| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Spy Hunter 4 & iStartSurfWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.09.2014, 17:34
| #1 |
 |  Spy Hunter 4 & iStartSurf Hallo zusammen, obwohl ich mich eigentlich für recht vorsichtig (und vernünftig) halte, bin ich aufgrund des iStartSurf auf Spy Hunter 4 gestoßen, welches mir versprochen hat, meine Probleme zu bereinigen. Als ich dafür zahlen sollte wurde ich skeptisch und bin nun sicher, mir einiges eingefangen zu haben. Könnt ihr mir helfen? Sagt mir, wie ernst es wirklich ist. Da ich tagsüber arbeiten gehe, werde ich nicht immer direkt euren Anweisungen folgen können und Antworten posten. Bitte habt Nachsicht. Gruß, Thomas Hier die Ergebnisse von "Farbar Recovery Scan Tool": Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Thomas Ratzke (administrator) on THOMASRATZKE-PC on 10-09-2014 18:25:40
Running from C:\Users\Thomas Ratzke\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\SupTab\HpUI.exe
() C:\Program Files (x86)\SupTab\Loader64.exe
() C:\Program Files (x86)\SupTab\Loader32.exe
(Google Inc.) C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\chrome.exe
(VS Revo Group) C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1218043409-3151763047-2122344536-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1218043409-3151763047-2122344536-1001\...\Run: [GoogleChromeAutoLaunch_42BCF34DF888FA5E24C109D3BA6D368A] => C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\chrome.exe [852808 2014-08-30] (Google Inc.)
HKU\S-1-5-21-1218043409-3151763047-2122344536-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1218043409-3151763047-2122344536-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1218043409-3151763047-2122344536-1001\...\MountPoints2: {9c11f84e-35ea-11e4-9322-806e6f6e6963} - D:\LaunchEAW.exe
HKU\S-1-5-21-1218043409-3151763047-2122344536-1001\...\MountPoints2: {e359f3cd-4686-11e0-a932-806e6f6e6963} - D:\EAWXLauncher.exe
HKU\S-1-5-21-1218043409-3151763047-2122344536-1001\...\MountPoints2: {fd879af9-6716-11e2-9f7d-406186748295} - F:\HTC_Sync_Manager_PC.exe
Startup: C:\Users\Melanie Ratzke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk.disabled
ShortcutTarget: OpenOffice.org 3.3.lnk.disabled -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1218043409-3151763047-2122344536-1003\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=d39cd938-12e5-4441-9a63-2e34dced778f&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=d39cd938-12e5-4441-9a63-2e34dced778f&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1410023704&from=tugs&uid=HitachiXHDS721010CLA332_JP6940HD3NBT7F3NBT7FX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1410023704&from=tugs&uid=HitachiXHDS721010CLA332_JP6940HD3NBT7F3NBT7FX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1410023704&from=tugs&uid=HitachiXHDS721010CLA332_JP6940HD3NBT7F3NBT7FX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1410023704&from=tugs&uid=HitachiXHDS721010CLA332_JP6940HD3NBT7F3NBT7FX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1410023704&from=tugs&uid=HitachiXHDS721010CLA332_JP6940HD3NBT7F3NBT7FX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1410023704&from=tugs&uid=HitachiXHDS721010CLA332_JP6940HD3NBT7F3NBT7FX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1410023704&from=tugs&uid=HitachiXHDS721010CLA332_JP6940HD3NBT7F3NBT7FX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1410023704&from=tugs&uid=HitachiXHDS721010CLA332_JP6940HD3NBT7F3NBT7FX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1410023704&from=tugs&uid=HitachiXHDS721010CLA332_JP6940HD3NBT7F3NBT7FX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1410023704&from=tugs&uid=HitachiXHDS721010CLA332_JP6940HD3NBT7F3NBT7FX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1410023704&from=tugs&uid=HitachiXHDS721010CLA332_JP6940HD3NBT7F3NBT7FX&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1410023704&from=tugs&uid=HitachiXHDS721010CLA332_JP6940HD3NBT7F3NBT7FX&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1410023704&from=tugs&uid=HitachiXHDS721010CLA332_JP6940HD3NBT7F3NBT7FX&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=d39cd938-12e5-4441-9a63-2e34dced778f&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1410023704&from=tugs&uid=HitachiXHDS721010CLA332_JP6940HD3NBT7F3NBT7FX&q={searchTerms}
SearchScopes: HKCU - DefaultScope {1C06CB70-198C-4D8F-A4F7-F06D2827FF4F} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=d39cd938-12e5-4441-9a63-2e34dced778f&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
SearchScopes: HKCU - {1C06CB70-198C-4D8F-A4F7-F06D2827FF4F} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {4C5BC4C8-BA34-41C5-A20A-897A8166A4CF} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
SearchScopes: HKCU - {7A2E5123-B9D0-403B-B075-CBCF11F90167} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=9ea514a0-ab3f-4281-93d8-ef5edad90d01&apn_sauid=BB8316B0-5C26-408F-B240-F9A7A0F6D6D7
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: No Name -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 80.69.100.206 80.69.100.182
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @doubletwist.com/NPPodcast -> C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Thomas Ratzke\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Thomas Ratzke\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Thomas Ratzke\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll No File
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-11-29]
FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "https://www.google.de/?gws_rd=ssl"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj [2012-09-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-26]
CHR Extension: (Auf den Amazon-Wunschzettel) - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2013-02-13]
CHR Extension: (Google-Suche) - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-26]
CHR Extension: (Google Play Music) - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-08-29]
CHR Extension: (Avira Browser Safety) - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-16]
CHR Extension: (Google Wallet) - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-06]
CHR Extension: (Google Mail) - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-26]
CHR HKCU\...\Chrome\Extension: [amfclgbdpgndipgoegfpkkgobahigbcl] - C:\Users\Thomas Ratzke\AppData\Local\Smartbar/Application\1Extension.crx []
CHR HKLM-x32\...\Chrome\Extension: [aaaangaohdajkgeopjhpbnlpkehbhmbj] - C:\Users\Thomas Ratzke\AppData\Local\APN\GoogleCRXs\aaaangaohdajkgeopjhpbnlpkehbhmbj_7.15.4.0.crx [2012-09-08]
CHR HKLM-x32\...\Chrome\Extension: [amfclgbdpgndipgoegfpkkgobahigbcl] - C:\Users\Thomas Ratzke\AppData\Local\Smartbar/Application\1Extension.crx [2012-09-08]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-09-06]
CHR StartMenuInternet: Google Chrome - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\chrome.exe hxxp://www.istartsurf.com/?type=sc&ts=1410023704&from=tugs&uid=HitachiXHDS721010CLA332_JP6940HD3NBT7F3NBT7FX
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
S4 CEEBC40A-FDED-4C59-B354-939132350B01; C:\Program Files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe [96752 2010-08-30] ()
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-09-06] (Cherished Technololgy LIMITED)
S4 LenovoCOMSvc; C:\Program Files\Lenovo\Power Dial\LenovoCOMSvc.exe [49152 2009-09-30] (Lenovo) [File not signed]
S4 LitModeCtrl; C:\Program Files\Lenovo\Power Dial\LitModeCtrl.exe [81920 2010-09-09] (Lenovo) [File not signed]
R2 MSSQL$MYMOVIES; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2012-10-08] () [File not signed]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation)
S4 ProtexisLicensing; C:\windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [528896 2014-09-06] (Fuyu LIMITED) [File not signed]
S4 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [278528 2010-01-12] () [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138872 2011-12-04] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138872 2011-12-04] (SlySoft, Inc.)
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1037312 2007-04-20] (Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-28] (Avira Operations GmbH & Co. KG)
S3 epmntdrv; C:\windows\system32\epmntdrv.sys [17480 2012-12-21] ()
S3 epmntdrv; C:\windows\SysWOW64\epmntdrv.sys [14920 2012-12-21] ()
S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [9800 2012-12-21] ()
S3 EuGdiDrv; C:\windows\SysWOW64\EuGdiDrv.sys [9160 2012-12-21] ()
S3 GigasetGenericUSB_x64; C:\Windows\System32\DRIVERS\GigasetGenericUSB_x64.sys [54272 2013-03-05] (Siemens Home and Office Communication Devices GmbH & Co. KG)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2011-07-06] () [File not signed]
R3 USTOR2K; C:\Windows\System32\DRIVERS\ustor2k.sys [52224 2010-02-22] (Genesys Logic)
R0 WinI2C-DDC; C:\Windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)
R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-22] (Nicomsoft Ltd.)
