateDataStreams: C:\ProgramData\TEMP:A5B56640
AlternateDataStreams: C:\ProgramData\TEMP:DA5888A7
AlternateDataStreams: C:\ProgramData\TEMP:FB6A21E3
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3642466463-2128021046-2334674927-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.44.44
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-3642466463-2128021046-2334674927-500 - Administrator - Disabled)
Gast (S-1-5-21-3642466463-2128021046-2334674927-501 - Limited - Disabled)
Friedrich (S-1-5-21-3642466463-2128021046-2334674927-1002 - Administrator - Enabled) => C:\Users\Friedrich
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (03/25/2015 07:57:21 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (03/25/2015 07:57:21 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (03/25/2015 07:57:21 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 39%
Total physical RAM: 3293.82 MB
Available physical RAM: 1977.87 MB
Total Pagefile: 3342.12 MB
Available Pagefile: 2122.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1890.57 MB
==================== Drives ================================
Drive c: (Lokaler Datenträger) (Fixed) (Total:2048 GB) (Free:89.55 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Medien Datenträger) (Fixed) (Total:1863.01 GB) (Free:332.27 GB) NTFS
Drive f: (Backup Datenträger RED 3TB) (Fixed) (Total:2048 GB) (Free:327.4 GB) NTFS
Drive h: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive i: (64bitGaming) (Fixed) (Total:1862.92 GB) (Free:1543.44 GB) NTFS
Drive x: (RamDisk) (Fixed) (Total:3.89 GB) (Free:3.8 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 379CF46E)
Partition 1: (Active) - (Size=2048 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 02962212)
Partition 1: (Not Active) - (Size=2048 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 0FD998DB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (Size: 1863 GB) (Disk ID: 03AA03A9)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)
========================================================
Disk: 4 (Size: 3.9 GB) (Disk ID: BCB028AD)
Partition 1: (Not Active) - (Size=3.9 GB) - (Type=07 NTFS)
==================== End Of Log ============================
beim systemstart ist mir aufgefallen dass als allererstes dedi97.sakuraserver.co und die host.bogiehosting.net seite aufgerufen wird. Habe ich natürlich auf die hosts-liste zum blocken gelegt. Im Anhang (Screenshot) habe ich den prozess, über den die verbindungen zum zeitpunkt aufgebaut wurden, einmal Dargestellt.
__________________ Where do you want to go today? |
|
25.03.2015, 18:39
| #10 |
| /// the machine /// TB-Ausbilder | svchost.exe greift auf clickhosterseiten zu (im hintergrund) Der Proxy in FF ist mit Absicht? Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Lade Dir bitte von hier  Emsisoft Emergency Kit herunter.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.03.2015, 15:15
| #11 |
| | svchost.exe greift auf clickhosterseiten zu (im hintergrund) Ja, Der Proxy ist Absicht!. FRST Fix-LOG Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Friedrich at 2015-03-26 00:23:08 Run:1
Running from C:\Users\Friedrich\Desktop
Loaded Profiles: Friedrich (Available profiles: Friedrich)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
Emptytemp:
*****************
rpcapd => Service deleted successfully.
EmptyTemp: => Removed 109.3 MB temporary data.
The system needed a reboot.
==== End of Fixlog 00:23:14 ====
Code:
ATTFilter Emisoft Emergency Kit 9.0-LOG
Code:
ATTFilter Emsisoft Emergency Kit - Version 9.0
Letztes Update: 26.03.2015 00:38:30
Benutzerkonto: DSLSERVICE\Friedrich
Scan-Einstellungen:
Scan Methode: Detail-Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, F:\, H:\, I:\, X:\
PUPs-Erkennung: An
Archiv-Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan-Beginn: 26.03.2015 00:52:35
C:\Users\Friedrich\AppData\Roaming\ActiveX\plugins\opencl\ gefunden: Trojan.Win32.Miner (A)
C:\Users\Friedrich\AppData\Roaming\ActiveX\plugins\phatk2\ gefunden: Trojan.Win32.Miner (A)
C:\Users\Friedrich\AppData\Roaming\ActiveX\ax.bat gefunden: Trojan.Win32.Miner (A)
C:\Users\Friedrich\AppData\Roaming\ActiveX\phoenix.cfg gefunden: Trojan.Win32.Miner (A)
Value: HKEY_USERS\S-1-5-21-3642466463-2128021046-2334674927-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR gefunden: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS gefunden: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-3642466463-2128021046-2334674927-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS gefunden: Setting.DisableRegistryTools (A)
C:\Program Files\CheckPoint\Install\CUninstallerZA.exe gefunden: Application.Win32.InstallTool (A)
C:\Users\Friedrich\Desktop\nirsoft_package_1.19.21 150freewareprogramm im launcher.zip -> NirSoft/lsasecretsview.exe gefunden: Application.Nirsoft.K (B)
C:\Users\Friedrich\Desktop\nirsoft_package_1.19.21 150freewareprogramm im launcher.zip -> NirSoft/mailpv.exe gefunden: Gen:Variant.Application.NirSoft.1 (B)
C:\Users\Friedrich\Desktop\nirsoft_package_1.19.21 150freewareprogramm im launcher.zip -> NirSoft/mspass.exe gefunden: Gen:Application.Heur.emKfkOTC9tdO (B)
C:\Users\Friedrich\Desktop\nirsoft_package_1.19.21 150freewareprogramm im launcher.zip -> NirSoft/netpass.exe gefunden: Gen:Application.Heur.dmLfkmmPaPpO (B)
C:\Users\Friedrich\Desktop\nirsoft_package_1.19.21 150freewareprogramm im launcher.zip -> NirSoft/operapassview.exe gefunden: Application.Nirsoft.K (B)
C:\Users\Friedrich\Desktop\nirsoft_package_1.19.21 150freewareprogramm im launcher.zip -> NirSoft/pstpassword.exe gefunden: Gen:Application.Heur.cmKfkavUy1fO (B)
C:\Users\Friedrich\Desktop\nirsoft_package_1.19.21 150freewareprogramm im launcher.zip -> NirSoft/rdpv.exe gefunden: Gen:Application.Heur.bmKfbW76vOjO (B)
C:\Users\Friedrich\Desktop\nirsoft_package_1.19.21 150freewareprogramm im launcher.zip -> NirSoft/routerpassview.exe gefunden: Gen:Application.Heur.emLfk4FizegO (B)
C:\Users\Friedrich\Desktop\nirsoft_package_1.19.21 150freewareprogramm im launcher.zip -> NirSoft/vncpassview.exe gefunden: Gen:Application.Heur.dq0@kyQo7tdO (B)
C:\Users\Friedrich\Desktop\nirsoft_package_1.19.21 150freewareprogramm im launcher.zip -> NirSoft/wirelesskeyview.exe gefunden: Application.Nirsoft.K (B)
C:\Users\Public\Documents\RootGenius\29 -> 29.dll gefunden: Gen:Variant.Graftor.171318 (B)
C:\Users\Public\Documents\RootGenius\30 -> 30.dll gefunden: Gen:Variant.Graftor.171318 (B)
C:\Users\Public\Documents\RootGenius\31 -> 31.dll gefunden: Gen:Variant.Graftor.171318 (B)
C:\Users\Public\Documents\RootGenius\32 -> 32.dll gefunden: Gen:Variant.Graftor.171318 (B)
C:\Users\Public\Documents\RootGenius\34 -> 34.dll gefunden: Gen:Variant.Graftor.171318 (B)
C:\Users\Public\Documents\RootGenius\35 -> 35.dll gefunden: Gen:Variant.Graftor.171318 (B)