U3 ayjn4f4a; C:\Windows\System32\Drivers\ayjn4f4a.sys [0 ] (Microsoft Corporation)
S3 CBTNDIS4; \??\C:\windows\system32\CBTNDIS4.SYS [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S2 iPodDrv; \??\C:\windows\system32\drivers\iPodDrv.sys [X]
========================== Drivers MD5 =======================
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\Drivers\AnyDVD.sys 7CE7D6019D0D73F9203BA4FF4BA35B6A
C:\Windows\SysWOW64\Drivers\AnyDVD.sys 7CE7D6019D0D73F9203BA4FF4BA35B6A
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrxusb.sys 4BC451A93DB4915569C97FDAB020E6E7
C:\Windows\system32\drivers\atikmdag.sys 3EFD964D52221360AF0673CD61C2F4F5
C:\Windows\System32\DRIVERS\avgntflt.sys 4663C5AD76FE8E19592DE808156FA07D
C:\Windows\System32\DRIVERS\avipbb.sys 8902AEC2382A37E9E99A4E0D52DBD42B
C:\Windows\System32\DRIVERS\avkmgr.sys 390184FAD8FCC1B6DA25AEBAE928C3B6
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwlhigh664.sys 6FA3557EA5FA09BA705298CC6B0E9F5A
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\System32\DRIVERS\e1c62x64.sys 6BAFD9819D9FEC2EDBAEBC8493C711A4
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ElbyCDIO.sys A05FC7ECA0966EBB70E4D17B855A853B
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\windows\system32\epmntdrv.sys 6106653B08F4F72EEAA7F099E7C408A4
C:\windows\SysWOW64\epmntdrv.sys 093CEE3B45F0954DCE6CB891F6A920F7
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\windows\system32\EuGdiDrv.sys 991C04A31777ED77CB92A4F96F14C2E2
C:\windows\SysWOW64\EuGdiDrv.sys F1DE3EEF501DDA7DDF99F2EDF0C5540E
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\DRIVERS\GigasetGenericUSB_x64.sys B93252C4C5A3733ECD5522CAF88DE02D
C:\Windows\System32\drivers\grmnusb.sys 2ED7FF3E1ADA4092632393781518B3A7
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ANDROIDUSB.sys F47CEC45FB85791D4AB237563AD0FA8F
C:\Windows\System32\DRIVERS\htcnprot.sys B8B1B284362E1D8135112573395D5DA5
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys F7CE9BE72EDAC499B713ECA6DAE5D26F
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys F5872A11EB4F6DB170D636CD4E53CA9F
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NBVol.sys DACA803A8D732FE5EEAA024EC342F81D
C:\Windows\System32\DRIVERS\NBVolUp.sys 6208F622E9E35860DFB0753DFF56F0C0
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netr28ux.sys 618C55B392238B9467F9113E13525C49
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\npf.sys C31FA031335EFF434B2D94278E74BCCE
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvhda64v.sys E20ABD5B229760158F753CA90B97E090
C:\Windows\System32\DRIVERS\nvlddmkm.sys 91C75FF8000C571CCDCB3D589A4AF0D5
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rtnic64.sys 68DD0457D18FCCEF7384AE84022F0C86
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scmndisp.sys 6011CDF54BB6F4C69F38FACCDAD73D7E
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sptd.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\system32\drivers\usb8023x.sys 70D05EE263568A742D14E1876DF80532
C:\Windows\System32\DRIVERS\ustor2k.sys 88CE07826F25B851E824ED2E57106323
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vpchbus.sys B4A73CA4EF9A02B9738CEA9AD5FE5917
C:\Windows\System32\DRIVERS\vpcnfltr.sys E675FB2B48C54F09895482E2253B289C
C:\Windows\System32\DRIVERS\vpcusb.sys 5FB42082B0D19A0268705F1DD343DF20
C:\Windows\System32\drivers\vpcvmm.sys 207B6539799CC1C112661A9B620DD233
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\drivers\DDCDrv.sys 66C365B542195C1F6E2FF4A7D8F3827C
C:\Windows\SysWOW64\drivers\DDCDrv.sys 16EB81E08165D5B2BF18E9D50E35237F
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys AD12F5C7251BB8D575D560894E73CBBA
C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys AD12F5C7251BB8D575D560894E73CBBA
C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys AD12F5C7251BB8D575D560894E73CBBA
C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys AD12F5C7251BB8D575D560894E73CBBA
C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys AD12F5C7251BB8D575D560894E73CBBA
C:\Windows\System32\DRIVERS\wsvd.sys 83575C43B2BFE9AB0661A7F957E843C0
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\yk62x64.sys B3EEACF62445E24FBB2CD4B0FB4DB026
C:\Windows\System32\Drivers\ayjn4f4a.sys
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-10 18:25 - 2014-09-10 18:27 - 00045110 _____ () C:\Users\Thomas Ratzke\Downloads\FRST.txt
2014-09-10 18:25 - 2014-09-10 18:25 - 00000000 ____D () C:\FRST
2014-09-10 18:24 - 2014-09-10 18:25 - 02105856 _____ (Farbar) C:\Users\Thomas Ratzke\Downloads\FRST64.exe
2014-09-10 18:07 - 2014-09-10 18:07 - 00464381 _____ () C:\Users\Thomas Ratzke\Downloads\SpyHunterKiller.exe
2014-09-10 17:59 - 2014-09-10 17:59 - 00001268 _____ () C:\Users\Thomas Ratzke\Desktop\Revo Uninstaller.lnk
2014-09-10 17:59 - 2014-09-10 17:59 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-10 17:58 - 2014-09-10 17:59 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Thomas Ratzke\Downloads\revosetup95.exe
2014-09-10 17:39 - 2014-09-10 18:03 - 00000112 _____ () C:\windows\setupact.log
2014-09-10 17:39 - 2014-09-10 17:39 - 00000000 _____ () C:\windows\setuperr.log
2014-09-10 17:38 - 2014-09-10 17:38 - 00402328 _____ () C:\windows\system32\FNTCACHE.DAT
2014-09-09 17:25 - 2014-09-09 17:26 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Thomas Ratzke\Downloads\sh-remover.exe
2014-09-07 15:57 - 2014-09-07 15:57 - 00120224 _____ () C:\Users\Thomas Ratzke\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-07 15:57 - 2014-09-07 15:57 - 00000000 _____ () C:\autoexec.bat
2014-09-07 15:56 - 2014-09-10 17:57 - 00000000 ____D () C:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-07 15:56 - 2014-09-07 15:56 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-07 15:55 - 2014-09-07 15:55 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Thomas Ratzke\Downloads\SpyHunter-Installer.exe
2014-09-07 15:35 - 2012-09-06 21:38 - 00444231 _____ () C:\windows\system32\Drivers\etc\hosts.20140907-153520.backup
2014-09-07 15:34 - 2012-09-06 21:38 - 00444231 _____ () C:\windows\system32\Drivers\etc\hosts.20140907-153412.backup
2014-09-07 07:28 - 2014-09-07 07:28 - 00141401 _____ () C:\Users\Thomas Ratzke\Downloads\Anhänge_201497.zip
2014-09-06 20:43 - 2012-09-06 21:38 - 00444231 _____ () C:\windows\system32\Drivers\etc\hosts.20140906-204344.backup
2014-09-06 19:44 - 2014-09-06 19:44 - 00000000 ____D () C:\Users\Thomas Ratzke\Documents\ProcAlyzer Dumps
2014-09-06 19:42 - 2014-09-06 19:42 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-09-06 19:41 - 2014-09-06 19:47 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-06 19:41 - 2014-09-06 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-06 19:41 - 2014-09-06 19:41 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-06 19:41 - 2014-09-06 19:41 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-06 19:41 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2014-09-06 19:32 - 2014-09-06 19:32 - 00000000 ____D () C:\Program Files (x86)\predm
2014-09-06 19:17 - 2014-09-06 19:17 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Local\com
2014-09-06 19:16 - 2014-09-06 19:16 - 00004056 _____ () C:\windows\System32\Tasks\LaunchSignup
2014-09-06 19:16 - 2014-09-06 19:16 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-09-06 19:16 - 2014-09-06 19:16 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-09-06 19:16 - 2014-09-06 19:16 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-09-06 19:15 - 2014-09-06 19:35 - 00000000 ____D () C:\Program Files (x86)\ver9Re-markit
2014-09-06 19:15 - 2014-09-06 19:15 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-09-06 19:15 - 2014-09-06 19:15 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\istartsurf
2014-09-06 19:14 - 2014-09-06 19:34 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-09-06 19:12 - 2014-09-06 19:12 - 01527016 _____ () C:\Users\Thomas Ratzke\Downloads\Setup.exe
2014-09-05 20:02 - 2014-09-05 20:04 - 21070065 _____ (LucasArts) C:\Users\Thomas Ratzke\Downloads\focupdate1_1.exe
2014-09-05 20:00 - 2014-09-05 20:04 - 11841286 _____ () C:\Users\Thomas Ratzke\Downloads\eaw-mappack_1-4_setup.zip
2014-09-05 19:59 - 2014-09-05 20:01 - 05926152 _____ () C:\Users\Thomas Ratzke\Downloads\eawmapeditor.zip
2014-09-05 19:34 - 2014-09-05 19:34 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\Petroglyph
2014-09-05 19:33 - 2014-09-05 19:35 - 22706524 _____ (LucasArts) C:\Users\Thomas Ratzke\Downloads\eawupdate1_5.exe
2014-09-05 19:29 - 2014-09-07 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
2014-09-05 19:29 - 2014-09-07 16:21 - 00000000 ____D () C:\Program Files (x86)\LucasArts
2014-09-03 18:06 - 2014-09-03 18:15 - 116901014 _____ () C:\Users\Thomas Ratzke\Downloads\SS_DE_1.00_1.10_Patch.zip
2014-09-03 17:43 - 2014-09-03 17:43 - 00178800 _____ (Sony DADC Austria AG.) C:\windows\SysWOW64\CmdLineExt_x64.dll
2014-09-03 17:27 - 2014-09-03 17:27 - 00003068 _____ () C:\windows\System32\Tasks\{5711C5F7-3642-4CFD-80F9-9937DDC340FB}
2014-09-03 17:25 - 2014-09-03 17:25 - 00735456 _____ () C:\Users\Thomas Ratzke\Downloads\SS_DE_1.10_1.20_Patch.exe
2014-08-31 19:28 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-08-31 19:28 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-08-30 05:57 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-08-30 05:57 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-08-30 05:57 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-08-30 05:57 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-08-30 05:57 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-08-30 05:57 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-08-30 05:57 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-08-30 05:57 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-08-30 05:57 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-08-30 05:57 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-08-30 05:57 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-08-30 05:57 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-08-30 05:57 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-08-30 05:57 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-08-30 05:57 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2014-08-30 05:57 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-08-30 05:56 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-08-30 05:56 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-08-30 05:54 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-30 05:54 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-30 05:54 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-29 20:13 - 2014-08-29 20:13 - 00000679 _____ () C:\Users\Public\Desktop\Dark Crusade.lnk
2014-08-29 20:12 - 2014-08-29 20:12 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\InstallShield
2014-08-29 19:58 - 2014-08-29 20:27 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Local\Battle.net
2014-08-29 19:58 - 2014-08-29 20:10 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\Battle.net
2014-08-29 19:57 - 2014-08-29 19:57 - 00001122 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-08-29 19:57 - 2014-08-29 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-08-29 19:57 - 2014-08-29 19:57 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-08-29 17:17 - 2014-08-29 17:17 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-29 17:17 - 2014-08-29 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-29 17:17 - 2014-08-29 17:17 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-29 17:17 - 2014-08-29 17:17 - 00000000 ____D () C:\Program Files\iTunes
2014-08-29 17:17 - 2014-08-29 17:17 - 00000000 ____D () C:\Program Files\iPod
2014-08-29 17:04 - 2014-08-29 17:07 - 113492816 _____ (Apple Inc.) C:\Users\Thomas Ratzke\Downloads\iTunes64Setup.exe
2014-08-27 10:39 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-27 10:39 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-27 10:39 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-27 10:39 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-27 10:39 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-27 10:39 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-27 10:39 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-27 10:39 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-27 10:39 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-27 10:39 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-27 10:39 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-27 10:39 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-27 10:39 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-27 10:39 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-08-23 17:32 - 2014-08-23 17:32 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-16 03:02 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-16 03:02 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-16 03:02 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-16 03:02 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-16 03:02 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-16 03:02 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-16 03:02 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-16 03:02 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-16 00:39 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-16 00:39 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-08-16 00:39 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-16 00:39 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-16 00:39 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-16 00:39 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-16 00:39 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-16 00:39 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-16 00:39 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-16 00:38 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-16 00:38 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-16 00:38 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-16 00:38 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-16 00:38 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-16 00:38 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-16 00:38 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-16 00:38 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-16 00:38 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-16 00:38 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-16 00:38 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-16 00:38 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-16 00:38 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-16 00:38 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-16 00:38 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-16 00:38 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-16 00:38 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-16 00:38 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-16 00:38 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-16 00:38 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-16 00:38 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-16 00:38 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-16 00:38 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-16 00:38 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-16 00:38 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-16 00:38 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-16 00:38 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-16 00:38 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-16 00:38 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-16 00:38 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-16 00:38 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-16 00:38 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-16 00:38 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-16 00:38 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-16 00:38 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-16 00:38 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-16 00:38 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-16 00:38 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-16 00:38 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-16 00:38 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-16 00:38 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-16 00:38 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-16 00:38 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-16 00:38 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-16 00:38 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-16 00:38 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-16 00:38 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-16 00:38 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-16 00:38 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-08-16 00:38 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-16 00:38 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-16 00:38 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-16 00:38 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-16 00:38 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-08-16 00:38 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-16 00:38 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-16 00:38 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-16 00:38 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-16 00:38 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-16 00:36 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-16 00:36 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-16 00:36 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-16 00:36 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-10 18:27 - 2014-09-10 18:25 - 00045110 _____ () C:\Users\Thomas Ratzke\Downloads\FRST.txt
2014-09-10 18:25 - 2014-09-10 18:25 - 00000000 ____D () C:\FRST
2014-09-10 18:25 - 2014-09-10 18:24 - 02105856 _____ (Farbar) C:\Users\Thomas Ratzke\Downloads\FRST64.exe
2014-09-10 18:20 - 2010-12-18 00:02 - 01248305 _____ () C:\windows\WindowsUpdate.log
2014-09-10 18:15 - 2011-04-20 22:08 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-10 18:15 - 2009-07-14 06:45 - 00025600 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-10 18:15 - 2009-07-14 06:45 - 00025600 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-10 18:14 - 2011-05-08 19:55 - 00001152 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1218043409-3151763047-2122344536-1001UA.job
2014-09-10 18:13 - 2014-07-09 09:13 - 00000298 _____ () C:\windows\Tasks\FF Watcher {2045BB1D-AD29-4B58-9A06-E8FC5881A1D8}.job
2014-09-10 18:10 - 2011-04-20 19:55 - 00003990 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{73A8952D-2499-43E8-851C-D88DA5E487FD}
2014-09-10 18:07 - 2014-09-10 18:07 - 00464381 _____ () C:\Users\Thomas Ratzke\Downloads\SpyHunterKiller.exe
2014-09-10 18:04 - 2011-04-20 22:08 - 00001120 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-10 18:03 - 2014-09-10 17:39 - 00000112 _____ () C:\windows\setupact.log
2014-09-10 18:03 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-10 17:59 - 2014-09-10 17:59 - 00001268 _____ () C:\Users\Thomas Ratzke\Desktop\Revo Uninstaller.lnk
2014-09-10 17:59 - 2014-09-10 17:59 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-10 17:59 - 2014-09-10 17:58 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Thomas Ratzke\Downloads\revosetup95.exe
2014-09-10 17:57 - 2014-09-07 15:56 - 00000000 ____D () C:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-10 17:39 - 2014-09-10 17:39 - 00000000 _____ () C:\windows\setuperr.log
2014-09-10 17:39 - 2013-03-16 11:53 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-10 17:38 - 2014-09-10 17:38 - 00402328 _____ () C:\windows\system32\FNTCACHE.DAT
2014-09-09 17:34 - 2011-05-08 19:55 - 00001100 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1218043409-3151763047-2122344536-1001Core.job
2014-09-09 17:34 - 2011-04-21 21:09 - 00050176 _____ () C:\Users\Thomas Ratzke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-09 17:26 - 2014-09-09 17:25 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Thomas Ratzke\Downloads\sh-remover.exe
2014-09-07 18:08 - 2011-04-30 11:16 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Local\DVD Profiler
2014-09-07 16:21 - 2014-09-05 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
2014-09-07 16:21 - 2014-09-05 19:29 - 00000000 ____D () C:\Program Files (x86)\LucasArts
2014-09-07 16:21 - 2010-12-18 00:01 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-07 15:57 - 2014-09-07 15:57 - 00120224 _____ () C:\Users\Thomas Ratzke\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-07 15:57 - 2014-09-07 15:57 - 00000000 _____ () C:\autoexec.bat
2014-09-07 15:56 - 2014-09-07 15:56 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-07 15:55 - 2014-09-07 15:55 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Thomas Ratzke\Downloads\SpyHunter-Installer.exe
2014-09-07 15:53 - 2011-05-20 22:24 - 00003850 _____ () C:\windows\System32\Tasks\Scheduled Update for Ask Toolbar
2014-09-07 15:52 - 2013-03-16 11:53 - 00003824 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-07 15:37 - 2011-04-25 11:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-07 15:32 - 2014-05-23 21:53 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-07 15:32 - 2011-05-08 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-07 15:32 - 2011-05-08 18:50 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-07 07:30 - 2011-04-22 11:39 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Local\Windows Live
2014-09-07 07:28 - 2014-09-07 07:28 - 00141401 _____ () C:\Users\Thomas Ratzke\Downloads\Anhänge_201497.zip
2014-09-07 07:28 - 2009-09-14 08:03 - 03030668 _____ () C:\windows\system32\perfh007.dat
2014-09-07 07:28 - 2009-09-14 08:03 - 00885842 _____ () C:\windows\system32\perfc007.dat
2014-09-07 07:28 - 2009-07-14 07:13 - 00006458 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-06 20:47 - 2011-04-25 11:56 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-09-06 19:48 - 2014-07-09 09:13 - 00000000 ____D () C:\Program Files\V-bates
2014-09-06 19:47 - 2014-09-06 19:41 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-06 19:44 - 2014-09-06 19:44 - 00000000 ____D () C:\Users\Thomas Ratzke\Documents\ProcAlyzer Dumps
2014-09-06 19:42 - 2014-09-06 19:42 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-09-06 19:42 - 2014-09-06 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-06 19:41 - 2014-09-06 19:41 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-06 19:41 - 2014-09-06 19:41 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-06 19:35 - 2014-09-06 19:15 - 00000000 ____D () C:\Program Files (x86)\ver9Re-markit