C:\Users\Public\Documents\RootGenius\40 -> 40.dll gefunden: Gen:Variant.Graftor.171318 (B)
C:\Users\Public\Documents\RootGenius\44 -> 44.dll gefunden: Gen:Variant.Graftor.171318 (B)
C:\Users\Public\Documents\RootGenius\id-20\cdr -> META-INF/CERT.RSA gefunden: Android.Exploit.MasterKey.B (B)
C:\Users\Public\Documents\RootGenius\id-29\29.dll gefunden: Gen:Variant.Graftor.171318 (B)
C:\Users\Public\Documents\RootGenius\id-30\30.dll gefunden: Gen:Variant.Graftor.171318 (B)
C:\Users\Public\Documents\RootGenius\id-31\31.dll gefunden: Gen:Variant.Graftor.171318 (B)
C:\Users\Public\Documents\RootGenius\id-32\32.dll gefunden: Gen:Variant.Graftor.171318 (B)
C:\Users\Public\Documents\RootGenius\id-34\34.dll gefunden: Gen:Variant.Graftor.171318 (B)
C:\Users\Public\Documents\RootGenius\id-35\35.dll gefunden: Gen:Variant.Graftor.171318 (B)
C:\Users\Public\Documents\RootGenius\id-40\40.dll gefunden: Gen:Variant.Graftor.171318 (B)
C:\Users\Public\Documents\RootGenius\id-44\44.dll gefunden: Gen:Variant.Graftor.171318 (B)
I:\Program Files (x86)\CheckPoint\Install\CUninstaller.exe gefunden: Application.Win32.InstallTool (A)
I:\Program Files\CheckPoint\ZAForceField\CUninstaller.exe gefunden: Application.Win32.InstallTool (A)
Gescannt 1628000
Gefunden 37
Scan-Ende: 26.03.2015 06:37:43
Scan-Zeit: 5:45:08
C:\Users\Public\Documents\RootGenius\id-44\44.dll Quarantäne Gen:Variant.Graftor.171318 (B)
C:\Users\Public\Documents\RootGenius\id-40\40.dll Quarantäne Gen:Variant.Graftor.171318 (B)
C:\Users\Public\Documents\RootGenius\id-35\35.dll Quarantäne Gen:Variant.Graftor.171318 (B)
C:\Users\Public\Documents\RootGenius\id-34\34.dll Quarantäne Gen:Variant.Graftor.171318 (B)
C:\Users\Public\Documents\RootGenius\id-32\32.dll Quarantäne Gen:Variant.Graftor.171318 (B)
C:\Users\Public\Documents\RootGenius\id-31\31.dll Quarantäne Gen:Variant.Graftor.171318 (B)
C:\Users\Public\Documents\RootGenius\id-30\30.dll Quarantäne Gen:Variant.Graftor.171318 (B)
C:\Users\Public\Documents\RootGenius\id-29\29.dll Quarantäne Gen:Variant.Graftor.171318 (B)
C:\Users\Public\Documents\RootGenius\id-20\cdr Quarantäne Android.Exploit.MasterKey.B (B)
C:\Users\Public\Documents\RootGenius\44 Quarantäne Gen:Variant.Graftor.171318 (B)
C:\Users\Public\Documents\RootGenius\40 Quarantäne Gen:Variant.Graftor.171318 (B)
C:\Users\Public\Documents\RootGenius\35 Quarantäne Gen:Variant.Graftor.171318 (B)
C:\Users\Public\Documents\RootGenius\34 Quarantäne Gen:Variant.Graftor.171318 (B)
C:\Users\Public\Documents\RootGenius\32 Quarantäne Gen:Variant.Graftor.171318 (B)
C:\Users\Public\Documents\RootGenius\31 Quarantäne Gen:Variant.Graftor.171318 (B)
C:\Users\Public\Documents\RootGenius\30 Quarantäne Gen:Variant.Graftor.171318 (B)
C:\Users\Public\Documents\RootGenius\29 Quarantäne Gen:Variant.Graftor.171318 (B)
Value: HKEY_USERS\S-1-5-21-3642466463-2128021046-2334674927-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantäne Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantäne Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-3642466463-2128021046-2334674927-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantäne Setting.DisableTaskMgr (A)
C:\Users\Friedrich\AppData\Roaming\ActiveX\phoenix.cfg Quarantäne Trojan.Win32.Miner (A)
C:\Users\Friedrich\AppData\Roaming\ActiveX\ax.bat Quarantäne Trojan.Win32.Miner (A)
C:\Users\Friedrich\AppData\Roaming\ActiveX\plugins\phatk2\ Quarantäne Trojan.Win32.Miner (A)
C:\Users\Friedrich\AppData\Roaming\ActiveX\plugins\opencl\ Quarantäne Trojan.Win32.Miner (A)
Quarantäne 24
Ich hatte es gehofft, aber leider war dieses Trojan.Win32.Miner aktiveX nicht für die svchost zugriffe zuständig :-(. Sie treten weiterhin auf. mfg PS: Ebenfalls wurde ich gestern abend von der Telekom-Abuse darüber informiert, das über meinen Anschluss spammails verschickt worden sind, dürfte wohl damit zusammenhängen. Im Moment zeigt wireshark aber kein verhalten an.
__________________ Where do you want to go today? Geändert von Friedrich_ (26.03.2015 um 15:29 Uhr) Grund: PS: |
|
26.03.2015, 19:35
| #12 |
| /// the machine /// TB-Ausbilder | svchost.exe greift auf clickhosterseiten zu (im hintergrund) Alle Passwörter von einem andern Rechner aus ändern. Dann schauen wir mal von aussen: Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.03.2015, 22:51
| #13 |
| | re6 Hallo, den Wechseldatenträger habe ich mittels "wmic logicaldisk get deviceid, volumename, description" als DOS befehl ausfindig gemacht. Die Option Computer reparieren erschien nur beim booten über die CD. (nicht über F8) FRST Bootscan-LOG FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by SYSTEM on MININT-G1E912R on 26-03-2015 22:35:41
Running from I:\
Platform: Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [VC10Player] => C:\Program Files\Virtual CD v10\System\VC10Play.exe [411976 2011-10-19] (H+H Software GmbH)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM\...\Run: [ISW] => C:\Program Files\CheckPoint\AKL\AkSA.exe [638584 2014-05-14] (Check Point Software Technologies LTD)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM\...\Run: [Razer Synapse] => C:\Program Files\Razer\Synapse\RzSynapse.exe [590144 2015-02-28] (Razer Inc.)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [153672 2010-06-14] (Logitech Inc.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\Friedrich\...\Run: [DMS-Kalenderchen] => C:\Program Files\Kalenderchen\Kalenderchen.exe [3498496 2010-05-18] (Daniel Manger Software)
HKU\Friedrich\...\Policies\system: [LogonHoursAction] 2
HKU\Friedrich\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\allSnap.lnk
ShortcutTarget: allSnap.lnk -> C:\Program Files\allSnap\allSnap.exe (Ivan Heckman)
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
BootExecute: autocheck autochk * OODBS
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 CLHNServiceForPowerDVD; C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [83240 2011-04-20] ()
S4 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [70952 2011-03-31] (CyberLink)
S4 CyberLink PowerDVD 11.0 Service; C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [312616 2011-03-31] (CyberLink)
S2 DokanMounter; C:\Program Files\Paragon Software\Paragon ExtFS for Windows\Dokan\DokanLibrary\mounter.exe [22736 2014-08-25] ()
S4 EMET_Service; C:\Program Files\EMET 5.1\EMET_Service.exe [31880 2014-11-09] (Microsoft Corporation)
S3 Futuremark SystemInfo Service; C:\Program Files\Futuremark\SystemInfo\FMSISvc.exe [614624 2015-02-09] (Futuremark)
S3 ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation)
S3 IswSvc; C:\Program Files\CheckPoint\AKL\AkSVC.exe [749176 2014-05-14] (Check Point Software Technologies LTD)
S4 mfevtp; C:\Windows\system32\mfevtps.exe [238288 2015-03-23] (McAfee, Inc.)