2014-09-06 19:34 - 2014-09-06 19:14 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-09-06 19:32 - 2014-09-06 19:32 - 00000000 ____D () C:\Program Files (x86)\predm
2014-09-06 19:23 - 2011-04-25 11:40 - 00000000 ____D () C:\windows\pss
2014-09-06 19:17 - 2014-09-06 19:17 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Local\com
2014-09-06 19:16 - 2014-09-06 19:16 - 00004056 _____ () C:\windows\System32\Tasks\LaunchSignup
2014-09-06 19:16 - 2014-09-06 19:16 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-09-06 19:16 - 2014-09-06 19:16 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-09-06 19:16 - 2014-09-06 19:16 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-09-06 19:15 - 2014-09-06 19:15 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-09-06 19:15 - 2014-09-06 19:15 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\istartsurf
2014-09-06 19:15 - 2013-05-25 12:51 - 00001655 _____ () C:\Users\Thomas Ratzke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-06 19:15 - 2011-04-20 19:13 - 00002557 _____ () C:\Users\Thomas Ratzke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (32 Bit).lnk
2014-09-06 19:14 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy
2014-09-06 19:12 - 2014-09-06 19:12 - 01527016 _____ () C:\Users\Thomas Ratzke\Downloads\Setup.exe
2014-09-06 18:43 - 2010-12-18 00:42 - 00000000 ____D () C:\ProgramData\InstallShield
2014-09-06 18:42 - 2011-04-28 21:39 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-09-05 20:04 - 2014-09-05 20:02 - 21070065 _____ (LucasArts) C:\Users\Thomas Ratzke\Downloads\focupdate1_1.exe
2014-09-05 20:04 - 2014-09-05 20:00 - 11841286 _____ () C:\Users\Thomas Ratzke\Downloads\eaw-mappack_1-4_setup.zip
2014-09-05 20:01 - 2014-09-05 19:59 - 05926152 _____ () C:\Users\Thomas Ratzke\Downloads\eawmapeditor.zip
2014-09-05 19:35 - 2014-09-05 19:33 - 22706524 _____ (LucasArts) C:\Users\Thomas Ratzke\Downloads\eawupdate1_5.exe
2014-09-05 19:34 - 2014-09-05 19:34 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\Petroglyph
2014-09-04 19:47 - 2014-07-09 09:13 - 00000045 _____ () C:\user.js
2014-09-03 18:15 - 2014-09-03 18:06 - 116901014 _____ () C:\Users\Thomas Ratzke\Downloads\SS_DE_1.00_1.10_Patch.zip
2014-09-03 17:43 - 2014-09-03 17:43 - 00178800 _____ (Sony DADC Austria AG.) C:\windows\SysWOW64\CmdLineExt_x64.dll
2014-09-03 17:40 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-09-03 17:27 - 2014-09-03 17:27 - 00003068 _____ () C:\windows\System32\Tasks\{5711C5F7-3642-4CFD-80F9-9937DDC340FB}
2014-09-03 17:25 - 2014-09-03 17:25 - 00735456 _____ () C:\Users\Thomas Ratzke\Downloads\SS_DE_1.10_1.20_Patch.exe
2014-08-31 21:00 - 2011-04-22 11:40 - 00000000 ____D () C:\Users\Thomas Ratzke\E-Mail
2014-08-31 20:40 - 2013-03-02 15:25 - 00000000 ____D () C:\Program Files (x86)\The GodFather
2014-08-30 05:50 - 2013-01-11 21:03 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-08-29 20:27 - 2014-08-29 19:58 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Local\Battle.net
2014-08-29 20:13 - 2014-08-29 20:13 - 00000679 _____ () C:\Users\Public\Desktop\Dark Crusade.lnk
2014-08-29 20:13 - 2011-04-29 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
2014-08-29 20:12 - 2014-08-29 20:12 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\InstallShield
2014-08-29 20:12 - 2011-04-20 21:44 - 00000000 ____D () C:\Games
2014-08-29 20:10 - 2014-08-29 19:58 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\Battle.net
2014-08-29 19:57 - 2014-08-29 19:57 - 00001122 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-08-29 19:57 - 2014-08-29 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-08-29 19:57 - 2014-08-29 19:57 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-08-29 17:17 - 2014-08-29 17:17 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-29 17:17 - 2014-08-29 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-29 17:17 - 2014-08-29 17:17 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-29 17:17 - 2014-08-29 17:17 - 00000000 ____D () C:\Program Files\iTunes
2014-08-29 17:17 - 2014-08-29 17:17 - 00000000 ____D () C:\Program Files\iPod
2014-08-29 17:17 - 2011-11-18 22:10 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-29 17:07 - 2014-08-29 17:04 - 113492816 _____ (Apple Inc.) C:\Users\Thomas Ratzke\Downloads\iTunes64Setup.exe
2014-08-23 17:33 - 2014-05-16 07:12 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-23 17:32 - 2014-08-23 17:32 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-23 17:32 - 2012-11-16 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-23 17:32 - 2012-11-16 23:07 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-23 04:07 - 2014-08-30 05:54 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-30 05:54 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-30 05:54 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-20 10:57 - 2011-05-09 19:00 - 00000000 ___RD () C:\Users\Melanie Ratzke\Virtual Machines
2014-08-16 09:39 - 2011-04-25 11:52 - 00000000 ___RD () C:\Users\Thomas Ratzke\Virtual Machines
2014-08-16 03:38 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-08-16 03:16 - 2013-08-15 09:56 - 00000000 ____D () C:\windows\system32\MRT
2014-08-16 03:09 - 2011-04-20 21:32 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-16 03:01 - 2014-05-08 03:19 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-15 19:44 - 2012-11-16 23:07 - 00000000 ____D () C:\ProgramData\Avira
Files to move or delete:
====================
C:\ProgramData\flashax10.exe
C:\Users\Public\dcmsvcsetup.exe
C:\Users\Public\invokesi.exe
Some content of TEMP:
====================
C:\Users\Luke Ratzke\AppData\Local\Temp\AskSLib.dll
C:\Users\Melanie Ratzke\AppData\Local\Temp\AskSLib.dll
C:\Users\Melanie Ratzke\AppData\Local\Temp\avgnt.exe
C:\Users\Thomas Ratzke\AppData\Local\Temp\avgnt.exe
C:\Users\Thomas Ratzke\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Thomas Ratzke\AppData\Local\Temp\SHSetup.exe
C:\Users\Thomas Ratzke\AppData\Local\Temp\_is3F50.exe
C:\Users\Thomas Ratzke\AppData\Local\Temp\_isB220.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
==================== BCD ================================
Windows-Start-Manager
---------------------
Bezeichner {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale de-DE
inherit {globalsettings}
default {current}
resumeobject {c0409721-0a72-11e0-b6cf-40618672ea2c}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
Windows-Startladeprogramm
-------------------------
Bezeichner {current}
device partition=C:
path \windows\system32\winload.exe
description Windows 7
locale de-DE
inherit {bootloadersettings}
recoverysequence {c0409723-0a72-11e0-b6cf-40618672ea2c}
recoveryenabled Yes
osdevice partition=C:
systemroot \windows
resumeobject {c0409721-0a72-11e0-b6cf-40618672ea2c}
nx OptIn
Windows-Startladeprogramm
-------------------------
Bezeichner {c0409723-0a72-11e0-b6cf-40618672ea2c}
device ramdisk=[C:]\Recovery\c0409723-0a72-11e0-b6cf-40618672ea2c\Winre.wim,{c0409724-0a72-11e0-b6cf-40618672ea2c}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\c0409723-0a72-11e0-b6cf-40618672ea2c\Winre.wim,{c0409724-0a72-11e0-b6cf-40618672ea2c}
systemroot \windows
nx OptIn
winpe Yes
Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner {c0409721-0a72-11e0-b6cf-40618672ea2c}
device partition=C:
path \windows\system32\winresume.exe
description Windows Resume Application
locale de-DE
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No
Windows-Speichertestprogramm
----------------------------
Bezeichner {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale de-DE
inherit {globalsettings}
badmemoryaccess Yes
EMS-Einstellungen
-----------------
Bezeichner {emssettings}
bootems Yes
Debuggereinstellungen
---------------------
Bezeichner {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM-Defekte
-----------
Bezeichner {badmemory}
Globale Einstellungen
---------------------
Bezeichner {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Startladeprogramm-Einstellungen
-------------------------------
Bezeichner {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisoreinstellungen
-------------------
Bezeichner {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner {resumeloadersettings}
inherit {globalsettings}
Ger„teoptionen
--------------
Bezeichner {c0409724-0a72-11e0-b6cf-40618672ea2c}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\c0409723-0a72-11e0-b6cf-40618672ea2c\boot.sdi
LastRegBack: 2014-07-28 12:43
==================== End Of Log ============================
|
|
10.09.2014, 17:38
| #2 |
| /// TB-Ausbilder   | Spy Hunter 4 & iStartSurf Hallo Ratzi73
__________________ Mein Name ist Timo und ich werde Dir bei deinem Problem behilflich sein.
 Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist immer der sicherste Weg. Wir "arbeiten" hier alle freiwillig und in unserer Freizeit *hust*. Daher kann es bei Antworten zu Verzögerungen kommen. Solltest du innerhalb 48 Std keine Antwort von mir erhalten, dann schreib mit eine PM Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis ich oder jemand vom Team sagt, dass Du clean bist. Hast du noch die Addition.txt für mich ?
__________________ |
|
10.09.2014, 17:41
| #3 |
| | Spy Hunter 4 & iStartSurf Gerne!
__________________Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2014
Ran by Thomas Ratzke at 2014-09-10 18:28:03
Running from C:\Users\Thomas Ratzke\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)
Age of Mythology: Extended Edition (HKLM-x32\...\Steam App 266840) (Version: - SkyBox Labs)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.1.0.570 - Amazon Services LLC)
ANNO 2070 DEMO (HKLM-x32\...\{3D035310-3D86-4537-93B5-D390A6CF1778}) (Version: 1.0.0.0 - Ubisoft)
Any Video Converter 5 5.0.3 (HKLM-x32\...\Any Video Converter 5_is1) (Version: - Any-Video-Converter.com)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 6.8.9.0 - SlySoft)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.4.0 - Ask.com) <==== ATTENTION
Avira (HKLM-x32\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.3.0.23930 - Ask.com) <==== ATTENTION
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Corel MediaOne (HKLM-x32\...\{3C569633-C8DE-46E2-BB8F-F65198681C2F}) (Version: 2.100.0000 - Corel Corporation)
Corel Painter Essentials 3 (HKLM-x32\...\_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}) (Version: - Corel Corporation)
Corel Painter Essentials 3 (x32 Version: 3.2 - Corel Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dawn of War - Dark Crusade (HKLM-x32\...\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}) (Version: 1.00.0000 - THQ)
Dawn of War - Soulstorm (HKLM-x32\...\{20533183-D42D-4261-A125-956736FBEA8C}) (Version: 1.00.0000 - THQ)
Dawn of War - Soulstorm (x32 Version: 1.00.0000 - THQ) Hidden
dcmsvc 1.0 (HKLM-x32\...\dcmsvc_is1) (Version: - )
Defraggler (HKLM\...\Defraggler) (Version: 2.13 - Piriform)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DIE SIEDLER - Aufstieg eines Königreichs (HKLM-x32\...\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}) (Version: 1.00.0000 - Ubisoft)
Die Siedler 7 (HKLM-x32\...\{9C916142-C18C-429D-BFED-40094A7E0BEB}) (Version: 1.12.1396 - Ubisoft)
Dropbox (HKCU\...\Dropbox) (Version: 1.6.16 - Dropbox, Inc.)
Druckerdeinstallation für EPSON Stylus SX400 Series (HKLM\...\EPSON Stylus SX400 Series) (Version: - SEIKO EPSON Corporation)
DVD Profiler Version 3.8.2 (HKLM-x32\...\InvelosDVDProfiler_is1) (Version: - )
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
DVD Shrink 3.2 deutsch (DeCSS-frei) (HKLM-x32\...\DVD Shrink DE_is1) (Version: - DVD Shrink)
EA Download Manager (HKLM-x32\...\InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}) (Version: 4.0.0.396 - Electronic Arts)
EA Download Manager (x32 Version: 4.0.0.396 - Electronic Arts) Hidden
EaseUS Partition Master 9.2.1 Home Edition (HKLM-x32\...\EaseUS Partition Master Home Edition_is1) (Version: - EaseUS)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Fallout 3 (HKLM-x32\...\Steam App 22300) (Version: - Bethesda Softworks)
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
FileZilla Client 3.5.3 (HKCU\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 3.0.4.9 - Genesys Logic)
Gigaset QuickSync (HKLM\...\{18e951f2-329a-4ed2-833b-d980960db29e}) (Version: 8.2.0865.2 - Gigaset Communications GmbH)
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version: - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version: - Valve)
Heroes of Might and Magic 5 (HKLM-x32\...\Steam App 15170) (Version: - Ubisoft)
Heroes of Might and Magic V: Hammers of Fate (HKLM-x32\...\Steam App 15380) (Version: - Ubisoft)
iClone v4.2 EX (HKLM-x32\...\{7430B12A-3B67-4191-B0C5-59E57344CB1F}) (Version: 4.2.1718.1 - Reallusion Inc.)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Inhaltsmanager-Assistent für PlayStation(R) (HKLM-x32\...\{81AD22B9-C28A-45a3-94B3-5FECD221AD5C}) (Version: 3.10.7525.4 - Sony Computer Entertainment Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Internet-TV für Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
IPTInstaller (HKLM-x32\...\{6965F2F4-1CD2-4F42-A8EF-9EF433F9AA72}) (Version: 4.0.4 - HTC)
iSkysoft DRM Removal(Build 1.1.0.0) (HKLM-x32\...\iSkysoft DRM Removal_is1) (Version: - iSkysoft Software)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416025FF}) (Version: 6.0.250 - Oracle)
Java(TM) 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Java(TM) SE Development Kit 6 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160250}) (Version: 1.6.0.250 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeePass Password Safe 2.17 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: - Dominik Reichl)
Lenovo Dynamic Brightness System (HKLM-x32\...\{D9ED6D06-6002-495E-A7BC-46E6AE386996}) (Version: 4.0.00.22080 - Lenovo)
Lenovo Eye Distance System (HKLM-x32\...\{5183D7AB-D09B-411F-A74E-BBAEA61C6505}) (Version: 4.0.00.21090 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3720 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.3720 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.)
Lenovo Rescue System (Version: 3.0.1409 - CyberLink Corp.) Hidden
Lenovo Treiber- und Anwendungsinstallation (HKLM-x32\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.10.1809 - Lenovo)
Lenovo USB2.0 UVC Camera (HKLM-x32\...\{70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B}) (Version: 1.00.0000 - Vimicro Corporation)
Linkury Smartbar (HKLM-x32\...\{600C8CB1-CF58-4494-9B52-91D4D8782FFD}) (Version: 1.6.0.366 - Linkury Inc.) <==== ATTENTION
LVT (HKLM-x32\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.2.0919 - Lenovo)
LXH-JME2207FN Hotkey Driver (HKLM-x32\...\{42B21298-C850-4272-AFD9-636CBC005421}) (Version: 5.1.0804 - Lenovo)
MAGIX 3D Maker (embeded) (HKLM-x32\...\MAGIX 3D Maker D) (Version: 6.0.0.8 - MAGIX AG)
MAGIX Foto Manager 8 6.0.1.457 (D) (HKLM-x32\...\MAGIX Foto Manager 8 D) (Version: 6.0.1.457 - MAGIX AG)
MAGIX Fotobuch 3.6 (HKLM-x32\...\MAGIX Fotobuch) (Version: 3.6 - MAGIX AG)
MAGIX Online Druck Service 3.4.3.0 (D) (HKLM-x32\...\MAGIX Online Druck Service D) (Version: 3.4.3.0 - MAGIX AG)
MAGIX Screenshare (HKLM-x32\...\{0BEB1F3E-D965-460B-B7D6-4E4B50A679A7}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare 4.3.6.1987 (D) (HKLM-x32\...\MAGIX Screenshare D) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM-x32\...\{842030D5-3615-43D1-A0CB-644C8D70E957}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Video deluxe 15 Premium Sonderedition 8.5.0.28 (D) (HKLM-x32\...\MAGIX Video deluxe 15 Premium Sonderedition D) (Version: 8.5.0.28 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (Demo) (HKLM-x32\...\{5B694269-60EF-44C2-8A3B-3DC28D02F104}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (Designelemente) (HKLM-x32\...\{090D4332-7A77-4C17-B51D-E9F0C1406DF1}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (Fotoshow Maker-Stile 1) (HKLM-x32\...\{E049787A-CA87-4FE6-A413-0FB7EBCB9273}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (Fotoshow Maker-Stile 2) (HKLM-x32\...\{0E770203-9A9A-44B6-96EB-06FE6DD20AA9}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (Individuelle Menüvorlagen) (HKLM-x32\...\{60748DD7-CDC0-4BE9-BC97-B34CB28BDE79}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (Klangerzeuger) (HKLM-x32\...\{B153B45F-4539-4FB6-B4DA-5D6AD1778A0F}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (Menüvorlagen 1) (HKLM-x32\...\{365B539F-AC54-4DDB-95EB-70DF42A79EA6}) (Version: 1.1.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (Menüvorlagen 2) (HKLM-x32\...\{6CECE788-573E-4184-B90C-026D931D6D6F}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (NewBlueFX Lightning & Light Rays) (HKLM-x32\...\{2CB20F3B-FB80-47BC-BDAF-8A2D9A065A6D}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (NewBlueFX Premium Effects) (HKLM-x32\...\{4C40A729-70DE-463C-820F-282F0039422A}) (Version: 1.1.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (proDAD Adorage 11) (HKLM-x32\...\{76F8AA5E-7959-4964-9FF1-C9F1EB5DF882}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (proDAD Heroglyph 2.6) (HKLM-x32\...\{4A150B32-0BE7-4480-82D1-3ED9B4D7870F}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (proDAD Mercalli 2) (HKLM-x32\...\{67031FA6-070F-4003-9541-72A61703353F}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (Reallusion iClone 4.2 Starter-Version) (HKLM-x32\...\{A025CC04-DE6B-47A6-9E00-4FF3743FE0C4}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (Soundtrack Maker-Stile) (HKLM-x32\...\{FE8E514C-68AE-430A-BCFF-C4097B6D3866}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (Titeleffekte) (HKLM-x32\...\{41BBE7BA-8C98-47CE-95A1-1C0B0245B007}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (Tutorials) (HKLM-x32\...\{EE0BF74C-0D7A-4B82-9E12-0C65136CBCEF}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (Überblendeffekte) (HKLM-x32\...\{02F0341B-EECC-4D3E-ACD8-FBF77C45DB5B}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (Vasco da Gama 4 HDPro) (HKLM-x32\...\{F0ED7F47-5194-417F-8FE6-C6358574BB9C}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (XXL-Nachvertonungsarchiv 1) (HKLM-x32\...\{111DA346-B0FA-4B7F-BF5A-AE2ECAFB5BC5}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (XXL-Nachvertonungsarchiv 2) (HKLM-x32\...\{17ED9EC6-C3E3-4D83-A3E7-84D7CAB04E8D}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition Download-Version (HKLM-x32\...\MAGIX_MSI_Videodeluxe17_premium) (Version: 10.0.11.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition Download-Version (x32 Version: 10.0.11.0 - MAGIX AG) Hidden
MAGIX Xtreme Foto Designer 6 6.0.27.0 (D) (HKLM-x32\...\MAGIX Xtreme Foto Designer 6 D) (Version: 6.0.27.0 - MAGIX AG)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MYMOVIES) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Tools Express Edition (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Might & Magic Heroes VI - Game Official Demo (HKLM-x32\...\{A024B9E5-7702-4556-A7BF-A04BFF2DE5D8}) (Version: 1.0 - Ubisoft)
Might and Magic Heroes VI Demo (HKLM-x32\...\Steam App 48280) (Version: - )
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
mufin player 2.5 (HKLM-x32\...\MAGIX_MSI_mufin_player_2_5) (Version: 2.5.1.248 - mufin GmbH)
mufin player 2.5 (x32 Version: 2.5.1.248 - mufin GmbH) Hidden
Music Manager (HKCU\...\MusicManager) (Version: - Google, Inc.)