S2 nlndis; C:\Program Files\NetLimiter Ndis Miniport Service\nlndis.exe [32768 2011-10-05] (Locktime Software)
S3 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1126400 2013-02-20] (Locktime Software)
S2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [2505160 2013-01-07] (O&O Software GmbH)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [32568 2014-08-07] (The OpenVPN Project)
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [1910640 2015-03-04] (Electronic Arts)
S4 Razer Game Scanner Service; C:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
S3 Realtek87B; C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek)
S3 RUBotSrv; C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.)
S4 ST2012_Svc; C:\Program Files\Spyware Terminator\st_rsser.exe [1998672 2015-02-05] (Crawler Group)
S2 VC10SecS; C:\Program Files\Virtual CD v10\System\VC10SecS.exe [144712 2011-10-19] (H+H Software GmbH)
S2 VMAuthdService; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [86744 2014-06-12] (VMware, Inc.)
S2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [359128 2014-06-12] (VMware, Inc.)
S2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [722624 2014-02-27] (VMware, Inc.)
S2 VMware NAT Service; C:\Windows\system32\vmnat.exe [437976 2014-06-12] (VMware, Inc.)
S2 VMwareHostd; C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe [14407384 2014-06-12] ()
S3 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-05-30] (Check Point Software Technologies Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S4 WZCOOK; C:\Users\Friedrich\Desktop\Exploit Sets\aircrack 2.1\win32\wzcook.exe [40960 2004-10-01] ()
S2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [90936 2014-05-29] (Check Point Software Technologies, Ltd.)
S2 ZoneAlarm AntiTheft; C:\Program Files\CheckPoint\AntiTheft\Antitheft.exe [3128968 2014-05-30] (Check Point Software Technologies Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2015-03-25] (Emsisoft GmbH)
S3 CrystalSysInfo; C:\Program Files\MediaCoder\SysInfo.sys [15152 2007-09-25] ()
S2 Dokan; C:\Windows\system32\drivers\dokan.sys [105680 2014-08-25] (Windows (R) Win 7 DDK provider)
S3 ENTECH; C:\Windows\system32\DRIVERS\ENTECH.sys [21664 2004-10-25] (EnTech Taiwan)
S3 es1371; C:\Windows\System32\drivers\es1371mp.sys [40832 2002-06-03] (Creative Technology Ltd.)
S0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S3 GKBFltr; C:\Windows\System32\Drivers\GameKB.sys [19328 2009-12-29] ()
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S2 hcmon; C:\Windows\system32\drivers\hcmon.sys [43840 2014-02-27] (VMware, Inc.)
S3 HH10Help.sys; C:\Windows\system32\drivers\HH10Help.sys [13952 2010-03-10] (H+H Software GmbH)
S0 iaStorA; C:\Windows\System32\drivers\iaStorA.sys [532536 2012-09-01] (Intel Corporation)
S0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [25656 2012-09-01] (Intel Corporation)
S3 icsak; C:\Program Files\CheckPoint\AKL\ak\icsak.sys [39296 2014-05-14] (Check Point Software Technologies LTD)
S2 ISWKL; C:\Program Files\CheckPoint\AKL\ISWKL.sys [42880 2014-05-14] (Check Point Software Technologies LTD)
S0 iusb3hcs; C:\Windows\System32\drivers\iusb3hcs.sys [16880 2013-02-22] (Intel Corporation)
S3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [352752 2013-02-22] (Intel Corporation)
S3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [796656 2013-02-22] (Intel Corporation)
S0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-04-30] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [488032 2014-04-30] (Kaspersky Lab ZAO)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2014-04-30] (Kaspersky Lab ZAO)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [43608 2014-04-30] (Kaspersky Lab)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144352 2014-04-30] (Kaspersky Lab ZAO)
S3 MBfilt; C:\Windows\System32\drivers\MBfilt32.sys [24664 2009-11-18] (Creative Technology Ltd.)
S3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-02] (Intel Corporation)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [648552 2015-03-23] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [91840 2015-03-23] (McAfee, Inc.)
S3 NLNdisMP; C:\Windows\System32\DRIVERS\nlndis.sys [5230088 2011-03-21] (Locktime Software)
S3 NLNdisPT; C:\Windows\System32\DRIVERS\nlndis.sys [5230088 2011-03-21] (Locktime Software)
S1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [5281672 2011-03-21] (Locktime Software)
S2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S2 ntk_PowerDVD; C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys [71664 2011-04-20] (Cyberlink Corp.)
S2 ParagonLDM; C:\Windows\system32\drivers\biont_bs.sys [24512 2014-04-11] (Paragon Software GmbH)
S3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13440 2011-11-24] (June Fabrics Technology Inc.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
S3 RTCore32; C:\Program Files\MSI Afterburner\RTCore32.sys [5632 2013-03-11] ()
S3 RTL8187; C:\Windows\System32\DRIVERS\rtl8187.sys [375808 2010-01-07] (Realtek Semiconductor Corporation )
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [35624 2014-12-17] (Razer Inc)
S2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [20416 2015-02-05] (Razer, Inc.)
S2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [97088 2014-11-17] (Razer, Inc.)
S3 rzudd; C:\Windows\System32\DRIVERS\rzudd.sys [151336 2014-12-30] (Razer Inc)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware)
S0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [436792 2013-01-30] (Duplex Secure Ltd.)
S1 sp_rsdrv2; C:\Windows\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] ()
S0 SscRdBus; C:\Windows\System32\DRIVERS\SscRdBus.sys [88296 2014-11-22] (SuperSpeed LLC)
S0 SscRdCls; C:\Windows\System32\DRIVERS\SscRdCls.sys [40984 2007-12-19] (SuperSpeed LLC)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2014-04-08] (The OpenVPN Project)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [5120 2012-12-19] ()
S1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [91016 2013-12-26] ()
S1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [20616 2013-12-26] ()
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [540168 2013-12-26] ()
S1 Uim_Vim; C:\Windows\System32\Drivers\Uim_Vim.sys [283600 2012-11-22] (Paragon)
S1 vdrv1000; C:\Windows\System32\DRIVERS\vdrv1000.sys [186392 2011-04-19] (H+H Software GmbH)
S3 vmkbd2; C:\Windows\system32\drivers\VMkbd.sys [26456 2014-06-12] (VMware, Inc.)
S3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [17104 2014-06-12] (VMware, Inc.)
S2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [37456 2014-06-12] (VMware, Inc.)
S2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [26968 2014-06-12] (VMware, Inc.)
S2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [66136 2014-06-12] (VMware, Inc.)
S3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
S1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
S3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
S1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [456088 2014-05-30] (Check Point Software Technologies Ltd.)
S0 vsock; C:\Windows\System32\drivers\vsock.sys [63824 2013-10-08] (VMware, Inc.)
S2 vstor2-mntapi20-shared; C:\Windows\System32\drivers\vstor2-mntapi20-shared.sys [23632 2013-02-22] (VMware, Inc.)
S2 WCMVCAM; C:\Windows\System32\DRIVERS\wcmvcam.sys [1068216 2012-04-15] (Windows (R) Win 7 DDK provider)
S3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
S3 WmHidLo; C:\Windows\System32\drivers\WmHidLo.sys [31816 2010-04-27] (Logitech Inc.)
S3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
S3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [77296 2011-04-12] (CyberLink Corp.)
S3 catchme; \??\C:\Users\HAKENN~1\AppData\Local\Temp\catchme.sys [X]
S5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2014-04-30] (Kaspersky Lab ZAO)
S4 NvStUSB; \SystemRoot\system32\drivers\nvstusb.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad32v.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-26 15:52 - 2015-03-26 15:52 - 00008538 _____ () C:\Users\Friedrich\Desktop\RKreport_SCN_03262015_154713.log
2015-03-26 15:31 - 2015-03-26 15:43 - 00035064 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2015-03-26 15:31 - 2015-03-26 15:41 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-26 00:33 - 2015-03-26 14:57 - 00000000 ____D () C:\EEK
2015-03-25 22:21 - 2015-03-25 22:22 - 18058361 _____ () C:\Users\Friedrich\Desktop\Roguekiller_10.5.7.zip
2015-03-25 22:20 - 2015-03-25 22:21 - 21096344 _____ (SUPERAntiSpyware) C:\Users\Friedrich\Desktop\SUPERAntiSpyware.exe
2015-03-25 22:17 - 2015-03-25 22:22 - 163616472 _____ () C:\Users\Friedrich\Desktop\EmsisoftEmergencyKit.exe
2015-03-25 08:46 - 2015-03-25 08:55 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Find-it
2015-03-25 08:45 - 2015-03-25 08:45 - 00296960 _____ (Microsoft Corporation) C:\Windows\winhlp32.TAK
2015-03-23 09:32 - 2015-03-23 09:33 - 00000000 ____D () C:\Program Files\MiniTool Partition Wizard Free 9.0
2015-03-23 08:20 - 2015-03-23 08:20 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-03-23 06:22 - 2015-03-23 06:22 - 00648552 _____ (McAfee, Inc.) C:\Windows\System32\Drivers\mfehidk.sys
2015-03-23 06:22 - 2015-03-23 06:22 - 00238288 _____ (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
2015-03-23 06:22 - 2015-03-23 06:22 - 00091840 _____ (McAfee, Inc.) C:\Windows\System32\Drivers\mferkdet.sys
2015-03-23 03:20 - 2015-03-25 07:46 - 00000000 ____D () C:\Windows\erdnt
2015-03-23 03:07 - 2015-03-26 22:35 - 00000000 ____D () C:\FRST
2015-03-23 02:18 - 2015-03-23 09:37 - 00172576 _____ () C:\Users\Friedrich\Documents\pinfect.zip
2015-03-23 00:40 - 2015-03-23 00:40 - 00000000 ____D () C:\Windows\VDLL.DLL
2015-03-23 00:40 - 2015-03-23 00:40 - 00000000 ____D () C:\Windows\System32\runouce.exe
2015-03-23 00:40 - 2015-03-23 00:40 - 00000000 ____D () C:\Windows\RUNDL132.EXE
2015-03-23 00:40 - 2015-03-23 00:40 - 00000000 ____D () C:\Windows\logo_1.exe
2015-03-23 00:29 - 2015-03-23 09:36 - 00000054 _____ () C:\Windows\Lic.xxx
2015-03-23 00:29 - 2015-03-23 00:29 - 00034048 _____ (MicroWorld Technologies Inc.) C:\Windows\System32\eEmpty.exe
2015-03-23 00:29 - 2015-03-23 00:29 - 00000000 ____D () C:\ProgramData\MicroWorld
2015-03-23 00:29 - 2015-03-23 00:29 - 00000000 ____D () C:\Program Files\Common Files\MicroWorld
2015-03-23 00:29 - 2005-09-22 23:22 - 00000522 _____ () C:\Windows\System32\Microsoft.VC80.CRT.manifest
2015-03-23 00:22 - 2015-03-26 14:54 - 00000000 ____D () C:\Users\Friedrich\Desktop\Sammlung fürs Board
2015-03-22 20:37 - 2015-03-22 20:37 - 00000000 ____D () C:\ProgramData\Trend Micro
2015-03-22 19:00 - 2015-03-22 19:00 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-03-22 18:29 - 2015-03-22 18:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-20 23:13 - 2015-03-20 23:13 - 00000000 ____D () C:\Program Files\Trend Micro
2015-03-20 22:57 - 2015-03-20 22:57 - 00000000 ____D () C:\Program Files\Emsisoft HiJackFree
2015-03-20 19:07 - 2015-03-20 19:11 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-03-19 01:28 - 2015-03-19 02:52 - 00000000 ____D () C:\Users\Friedrich\Desktop\ThinkpadpunkteVideo
2015-03-19 00:53 - 2015-03-22 19:01 - 00429152 _____ () C:\Users\Friedrich\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-19 00:52 - 2015-03-22 19:12 - 04703120 _____ () C:\Windows\System32\FNTCACHE.DAT
2015-03-18 21:39 - 2010-04-07 02:29 - 00081920 _____ () C:\Windows\System32\GkSui20.EXE
2015-03-18 21:26 - 2015-03-16 18:44 - 00749664 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxDrv.sys
2015-03-18 21:25 - 2015-03-18 21:25 - 00000000 ____D () C:\Program Files\Oracle
2015-03-18 21:25 - 2015-03-16 18:42 - 00104384 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxUSBMon.sys
2015-03-18 21:17 - 2015-03-18 21:17 - 00000000 ____D () C:\Windows\System32\RTCOM
2015-03-18 21:16 - 2014-12-03 13:51 - 00927960 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCoInstII.dll
2015-03-18 21:16 - 2014-12-03 11:41 - 03365208 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHDA.sys
2015-03-18 21:16 - 2014-12-03 10:15 - 01485163 _____ () C:\Windows\System32\Drivers\RTAIODAT.DAT
2015-03-18 21:16 - 2014-12-02 11:42 - 02381680 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApoApi.dll
2015-03-18 21:16 - 2014-11-27 08:31 - 02510192 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RltkAPO.dll
2015-03-18 21:16 - 2014-08-06 06:43 - 02588888 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtkPgExt.dll
2015-03-18 21:16 - 2014-04-10 05:19 - 01940056 _____ (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioEQ.dll
2015-03-18 21:16 - 2014-03-06 09:35 - 01892056 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RTSndMgr.cpl
2015-03-18 21:16 - 2014-02-18 10:04 - 02421792 _____ (Fortemedia Corporation) C:\Windows\System32\FMAPO.dll
2015-03-18 21:16 - 2014-01-08 08:25 - 00332568 _____ (Creative Technology Ltd.) C:\Windows\System32\MBWrp32.dll
2015-03-18 21:16 - 2013-01-11 09:27 - 00563992 _____ (Creative Technology Ltd.) C:\Windows\System32\MBTHX32.dll
2015-03-18 21:16 - 2011-11-22 09:28 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCoLDR.dll
2015-03-18 21:16 - 2010-11-08 00:31 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEP32A.dll
2015-03-18 21:16 - 2010-11-08 00:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DHT32.dll
2015-03-18 21:16 - 2010-11-08 00:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DAA32.dll
2015-03-18 21:16 - 2010-11-08 00:31 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RTEED32A.dll
2015-03-18 21:16 - 2010-11-08 00:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEL32A.dll
2015-03-18 21:16 - 2010-11-08 00:31 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEG32A.dll
2015-03-18 21:16 - 2010-09-27 02:34 - 00232792 _____ (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO20.dll
2015-03-18 21:16 - 2009-12-04 08:43 - 00132368 _____ (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO.dll
2015-03-18 21:16 - 2009-11-24 02:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\System32\SRSTSXT.dll
2015-03-18 21:16 - 2009-11-24 02:55 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\System32\SRSTSHD.dll