My Movies for Windows Media Center (HKLM-x32\...\{9A8B281C-1078-4BE5-8892-67F76B894C4E}) (Version: 3.2.0.0 - Binnerup Consult)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.4 - F.J. Wechselberger)
Nero 11 (HKLM-x32\...\{810B7362-6B05-4714-AF6A-EF3A20CCD634}) (Version: 11.2.00600 - Nero AG)
Nero 11 Video Samples (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero BackItUp 11 (x32 Version: 6.2.18400.2.100 - Nero AG) Hidden
Nero BackItUp 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 12.0.4000 - Nero AG)
Nero Blu-ray Player (x32 Version: 12.0.17700 - Nero AG) Hidden
Nero Burning ROM 11 (x32 Version: 11.2.10300.0.0 - Nero AG) Hidden
Nero Burning ROM 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero Cliparts (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.15500 - Nero AG) Hidden
Nero ControlCenter 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.19400 - Nero AG) Hidden
Nero CoverDesigner 11 (x32 Version: 6.0.11000.13.100 - Nero AG) Hidden
Nero CoverDesigner 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero Disc Menus Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Express 11 (x32 Version: 11.2.10300.0.0 - Nero AG) Hidden
Nero Express 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero Image Samples (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Kwik Media (x32 Version: 1.18.19600 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero PiP Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Recode 11 (x32 Version: 5.2.10900.0.0 - Nero AG) Hidden
Nero Recode 11 Help (CHM) (x32 Version: 11.0.10600 - Nero AG) Hidden
Nero RescueAgent 11 (x32 Version: 4.0.10600.10.100 - Nero AG) Hidden
Nero RescueAgent 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden
Nero SoundTrax 11 (x32 Version: 5.0.10700.6.100 - Nero AG) Hidden
Nero SoundTrax 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden
Nero Video 11 (x32 Version: 8.2.15700.3.100 - Nero AG) Hidden
Nero Video 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero WaveEditor 11 (x32 Version: 6.2.11300.0.100 - Nero AG) Hidden
Nero WaveEditor 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden
nero.prerequisites.msi (x32 Version: 11.0.20010 - Nero AG) Hidden
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR)
NewBlue Light Rays for Magix (HKLM-x32\...\NewBlue Light Rays for Magix) (Version: 1.4 - NewBlue)
NewBlue Lightning for Magix (HKLM-x32\...\NewBlue Lightning for Magix) (Version: 1.4 - NewBlue)
NVIDIA 3D Vision Controller Driver (x32 Version: 259.83 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 270.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 270.61 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 270.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 270.61 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5983 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Grafiktreiber 270.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 270.61 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.270.54.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Systemsteuerung 270.61 (Version: 270.61 - NVIDIA Corporation) Hidden
NVIDIA Update 1.1.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.1.34 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.1.34 - NVIDIA Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.9.1 - pdfforge)
pdfforge Toolbar v5.8 (HKLM-x32\...\{5B2C4D32-A7CD-44B0-8619-4ADBE301B2D3}) (Version: 5.8 - Spigot, Inc.) <==== ATTENTION
PlayMemories Home (HKLM-x32\...\{0657DE52-8F5C-4073-B70C-ED4F3F7FA076}) (Version: 7.0.03.04240 - Sony Corporation)
Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
Power Dial (HKLM-x32\...\{816F9A97-9889-43DA-A394-7AA45DD68BA0}) (Version: 3.0.1.2126 - Lenovo)
Prey (HKLM-x32\...\Steam App 3970) (Version: - Human Head)
proDAD Heroglyph 2.5 (HKLM-x32\...\proDAD-Heroglyph-2.5) (Version: 2.6.32 - proDAD GmbH)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6151 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio BackOnTrack (HKLM-x32\...\{32F9BACF-FCD3-4B6A-AD85-255A449B6FA5}) (Version: 1.3.59.1 - Roxio)
Roxio BackOnTrack (x32 Version: 1.3.1 - Roxio) Hidden
Roxio File Backup (x32 Version: 1.3.0 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
Sid Meier's Civilization IV (HKLM-x32\...\Steam App 3900) (Version: - Firaxis)
Sid Meier's Civilization IV: Beyond the Sword (HKLM-x32\...\Steam App 8800) (Version: - Firaxis)
Splashtop Streamer (HKLM-x32\...\InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}) (Version: 2.1.5.2 - Splashtop Inc.)
Splashtop Streamer (x32 Version: 2.1.5.2 - Splashtop Inc.) Hidden
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steuer-Spar-Erklärung 2011 (HKLM-x32\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.13 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.11 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.57.87843 - SugarSync, Inc.)
SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49 (HKLM-x32\...\{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1) (Version: v2011.build.49 - eRightSoft)
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version: - )
The GodFather (HKLM-x32\...\The GodFather) (Version: - )
ThemeWallpaper (HKLM-x32\...\{F29CBF73-C211-4616-898A-379A2679F990}) (Version: 1.1.0.090804 - Lenovo)
Trillian (HKLM-x32\...\Trillian) (Version: - Cerulean Studios, LLC)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Ulead PhotoImpact X3 (HKLM-x32\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 1.00.0000 - Corel)
Ulead PhotoImpact X3 (x32 Version: 1.00.0000 - Corel) Hidden
Ultra Defragmenter (HKLM-x32\...\UltraDefrag) (Version: 6.0.2 - UltraDefrag Development Team)
Vasco da Gama 4 HDPro (HKLM-x32\...\{05BBF12D-565E-4212-8BDD-C482C72866DD}) (Version: 4.00.0000 - MotionStudios)
Warhammer® 40,000™: Dawn of War® II - Single Player Demo (HKLM-x32\...\Steam App 15680) (Version: - Relic)
Warner Bros. Digital Copy Manager (HKLM-x32\...\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1) (Version: 1.70 - Warner Bros. Entertainment Inc.)
Warner Bros. Digital Copy Manager (x32 Version: 1.70 - Warner Bros. Entertainment Inc.) Hidden
Welcome App (Start-up experience) (x32 Version: 11.0.23500.0.0 - Nero AG) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Center Add-in for Silverlight (HKLM-x32\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16432 - Microsoft Corporation)
WindowsMangerProtect20.0.0.722 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.722 - WindowsProtect LIMITED) <==== ATTENTION
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1218043409-3151763047-2122344536-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1218043409-3151763047-2122344536-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Thomas Ratzke\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1218043409-3151763047-2122344536-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Thomas Ratzke\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1218043409-3151763047-2122344536-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1218043409-3151763047-2122344536-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1218043409-3151763047-2122344536-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1218043409-3151763047-2122344536-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
==================== Restore Points =========================
29-08-2014 18:13:24 Installiert Dawn of War - Dark Crusade
30-08-2014 03:56:26 Windows Update
31-08-2014 17:21:30 Windows-Sicherung
31-08-2014 19:16:41 Windows Update
05-09-2014 17:25:08 Windows Update
05-09-2014 17:29:13 Installiert Star Wars Empire at War
05-09-2014 17:31:28 DirectX 9.0 wurde installiert
06-09-2014 16:45:48 DirectX wurde installiert
06-09-2014 17:13:44 Uniblue SpeedUpMyPC installation
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-09-07 15:35 - 00450770 ____N C:\windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {21A89B6C-0790-4C8E-A07E-8DDCB459033E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-20] (Google Inc.)
Task: {22A0719D-C9AD-431D-BD06-5BC98C7B7FA9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {5FEF2A98-26DF-462E-BECA-2FE735102649} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {6843F01E-E280-43C8-A99C-754C2C7F83F6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1218043409-3151763047-2122344536-1001UA => C:\Users\Thomas Ratzke\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-30] (Google Inc.)
Task: {6A6CA0A2-0A16-4AC1-B7F2-8B83130A24D5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {785CED3A-A2CA-4796-92BC-726153C3F162} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {7E91FD94-C7DE-42FD-9892-259B96CFE314} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-20] (Google Inc.)
Task: {830705EE-60F7-4F9B-AEC7-1DF95B97CB54} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {AA319D91-B1DE-4C1B-A4D7-305F75E4891D} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-13] (Adobe Systems Incorporated)
Task: {C0A5E14C-243E-4010-A18E-DC200474BD05} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {C75B18B4-09C9-4518-981C-49C5B44AC909} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D55D07A2-C7B9-4BF7-BF47-E5DC83277E7E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1218043409-3151763047-2122344536-1001Core => C:\Users\Thomas Ratzke\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-30] (Google Inc.)