2015-03-18 21:16 - 2009-11-24 02:55 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\System32\SRSHP360.dll
2015-03-18 21:16 - 2009-11-24 02:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\System32\SRSWOW.dll
2015-03-18 21:16 - 2009-11-18 11:42 - 01783056 _____ (Waves Audio Ltd.) C:\Windows\System32\WavesLib.dll
2015-03-18 21:16 - 2009-11-18 00:12 - 00024664 _____ (Creative Technology Ltd.) C:\Windows\System32\Drivers\MBfilt32.sys
2015-03-18 21:15 - 2014-06-06 17:00 - 00519368 _____ (Andrea Electronics Corporation) C:\Windows\System32\AERTACap.dll
2015-03-18 21:15 - 2013-10-11 05:47 - 00092584 _____ (Real Sound Lab SIA) C:\Windows\System32\CONEQMSAPOGUILibrary.dll
2015-03-18 21:15 - 2012-03-08 04:47 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\System32\AERTARen.dll
2015-03-18 20:49 - 2015-01-25 11:20 - 00000000 ____D () C:\Users\Friedrich\Desktop\Baphomets Fluch 1-5 Deutsch
2015-03-17 14:44 - 2015-03-18 17:10 - 329252864 _____ () C:\Users\Friedrich\Desktop\openSUSE-13.2-DVD-i586.iso
2015-03-17 14:37 - 2015-03-17 14:41 - 79691776 _____ () C:\Users\Friedrich\Desktop\CorePlus-current.iso
2015-03-16 18:42 - 2015-03-16 18:42 - 00115672 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetAdp.sys
2015-03-12 15:27 - 2015-03-26 15:53 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Everything
2015-03-11 20:41 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2015-03-11 20:41 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\System32\WsmSvc.dll
2015-03-11 20:41 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\System32\WSManMigrationPlugin.dll
2015-03-11 20:41 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\System32\WsmWmiPl.dll
2015-03-11 20:41 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\System32\WsmAuto.dll
2015-03-11 20:41 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\System32\WSManHTTPConfig.exe
2015-03-11 20:41 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\System32\TSWorkspace.dll
2015-03-11 20:02 - 2015-03-06 06:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2015-03-11 20:02 - 2015-03-06 06:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2015-03-11 20:02 - 2015-03-06 06:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2015-03-11 20:02 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2015-03-11 20:02 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2015-03-11 20:02 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2015-03-11 20:02 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2015-03-11 20:02 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2015-03-11 20:02 - 2015-03-06 06:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2015-03-11 20:02 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2015-03-11 20:02 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2015-03-11 20:02 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2015-03-11 20:02 - 2015-03-06 06:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2015-03-11 20:02 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2015-03-11 20:02 - 2015-03-06 06:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2015-03-11 20:02 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2015-03-11 20:02 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2015-03-11 20:02 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2015-03-11 20:02 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2015-03-11 20:02 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2015-03-11 20:02 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2015-03-11 20:02 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2015-03-11 20:02 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-03-11 20:02 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2015-03-11 20:02 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2015-03-11 20:02 - 2015-02-20 03:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2015-03-11 20:02 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2015-03-11 20:02 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2015-03-11 20:02 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2015-03-11 20:02 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2015-03-11 20:02 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2015-03-11 20:02 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2015-03-11 20:02 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2015-03-11 20:02 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2015-03-11 20:02 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2015-03-11 20:02 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2015-03-11 20:02 - 2015-02-20 02:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2015-03-11 20:02 - 2015-02-20 02:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2015-03-11 20:02 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-03-11 20:02 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2015-03-11 20:02 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2015-03-11 20:02 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2015-03-11 20:02 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2015-03-11 20:02 - 2015-02-20 02:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2015-03-11 20:02 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2015-03-11 20:02 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2015-03-11 20:02 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2015-03-11 20:02 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2015-03-11 20:02 - 2015-01-31 00:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2015-03-11 20:02 - 2015-01-29 04:05 - 03973048 _____ (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2015-03-11 20:02 - 2015-01-29 04:05 - 03917752 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-03-11 20:02 - 2015-01-29 04:01 - 00400896 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2015-03-11 20:02 - 2015-01-29 04:01 - 00262656 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2015-03-11 20:02 - 2015-01-29 04:01 - 00069632 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2015-03-11 20:02 - 2015-01-29 04:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2015-03-11 20:02 - 2015-01-29 04:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2015-03-11 20:02 - 2015-01-29 03:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2015-03-11 20:01 - 2015-02-26 04:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2015-03-11 20:01 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2015-03-11 20:01 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2015-03-11 20:01 - 2015-02-20 05:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2015-03-11 20:01 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2015-03-11 20:01 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2015-03-11 20:01 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2015-03-11 20:01 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2015-03-11 20:01 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2015-03-11 20:01 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\System32\ubpm.dll
2015-03-11 20:01 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\System32\msctf.dll
2015-03-11 20:00 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\System32\scesrv.dll
2015-03-11 17:12 - 2007-08-13 14:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\System32\wmvdmoe.dll
2015-03-11 16:57 - 2015-03-11 17:03 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\WebcamZoneTrigger
2015-03-11 16:12 - 2015-03-11 16:12 - 00000000 ____D () C:\Users\Public\Documents\Xeoma
2015-03-11 12:19 - 2015-03-11 12:19 - 00000000 ____D () C:\Windows\System32\DCS
2015-03-11 01:10 - 2015-03-11 01:10 - 00003584 _____ () C:\Users\Friedrich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-08 10:55 - 2015-03-08 10:55 - 06208736 _____ (Tim Kosse) C:\Users\Friedrich\Downloads\FileZilla_3.10.2_win32-setup.exe
2015-03-08 10:55 - 2015-03-08 10:55 - 06057862 _____ (Tim Kosse) C:\Users\Friedrich\Downloads\FileZilla_3.9.0.5_win32-setup.exe
2015-03-08 03:47 - 2015-03-08 03:47 - 00000216 _____ () C:\Users\Friedrich\Desktop\rFactor Demo.url
2015-03-08 02:02 - 2015-03-08 02:02 - 00000000 ____D () C:\Program Files\LEGO Batman 3 - Beyond Gotham
2015-03-06 05:12 - 2015-03-06 05:12 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Apple Computer
2015-03-06 05:10 - 2015-03-06 05:12 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-03-06 05:08 - 2015-03-21 19:35 - 00000000 ____D () C:\Users\Friedrich\Desktop\LightWorks DE Tutorials
2015-03-06 04:28 - 2015-03-06 04:28 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-03-05 21:53 - 2015-03-05 21:53 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Stardock
2015-03-05 20:41 - 2015-03-13 19:42 - 00000000 ____D () C:\Users\Friedrich\Desktop\Chromanova.fm - crazy freak dance 24-7-
2015-03-05 07:50 - 2015-03-05 07:50 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\com.ohnoo.TormentumDemo
2015-03-05 07:31 - 2015-03-05 07:31 - 00000000 ____D () C:\Users\Friedrich\Documents\SpriteLamp
2015-03-05 07:31 - 2015-03-05 07:31 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\SpriteLampWinforms
2015-03-05 06:58 - 2015-03-05 07:03 - 00000000 ____D () C:\Program Files\TClock
2015-03-05 06:04 - 2015-03-05 06:04 - 00000000 ____D () C:\Windows Anmeldesounds +Icons AlleSys Bildschirmschoner
2015-03-05 05:49 - 2015-03-05 05:49 - 00000000 ____D () C:\ProgramData\Stardock
2015-03-05 05:48 - 2015-03-05 05:48 - 00000000 __HDC () C:\ProgramData\{9C3F823B-4738-4CAF-A6B2-69E87FB636C0}
2015-03-05 05:48 - 2015-03-05 05:48 - 00000000 ____D () C:\Users\Public\Documents\Stardock
2015-03-05 05:48 - 2015-03-05 05:48 - 00000000 ____D () C:\Program Files\Stardock
2015-03-05 05:28 - 2015-03-05 05:28 - 00000000 ____D () C:\Program Files\MPU
2015-03-05 05:20 - 2015-03-05 05:20 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Lern-o-Mat
2015-03-05 05:14 - 2015-03-05 05:14 - 00000000 ____D () C:\Program Files\DVDlabPro2
2015-03-05 05:13 - 2015-03-05 05:13 - 00000000 ____D () C:\Program Files\Doc Scrubber
2015-03-05 05:12 - 2015-03-05 05:12 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\jStrip
2015-03-05 05:12 - 2015-03-05 05:12 - 00000000 ____D () C:\Program Files\jStrip
2015-03-05 05:12 - 1999-10-30 02:00 - 00167936 _____ (Common Controls Replacement Project (CCRP)) C:\Windows\System32\ccrpftv6.ocx
2015-03-04 06:03 - 2015-03-12 12:34 - 00000000 ____D () C:\Users\Friedrich\.mediathek3
2015-03-04 06:03 - 2015-03-04 06:03 - 00000000 ____D () C:\Program Files\Mediathekview
2015-03-03 19:32 - 2015-03-03 19:32 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack
2015-03-03 18:52 - 2015-03-03 18:54 - 63361024 _____ () C:\Users\Friedrich\Desktop\EpicGamesLauncherInstaller-2.0.0-2465596.msi
2015-03-02 07:05 - 2015-03-02 07:05 - 00000000 ____D () C:\Users\Friedrich\Documents\Bandicam
2015-03-02 07:04 - 2015-03-23 16:41 - 00000000 ____D () C:\Program Files\Bandicam
2015-03-02 07:04 - 2015-03-02 07:04 - 00000000 ____D () C:\Program Files\BandiMPEG1
2015-03-01 23:52 - 2015-03-01 23:52 - 00000000 ____D () C:\Users\Friedrich\Desktop\Silent Hill Downpour (Xbox 360 Gamerip)
2015-02-28 18:06 - 2015-02-05 18:51 - 00621384 _____ (NVIDIA Corporation) C:\Windows\System32\nvStreaming.exe
2015-02-28 18:05 - 2015-02-05 21:48 - 24768144 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv32.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 20465808 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 16016848 _____ (NVIDIA Corporation) C:\Windows\System32\nvwgf2um.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 10773520 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 10713256 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 08473928 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2015-02-28 18:05 - 2015-02-05 21:48 - 03247248 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 01047880 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco3234752.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 00931136 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 00912528 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco3234752.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 00909120 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 00877816 _____ (NVIDIA Corporation) C:\Windows\System32\nvumdshim.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 00399504 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 00345928 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFROpenGL.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 00305136 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim32.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 00164568 _____ (NVIDIA Corporation) C:\Windows\System32\nvinit.dll
2015-02-28 18:05 - 2015-02-05 21:48 - 00161424 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda32v.sys
2015-02-28 18:05 - 2015-02-05 21:48 - 00027280 _____ (NVIDIA Corporation) C:\Windows\System32\nvhdap32.dll
2015-02-27 16:04 - 2015-02-27 19:00 - 00000000 ____D () C:\Program Files\EMET 5.1
2015-02-27 03:00 - 2015-02-27 03:00 - 00000216 _____ () C:\Users\Friedrich\Desktop\Tormentum - Dark Sorrow Demo.url
2015-02-26 18:36 - 2015-02-26 18:36 - 00000000 ____D () C:\Program Files\Cain
2015-02-24 19:24 - 2015-03-20 23:09 - 00000000 ____D () C:\Users\Friedrich\Documents\Survarium
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-26 22:28 - 2013-01-29 18:50 - 01308000 _____ () C:\Windows\WindowsUpdate.log
2015-03-26 22:27 - 2013-01-30 06:57 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\NetSpeedMonitor
2015-03-26 21:03 - 2009-07-14 05:34 - 00034848 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-26 21:03 - 2009-07-14 05:34 - 00034848 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-26 20:55 - 2013-02-17 07:38 - 00000000 ____D () C:\ProgramData\VMware
2015-03-26 20:54 - 2014-07-03 02:07 - 00068018 _____ () C:\Windows\setupact.log
2015-03-26 20:54 - 2014-01-11 03:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-26 20:54 - 2013-01-30 08:01 - 01854028 _____ () C:\Windows\System32\oodbs.lor