Task: {D7816EB4-D76D-4390-BF17-74374B7F2FF9} - System32\Tasks\FF Watcher {2045BB1D-AD29-4B58-9A06-E8FC5881A1D8} => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION
Task: {EF55379A-60E7-42BF-9DD1-D0B73264760E} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {F9E5A624-0EAA-490C-99A4-71D2979ED6A1} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FF Watcher {2045BB1D-AD29-4B58-9A06-E8FC5881A1D8}.job => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1218043409-3151763047-2122344536-1001Core.job => C:\Users\Thomas Ratzke\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1218043409-3151763047-2122344536-1001UA.job => C:\Users\Thomas Ratzke\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2014-08-21 12:33 - 2014-09-06 19:16 - 00106376 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-08-21 12:32 - 2014-09-06 19:16 - 00733576 _____ () C:\Program Files (x86)\SupTab\HpUI.exe
2014-07-16 10:55 - 2014-07-16 10:55 - 00073216 _____ () C:\Program Files (x86)\SupTab\Loader64.exe
2014-07-16 11:16 - 2014-07-16 11:16 - 00064000 _____ () C:\Program Files (x86)\SupTab\Loader32.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-06 19:41 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-09-06 19:41 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-09-06 19:41 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-04 14:20 - 2014-08-04 14:20 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00067832 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-09-06 19:41 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-09-06 19:41 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-08-21 12:33 - 2014-09-06 19:16 - 00023944 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll
2012-01-08 15:41 - 2012-01-08 15:41 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-08-15 19:44 - 2014-08-04 14:20 - 00052472 _____ () C:\Users\Thomas Ratzke\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-09-06 19:19 - 2014-08-30 04:49 - 01098056 _____ () C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
2014-09-06 19:19 - 2014-08-30 04:49 - 00174408 _____ () C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\37.0.2062.103\libegl.dll
2014-09-06 19:19 - 2014-08-30 04:49 - 08577864 _____ () C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-06 19:19 - 2014-08-30 04:49 - 00331592 _____ () C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-06 19:19 - 2014-08-30 04:49 - 01660232 _____ () C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CEEBC40A-FDED-4C59-B354-939132350B01 => 2
MSCONFIG\Services: EPSON_EB_RPCV4_01 => 2
MSCONFIG\Services: EPSON_PM_RPCV4_01 => 2
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LenovoCOMSvc => 2
MSCONFIG\Services: LitModeCtrl => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: NVSvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: PassThru Service => 2
MSCONFIG\Services: PMBDeviceInfoProvider => 2
MSCONFIG\Services: ProtexisLicensing => 2
MSCONFIG\Services: SBSDWSCService => 2
MSCONFIG\Services: SSUService => 2
MSCONFIG\Services: StarWindServiceAE => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: WSWNA3100 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Inhaltsmanager-Assistent für PlayStation(R).lnk => C:\windows\pss\Inhaltsmanager-Assistent für PlayStation(R).lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNA3100 Setup-Assistent.lnk => C:\windows\pss\NETGEAR WNA3100 Setup-Assistent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRServer.exe.lnk => C:\windows\pss\SRServer.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Thomas Ratzke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Thomas Ratzke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Thomas Ratzke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Thomas Ratzke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Medien-Prüfung.lnk => C:\windows\pss\Picture Motion Browser Medien-Prüfung.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Thomas Ratzke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Trillian.lnk => C:\windows\pss\Trillian.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
MSCONFIG\startupreg: Amazon Cloud Player => "C:\Users\Thomas Ratzke\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
MSCONFIG\startupreg: Amazon Music => "C:\Users\Thomas Ratzke\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\Thomas Ratzke\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MSCONFIG\startupreg: AnyDVD => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Browser Infrastructure Helper => C:\Users\Thomas Ratzke\AppData\Local\Smartbar\Application\Linkury.exe startup
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: Corel File Shell Monitor => C:\Program Files (x86)\Corel\Corel MediaOne\CorelIOMonitor.exe
MSCONFIG\startupreg: Corel Photo Downloader => "C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe" -startup
MSCONFIG\startupreg: dcmsvc => C:\Program Files (x86)\dcmsvc\dcmsvc.exe
MSCONFIG\startupreg: EA Core => C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
MSCONFIG\startupreg: Garmin Lifetime Updater => C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
MSCONFIG\startupreg: Google Update => "C:\Users\Thomas Ratzke\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_42BCF34DF888FA5E24C109D3BA6D368A => "C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HTC Sync Loader => "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: jmekey => C:\Program Files (x86)\jmesoft\hotkey.exe
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: Lenovo Dynamic Brightness System => C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe 1
MSCONFIG\startupreg: Lenovo Eye Distance System => C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe 1
MSCONFIG\startupreg: mbot_de_60 => "C:\Program Files (x86)\mbot_de_60\mbot_de_60.exe"
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: ModeSwitch => "C:\Program Files\Lenovo\Power Dial\LitModeSwitch.exe" /AutoRun
MSCONFIG\startupreg: MusicManager => "C:\Users\Thomas Ratzke\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
MSCONFIG\startupreg: My Movies Tray => "C:\Program Files (x86)\My Movies for Windows Media Center\My Movies Tray.exe"
MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: Steam => "C:\Games\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TrayServer => C:\PROGRA~2\MAGIX\VIDEO_~2\TrayServer.exe
MSCONFIG\startupreg: Ulead AutoDetector v2 => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe
MSCONFIG\startupreg: UMonit => C:\windows\SysWOW64\UMonit.exe
MSCONFIG\startupreg: Unattend0000000001{BFA3D12B-66DD-4617-923A-E864BC7D20B5} => C:\Windows\test.bat
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: UpdatePRCShortCut => "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
==================== Faulty Device Manager Devices =============
Name: iPodDrv
Description: iPodDrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: iPodDrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/10/2014 06:03:19 PM) (Source: MSSQL$MYMOVIES) (EventID: 3409) (User: )
Description: Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions.
Error: (09/10/2014 06:03:19 PM) (Source: MSSQL$MYMOVIES) (EventID: 8313) (User: )
Description: Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled.
Error: (09/10/2014 05:57:45 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\windows\system32\msiexec.exe /V; Beschreibung = Removed SpyHunter; Fehler = 0x80070422).
Error: (09/10/2014 05:55:18 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\windows\system32\msiexec.exe /V; Beschreibung = Removed SpyHunter; Fehler = 0x80070422).
Error: (09/10/2014 05:39:16 PM) (Source: MSSQL$MYMOVIES) (EventID: 3409) (User: )
Description: Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions.
Error: (09/10/2014 05:39:16 PM) (Source: MSSQL$MYMOVIES) (EventID: 8313) (User: )
Description: Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled.
Error: (09/09/2014 05:20:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647
Name des fehlerhaften Moduls: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000795b
ID des fehlerhaften Prozesses: 0x1f38
Startzeit der fehlerhaften Anwendung: 0xipmGui.exe0
Pfad der fehlerhaften Anwendung: ipmGui.exe1
Pfad des fehlerhaften Moduls: ipmGui.exe2
Berichtskennung: ipmGui.exe3
Error: (09/09/2014 08:47:02 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80070422).
Error: (09/07/2014 07:00:04 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "G:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (09/07/2014 04:19:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: swfoc.exe, Version: 1.0.0.0, Zeitstempel: 0x4575fb3b
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005b263
ID des fehlerhaften Prozesses: 0x144c
Startzeit der fehlerhaften Anwendung: 0xswfoc.exe0
Pfad der fehlerhaften Anwendung: swfoc.exe1
Pfad des fehlerhaften Moduls: swfoc.exe2
Berichtskennung: swfoc.exe3
System errors:
=============
Error: (09/10/2014 06:03:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/10/2014 06:03:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (09/10/2014 06:03:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "iPodDrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (09/10/2014 05:47:32 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (09/10/2014 05:41:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/10/2014 05:41:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (09/10/2014 05:40:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.
Error: (09/10/2014 05:39:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/10/2014 05:39:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (09/10/2014 05:39:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "iPodDrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (09/10/2014 06:03:19 PM) (Source: MSSQL$MYMOVIES) (EventID: 3409) (User: )
Description: -1
Error: (09/10/2014 06:03:19 PM) (Source: MSSQL$MYMOVIES) (EventID: 8313) (User: )
Description:
Error: (09/10/2014 05:57:45 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\windows\system32\msiexec.exe /VRemoved SpyHunter0x80070422
Error: (09/10/2014 05:55:18 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\windows\system32\msiexec.exe /VRemoved SpyHunter0x80070422
Error: (09/10/2014 05:39:16 PM) (Source: MSSQL$MYMOVIES) (EventID: 3409) (User: )
Description: -1
Error: (09/10/2014 05:39:16 PM) (Source: MSSQL$MYMOVIES) (EventID: 8313) (User: )
Description:
Error: (09/09/2014 05:20:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ipmGui.exe14.0.6.52253bec647ipmGui.exe14.0.6.52253bec647c00000050000795b1f3801cfcbf8b145ae2cC:\program files (x86)\avira\antivir desktop\ipmGui.exeC:\program files (x86)\avira\antivir desktop\ipmGui.execf9159c7-3834-11e4-ad64-406186748295
Error: (09/09/2014 08:47:02 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\windows\system32\svchost.exe -k netsvcsWindows Update0x80070422
Error: (09/07/2014 07:00:04 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: G:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (09/07/2014 04:19:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: swfoc.exe1.0.0.04575fb3bntdll.dll6.1.7601.18247521ea8e7c00000050005b263144c01cfcaa6bb30461bC:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exeC:\windows\SysWOW64\ntdll.dllfc933fce-3699-11e4-ad64-406186748295
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 41%
Total physical RAM: 6126.53 MB
Available physical RAM: 3606.51 MB
Total Pagefile: 12251.24 MB
Available Pagefile: 9396.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:906.34 GB) (Free:21.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (EAW_1) (CDROM) (Total:1.22 GB) (Free:0 GB) CDFS
Drive g: (Backup) (Fixed) (Total:1366.21 GB) (Free:108.7 GB) NTFS
Drive h: (BACKUPFAT) (Fixed) (Total:496.74 GB) (Free:366 GB) FAT32
Drive i: (Elements) (Fixed) (Total:439.01 GB) (Free:95.98 GB) NTFS
Drive j: (PS3) (Fixed) (Total:492.44 GB) (Free:225.76 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 94BB371C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=906.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0003C302)