2015-03-26 17:12 - 2013-01-30 01:23 - 00000000 ____D () C:\Users\Friedrich\Desktop\Sicherheitsprogramme
2015-03-26 17:11 - 2013-01-30 08:07 - 00000000 ____D () C:\Program Files\Steam
2015-03-26 17:07 - 2013-03-02 16:35 - 00000000 ____D () C:\Program Files\Pluto Client
2015-03-26 16:54 - 2013-01-30 01:31 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\KeePass
2015-03-26 15:57 - 2013-01-29 23:37 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-26 15:23 - 2013-01-30 04:08 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\vlc
2015-03-26 09:21 - 2014-09-12 18:50 - 00000000 ____D () C:\Users\Public\Documents\RootGenius
2015-03-26 09:21 - 2013-03-13 02:29 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\ActiveX
2015-03-26 05:07 - 2013-01-30 01:23 - 00000000 ____D () C:\Users\Friedrich\Desktop\Exploit Sets
2015-03-26 00:10 - 2013-01-30 05:14 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\CrashDumps
2015-03-25 23:44 - 2013-11-22 18:50 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\AIMP3
2015-03-25 23:40 - 2013-02-06 01:52 - 00000000 ____D () C:\Program Files\THQ
2015-03-25 23:40 - 2013-01-30 02:18 - 00000000 ____D () C:\Users\Friedrich\Desktop\Spiele
2015-03-25 23:29 - 2010-11-20 22:01 - 01639348 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-03-25 22:52 - 2013-01-30 06:49 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2015-03-25 22:49 - 2013-01-30 06:48 - 00000000 ____D () C:\Program Files\Spyware Terminator
2015-03-25 10:18 - 2014-07-05 01:41 - 00607810 _____ () C:\Windows\PFRO.log
2015-03-25 10:17 - 2013-02-05 00:25 - 00000000 ____D () C:\Program Files\stinger
2015-03-25 10:12 - 2013-06-04 01:27 - 00000000 ____D () C:\Stinger_Quarantine
2015-03-25 07:37 - 2014-07-05 01:31 - 00000000 ____D () C:\AdwCleaner
2015-03-25 06:56 - 2014-11-15 20:35 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-03-25 06:54 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Registration
2015-03-23 20:12 - 2014-01-11 01:33 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Apps\2.0
2015-03-23 20:12 - 2009-07-14 03:37 - 00000000 ___RD () C:\users\Public
2015-03-23 20:08 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-03-23 16:50 - 2013-02-11 06:02 - 00000000 ____D () C:\Users\Friedrich\Desktop\Magic.Games.II
2015-03-23 16:41 - 2013-01-30 06:17 - 00000000 ____D () C:\Program Files\mIRC
2015-03-23 16:39 - 2013-02-18 03:52 - 00000000 ____D () C:\Program Files\Dead Space 3 Limited Edition uncut
2015-03-23 16:39 - 2013-02-09 08:44 - 00000000 ____D () C:\Program Files\Magic The Gathering - Duels of the Planeswalkers
2015-03-23 16:39 - 2013-02-04 05:20 - 00000000 ____D () C:\Program Files\Serials World
2015-03-23 16:38 - 2014-01-29 18:03 - 00000000 ____D () C:\Program Files\DLH98
2015-03-23 16:37 - 2013-01-31 03:54 - 00000000 ____D () C:\Program Files\DiRT 3
2015-03-23 16:34 - 2014-07-06 04:05 - 00000000 ____D () C:\Program Files\Assetto Corsa
2015-03-23 16:34 - 2013-02-11 03:53 - 00000000 ____D () C:\Program Files\Ricochet Infinity
2015-03-23 16:33 - 2014-06-12 00:18 - 00000000 ____D () C:\Program Files\HD Video Repair Utility
2015-03-23 16:33 - 2013-03-02 16:32 - 00000000 ____D () C:\Program Files\Portrait Professional Studio 9
2015-03-23 08:21 - 2013-01-30 01:20 - 00042334 _____ () C:\Users\Friedrich\NeueDatenbank.kdbx
2015-03-23 08:21 - 2013-01-29 18:50 - 00000000 ____D () C:\users\Friedrich
2015-03-23 06:15 - 2014-03-23 15:43 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-23 06:00 - 2014-03-23 15:42 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2015-03-23 04:16 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\NDF
2015-03-23 02:47 - 2014-11-16 21:36 - 00000000 ____D () C:\Program Files\Spezial 5.0
2015-03-22 22:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-03-22 22:10 - 2013-01-30 01:23 - 00000000 ____D () C:\Users\Friedrich\Desktop\Weitere Programme
2015-03-22 21:36 - 2013-01-30 06:18 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\NoNameScript
2015-03-22 20:24 - 2014-10-20 17:53 - 00000000 ____D () C:\ProgramData\GalaxyClient
2015-03-22 19:59 - 2013-01-30 06:17 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\mIRC
2015-03-22 19:03 - 2013-01-30 03:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-22 18:56 - 2014-05-14 17:55 - 00000000 ____D () C:\Users\Friedrich\Desktop\Rap Mai 2014
2015-03-22 18:44 - 2013-02-06 04:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-22 18:23 - 2014-02-07 14:18 - 00000600 _____ () C:\Users\Friedrich\AppData\Roaming\winscp.rnd
2015-03-22 18:10 - 2014-08-20 05:17 - 00000000 ____D () C:\Windows\Minidump
2015-03-21 06:12 - 2013-01-30 05:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-20 22:23 - 2013-02-06 02:07 - 00000000 ____D () C:\Temp
2015-03-20 19:34 - 2014-05-04 18:34 - 00000000 ____D () C:\Program Files\WhoCrashed
2015-03-20 18:06 - 2013-02-01 15:18 - 00000000 ____D () C:\Program Files\Vuze
2015-03-19 07:56 - 2013-01-29 23:12 - 00000000 ____D () C:\Windows\pss
2015-03-19 06:48 - 2013-03-25 17:56 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\NPE
2015-03-19 02:39 - 2013-03-04 20:10 - 00000000 ____D () C:\Program Files\KaloMa
2015-03-19 00:48 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\LogFiles
2015-03-19 00:26 - 2014-06-16 02:02 - 00064681 ____H () C:\Windows\System32\BTImages.dat
2015-03-19 00:25 - 2013-01-25 15:30 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-03-19 00:21 - 2013-02-04 05:24 - 00000000 ____D () C:\Program Files\USB Deview
2015-03-19 00:20 - 2014-09-14 21:01 - 00000000 ____D () C:\Program Files\Bluescreen View
2015-03-19 00:20 - 2014-02-14 02:24 - 00000000 ____D () C:\Program Files\DriverView v1.45
2015-03-18 22:11 - 2013-07-16 15:55 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\FileZilla
2015-03-18 21:27 - 2014-02-24 06:30 - 00000000 ____D () C:\Users\Friedrich\.VirtualBox
2015-03-18 21:17 - 2013-01-25 15:37 - 00000000 ___HD () C:\Program Files\Temp
2015-03-18 21:04 - 2013-02-01 15:18 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Azureus
2015-03-18 18:45 - 2013-02-17 08:12 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\VMware
2015-03-18 18:45 - 2013-02-17 08:12 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\VMware
2015-03-16 21:48 - 2013-01-30 01:16 - 00000000 ____D () C:\Users\Friedrich\Mädels u. Chatter
2015-03-16 14:56 - 2015-02-09 11:04 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\.Tribler
2015-03-15 13:50 - 2013-01-31 03:07 - 00000000 ____D () C:\Program Files\Trillian
2015-03-14 17:20 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-03-12 16:44 - 2014-08-17 15:52 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Adobe
2015-03-12 16:44 - 2013-01-29 22:44 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2015-03-12 16:44 - 2013-01-29 22:44 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2015-03-12 15:27 - 2013-02-01 15:44 - 00000000 ____D () C:\Program Files\Search Everything
2015-03-12 15:24 - 2013-03-19 12:11 - 00000000 ____D () C:\Windows\System32\MAGIX
2015-03-12 01:23 - 2013-02-01 16:32 - 00000000 ____D () C:\ProgramData\Origin
2015-03-11 20:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\de-DE
2015-03-11 20:32 - 2014-02-19 19:09 - 00000000 ___RD () C:\Users\Friedrich\Virtual Machines
2015-03-11 20:17 - 2013-08-03 23:48 - 00000000 ____D () C:\Windows\System32\MRT
2015-03-11 15:19 - 2013-01-29 22:28 - 00007655 _____ () C:\Users\Friedrich\AppData\Local\Resmon.ResmonCfg
2015-03-11 13:36 - 2014-07-24 00:39 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\.minecraft
2015-03-11 13:26 - 2013-02-07 04:13 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Razer
2015-03-11 13:26 - 2013-02-07 04:12 - 00000000 ____D () C:\ProgramData\Razer
2015-03-11 13:26 - 2013-01-30 05:03 - 00000000 ____D () C:\Program Files\Razer
2015-03-11 12:11 - 2013-08-21 03:42 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\midori
2015-03-11 02:35 - 2013-02-06 02:14 - 00000000 ____D () C:\ProgramData\TEMP
2015-03-10 04:18 - 2014-06-24 16:21 - 00000000 ____D () C:\Program Files\SRWare Iron
2015-03-09 09:57 - 2013-04-11 01:04 - 00000000 ____D () C:\Program Files\SpeedFan
2015-03-09 08:08 - 2014-08-23 16:30 - 00000000 ____D () C:\Users\Friedrich\Desktop\New Handy Root und ähnliches Tutorials
2015-03-08 10:56 - 2013-07-16 15:55 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2015-03-08 04:48 - 2014-01-22 17:33 - 00000000 ____D () C:\Users\Friedrich\.dbus-keyrings
2015-03-08 04:25 - 2014-07-15 21:51 - 00000000 ____D () C:\Program Files\GameforgeLive
2015-03-08 02:35 - 2013-11-19 10:19 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Warner Bros. Interactive Entertainment
2015-03-06 05:11 - 2013-02-14 06:50 - 00000000 ____D () C:\Program Files\QuickTime
2015-03-06 04:28 - 2013-09-19 21:42 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-06 04:25 - 2014-01-15 06:51 - 00096680 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2015-03-06 04:25 - 2013-03-05 05:07 - 00000000 ____D () C:\Program Files\Java
2015-03-05 08:01 - 2013-08-13 00:14 - 00000000 ____D () C:\Users\Friedrich\Documents\3DMark
2015-03-05 07:58 - 2014-06-16 05:52 - 00000022 _____ () C:\Windows\GPU-Z.INI
2015-03-05 05:28 - 2013-02-05 07:26 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2015-03-05 05:11 - 2013-02-07 01:16 - 00000000 ____D () C:\Westwood
2015-03-05 03:01 - 2014-04-11 03:10 - 00000000 ____D () C:\Program Files\prime95 v279
2015-03-05 02:40 - 2015-02-11 15:43 - 00000000 ____D () C:\Users\Friedrich\Desktop\Spionaufnahmen mit LifeCam
2015-03-05 02:18 - 2015-02-12 12:20 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\GetRight
2015-03-04 05:16 - 2014-03-11 20:56 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\MPC-HC
2015-03-04 01:56 - 2013-02-01 16:32 - 00000000 ____D () C:\Program Files\Origin
2015-03-04 00:57 - 2013-07-24 22:30 - 00000000 ____D () C:\HammerAutosave
2015-03-03 18:13 - 2013-11-22 18:50 - 00000000 ____D () C:\Program Files\AIMP3
2015-03-02 18:21 - 2013-01-30 02:15 - 00000000 ____D () C:\Users\Friedrich\Desktop\Ernährung u Sportinfos zusatz zur MAPPE
2015-03-02 02:15 - 2013-02-26 18:36 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Audacity
2015-03-02 02:11 - 2013-02-26 18:36 - 00000000 ____D () C:\Program Files\Audacity
2015-03-01 23:47 - 2015-02-12 12:21 - 00000000 ____D () C:\ProgramData\GetRight
2015-02-28 19:33 - 2013-02-03 00:02 - 02712576 _____ () C:\Users\Friedrich\AppData\Local\file__0.localstorage
2015-02-28 17:10 - 2013-05-10 04:41 - 00000000 ____D () C:\Program Files\IsoBuster
2015-02-27 17:38 - 2013-01-30 01:44 - 00000000 ____D () C:\Users\Friedrich\Desktop\Canon Shots
2015-02-27 16:52 - 2013-02-01 16:51 - 00000000 ____D () C:\Program Files\Futuremark
2015-02-27 03:26 - 2013-02-26 18:48 - 00000000 ____D () C:\Users\Public\Documents\Lightworks
2015-02-27 03:20 - 2013-02-26 18:48 - 00000000 ____D () C:\Program Files\Lightworks
2015-02-26 21:20 - 2011-04-28 16:10 - 119837696 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2015-02-25 03:10 - 2014-06-28 07:22 - 00000000 ____D () C:\Users\Friedrich\Documents\EthanMeteorHunterDemo
2015-02-25 01:15 - 2013-01-30 01:16 - 00000000 ____D () C:\Users\Friedrich\Martin Krüger
2015-02-25 01:14 - 2013-05-24 01:11 - 00000132 _____ () C:\Users\Friedrich\AppData\Roaming\Adobe PNG Format CS5 Prefs
Files to move or delete:
====================
C:\Users\Friedrich\Bsb.exe
C:\Users\Friedrich\cc_20140124_180349.reg
C:\Users\Friedrich\cc_20140315_160443.reg
C:\Users\Friedrich\cc_20140718_151624.reg
C:\Users\Friedrich\cc_20140905_190648.reg
C:\Users\Friedrich\cc_20141008_060204.reg
C:\Users\Friedrich\IP_Log_Data.js
C:\Users\Friedrich\regsicherung.reg
C:\Users\Friedrich\Sicherung reg von CCleaner 2.reg
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
Restore point made on: 2015-03-25 07:50:04
==================== Memory info ===========================
Percentage of memory in use: 7%
Total physical RAM: 8141.82 MB
Available physical RAM: 7510.87 MB
Total Pagefile: 8140.11 MB
Available Pagefile: 7523 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.28 MB
==================== Drives ================================
Drive c: (Lokaler Datenträger) (Fixed) (Total:2048 GB) (Free:89.2 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Backup Datenträger RED 3TB) (Fixed) (Total:2048 GB) (Free:327.4 GB) NTFS
Drive e: (Medien Datenträger) (Fixed) (Total:1863.01 GB) (Free:332.27 GB) NTFS
Drive f: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (64bitGaming) (Fixed) (Total:1862.92 GB) (Free:1543.44 GB) NTFS
Drive h: (GSP1RMCPRFRER_DE_DVD) (CDROM) (Total:2.34 GB) (Free:0 GB) UDF
Drive i: () (Removable) (Total:0.93 GB) (Free:0.93 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 379CF46E)
Partition 1: (Active) - (Size=2048 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 02962212)
Partition 1: (Not Active) - (Size=2048 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 03AA03A9)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 0FD998DB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)
========================================================
Disk: 4 (Size: 960 MB) (Disk ID: 004E1FE0)
Partition 1: (Active) - (Size=960 MB) - (Type=0B)
LastRegBack: 2015-03-26 07:00
==================== End Of Log ============================
__________________ Where do you want to go today? |
|
27.03.2015, 15:58
| #14 |
| /// the machine /// TB-Ausbilder | svchost.exe greift auf clickhosterseiten zu (im hintergrund) Mach bitte noch folgendes, im normalen Modus: CMD öffnen, schreibe: bitsadmin /list /verbose > c:\bitsadmin.txt Poste bitte den Inhalt der bitsadmin.txt.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.03.2015, 17:28
| #15 |
| | re7Code:
ATTFilter BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
Listed 0 job(s).
__________________ Where do you want to go today? |
|
| Themen zu svchost.exe greift auf clickhosterseiten zu (im hintergrund) |
| antivirus, bho, bluescreen, cashclicker, chromium, clickjacking, combofix, desktop, festplatte, firefox, helper, hijack, hängt, internet explorer, junkware, logfile, malware, mozilla, netzwerk, problem, realtek, registry, scan, security, software, svchost, svchost.exe, system, updates, usb |
WARNUNG an die MITLESER: 