Partition 1: (Active) - (Size=1366.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=496.8 GB) - (Type=OF Extended)
========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 469D60DF)
Partition 1: (Not Active) - (Size=439 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=492.5 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
10.09.2014, 17:43
| #4 |
| /// TB-Ausbilder | Spy Hunter 4 & iStartSurf Adware & Co. deinstallieren
Ausserdem deinstallieren:
Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter: Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Downloade Dir bitte  Malwarebytes Anti-Malware
Starte noch einmal FRST.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
10.09.2014, 19:18
| #5 |
| |  Spy Hunter 4 & iStartSurf 1. AdwCleaner-Log: Code:
ATTFilter # AdwCleaner v3.309 - Bericht erstellt am 10/09/2014 um 19:06:14
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Thomas Ratzke - THOMASRATZKE-PC
# Gestartet von : C:\Users\Thomas Ratzke\Downloads\adwcleaner_3.309.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : IePluginServices
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\IePluginServices
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Program Files (x86)\ver9Re-markit
[/!\] Nicht Gelöscht ( Junction ) : C:\Program Files\Gemeinsame Dateien
Ordner Gelöscht : C:\Program Files\V-bates
Ordner Gelöscht : C:\Users\Luke Ratzke\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Luke Ratzke\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\Luke Ratzke\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\Melanie Ratzke\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Melanie Ratzke\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\Melanie Ratzke\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\Thomas Ratzke\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Thomas Ratzke\AppData\Roaming\istartsurf
Ordner Gelöscht : C:\Users\Thomas Ratzke\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Thomas Ratzke\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Thomas Ratzke\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Thomas Ratzke\Desktop\Online
Datei Gelöscht : C:\windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
***** [ Tasks ] *****
Task Gelöscht : LaunchSignup
Task Gelöscht : FF Watcher {2045BB1D-AD29-4B58-9A06-E8FC5881A1D8}
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\Thomas Ratzke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (32 Bit).lnk
Verknüpfung Desinfiziert : C:\Users\Thomas Ratzke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Thomas Ratzke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Thomas Ratzke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\Google Play Music.lnk
Verknüpfung Desinfiziert : C:\Users\Thomas Ratzke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Thomas Ratzke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Thomas Ratzke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Thomas Ratzke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (32 Bit).lnk
Verknüpfung Desinfiziert : C:\Users\Thomas Ratzke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer (32 Bit).lnk
Verknüpfung Desinfiziert : C:\Users\Thomas Ratzke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer (64-bit).lnk
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
Wert Gelöscht : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskToolbarNRO_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskToolbarNRO_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\pdfforgeToolbar-stub-1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\pdfforgeToolbar-stub-1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_7-zip_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_7-zip_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SupHpUISoft
Schlüssel Gelöscht : HKCU\Software\TutoTag
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\istartsurfSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\SoftwareUpdater
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\SupTab
Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\supWPM
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\TBID
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\TBID
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17239
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Google Chrome v
[ Datei : C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma
*************************
AdwCleaner[R0].txt - [16484 octets] - [10/09/2014 19:02:58]
AdwCleaner[S0].txt - [12470 octets] - [10/09/2014 19:06:14]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12531 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Thomas Ratzke on 10.09.2014 at 19:19:51,61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7A2E5123-B9D0-403B-B075-CBCF11F90167}
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Thomas Ratzke\appdata\local\{005AEC49-3859-43EB-A7E9-796603342B63}
Successfully deleted: [Empty Folder] C:\Users\Thomas Ratzke\appdata\local\{053ACB1A-B049-4BF0-B08F-365176924996}
Successfully deleted: [Empty Folder] C:\Users\Thomas Ratzke\appdata\local\{14818CDB-D910-4072-8B16-8A7FF8D87723}
Successfully deleted: [Empty Folder] C:\Users\Thomas Ratzke\appdata\local\{165BB25A-6AFE-42E3-B12D-15A9AD63DB71}
Successfully deleted: [Empty Folder] C:\Users\Thomas Ratzke\appdata\local\{1683F70A-B4F5-4B94-9FD5-149E7FCCC76E}
Successfully deleted: [Empty Folder] C:\Users\Thomas Ratzke\appdata\local\{1DC0F83C-BCAD-4D46-93C6-37D554F94FC9}
Successfully deleted: [Empty Folder] C:\Users\Thomas Ratzke\appdata\local\{39033528-BA28-48A6-B51A-55A3965E5072}
Successfully deleted: [Empty Folder] C:\Users\Thomas Ratzke\appdata\local\{51D4313B-B537-4E3E-BD9C-6E8BC494DC99}
Successfully deleted: [Empty Folder] C:\Users\Thomas Ratzke\appdata\local\{56F900FB-584F-40FD-9D8E-8D8184302EC7}
Successfully deleted: [Empty Folder] C:\Users\Thomas Ratzke\appdata\local\{595A74AC-9E41-49B6-B758-79A35119F260}
Successfully deleted: [Empty Folder] C:\Users\Thomas Ratzke\appdata\local\{70313C4A-A037-4746-ACDB-55BF2D3F8242}
Successfully deleted: [Empty Folder] C:\Users\Thomas Ratzke\appdata\local\{76FB9F0B-0943-45DE-9093-6FD4C15C87FF}
Successfully deleted: [Empty Folder] C:\Users\Thomas Ratzke\appdata\local\{857605B4-7073-4B88-8991-4602F75F7022}
Successfully deleted: [Empty Folder] C:\Users\Thomas Ratzke\appdata\local\{9BDBFB98-BE21-46D1-9E4F-A1C5EB7951FA}
Successfully deleted: [Empty Folder] C:\Users\Thomas Ratzke\appdata\local\{9E34958D-3996-432F-A03B-B5AB39661C30}
Successfully deleted: [Empty Folder] C:\Users\Thomas Ratzke\appdata\local\{A8046560-2914-444A-89F9-BC557DC5C995}
Successfully deleted: [Empty Folder] C:\Users\Thomas Ratzke\appdata\local\{AE579C89-6725-4655-AE54-6CE436A3EAE0}
Successfully deleted: [Empty Folder] C:\Users\Thomas Ratzke\appdata\local\{CD4C58C1-7DFC-4E36-A70F-37A5CD34B999}
Successfully deleted: [Empty Folder] C:\Users\Thomas Ratzke\appdata\local\{DC041E9D-64C2-4805-B4CD-142B24C12576}
Successfully deleted: [Empty Folder] C:\Users\Thomas Ratzke\appdata\local\{E70DC28E-EB04-482B-8CD8-12B10FD8AD51}
Successfully deleted: [Empty Folder] C:\Users\Thomas Ratzke\appdata\local\{EA0206E8-8509-45E5-B7B6-6196AB8B13FE}
Successfully deleted: [Empty Folder] C:\Users\Thomas Ratzke\appdata\local\{F3B7D7FD-39B7-4491-95BC-433B229F8ECA}
Successfully deleted: [Empty Folder] C:\Users\Thomas Ratzke\appdata\local\{F75BB17E-3693-4F32-9D1F-E2B8DA5FA076}
Successfully deleted: [Empty Folder] C:\Users\Thomas Ratzke\appdata\local\{FE21BCFF-7D00-49E4-91F1-EAB71565C758}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.09.2014 at 19:23:27,80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter 2014/09/10 19:36:29 +0200 mbam-log-2014-09-10 (19-36-18).xml yes 2.00.2.1012 v2014.09.10.07 v2014.09.10.02 trial enabled enabled disabled Windows 7 Service Pack 1 x64 Thomas Ratzke NTFS threat completed 441888 1868 0 0 7 2 0 0 6 0 enabled enabled enabled enabled disabled disabled enabled enabled enabled HKU\S-1-5-21-1218043409-3151763047-2122344536-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}PUP.Optional.SupTab.Adelete-on-reboot7a858f5cf982f046b347ea9ad03248b8 HKU\S-1-5-21-1218043409-3151763047-2122344536-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}PUP.Optional.SupTab.Adelete-on-reboot7a858f5cf982f046b347ea9ad03248b8 HKU\S-1-5-21-1218043409-3151763047-2122344536-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}PUP.Optional.QuickShare.Adelete-on-rebootee11f0fbbebdb680c2b2d1e87e8452ae HKU\S-1-5-21-1218043409-3151763047-2122344536-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D4027C7F-154A-4066-A1AD-4243D8127440}PUP.Optional.FrostwireTB.Adelete-on-reboot25da7675daa144f2b69e4a7334cea55b HKU\S-1-5-21-1218043409-3151763047-2122344536-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D4027C7F-154A-4066-A1AD-4243D8127440}PUP.Optional.FrostwireTB.Adelete-on-reboot25da7675daa144f2b69e4a7334cea55b HKU\S-1-5-21-1218043409-3151763047-2122344536-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search SettingsPUP.Optional.Spigot.Adelete-on-rebootc53a3bb0324983b352e2d88b34d09f61 HKU\S-1-5-21-1218043409-3151763047-2122344536-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search SettingsPUP.Optional.Spigot.Adelete-on-reboot0ef1a04b81faeb4bba7aaab9c53f619f HKU\S-1-5-21-1218043409-3151763047-2122344536-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER{D4027C7F-154A-4066-A1AD-4243D8127440}PUP.Optional.FrostwireTB.Adelete-on-reboot
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014 Ran by Thomas Ratzke (administrator) on THOMASRATZKE-PC on 10-09-2014 20:13:57 Running from C:\Users\Thomas Ratzke\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Google Inc.) C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\chrome.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Google Inc.) C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\chrome.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Google Inc.) C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Valve Corporation) C:\Games\Steam\Steam.exe (Valve Corporation) C:\Games\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) C:\Games\Steam\bin\steamwebhelper.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Google Inc.) C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-1218043409-3151763047-2122344536-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.) HKU\S-1-5-21-1218043409-3151763047-2122344536-1001\...\Run: [GoogleChromeAutoLaunch_42BCF34DF888FA5E24C109D3BA6D368A] => C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\chrome.exe [852808 2014-08-30] (Google Inc.) HKU\S-1-5-21-1218043409-3151763047-2122344536-1001\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1218043409-3151763047-2122344536-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1218043409-3151763047-2122344536-1001\...\MountPoints2: {9c11f84e-35ea-11e4-9322-806e6f6e6963} - "D:\StarCraft II Setup.exe" HKU\S-1-5-21-1218043409-3151763047-2122344536-1001\...\MountPoints2: {e359f3cd-4686-11e0-a932-806e6f6e6963} - D:\EAWXLauncher.exe HKU\S-1-5-21-1218043409-3151763047-2122344536-1001\...\MountPoints2: {fd879af9-6716-11e2-9f7d-406186748295} - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1218043409-3151763047-2122344536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.) HKU\S-1-5-21-1218043409-3151763047-2122344536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_42BCF34DF888FA5E24C109D3BA6D368A] => C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\chrome.exe [852808 2014-08-30] (Google Inc.) HKU\S-1-5-21-1218043409-3151763047-2122344536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1218043409-3151763047-2122344536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1218043409-3151763047-2122344536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {9c11f84e-35ea-11e4-9322-806e6f6e6963} - "D:\StarCraft II Setup.exe" HKU\S-1-5-21-1218043409-3151763047-2122344536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e359f3cd-4686-11e0-a932-806e6f6e6963} - D:\EAWXLauncher.exe HKU\S-1-5-21-1218043409-3151763047-2122344536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {fd879af9-6716-11e2-9f7d-406186748295} - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1218043409-3151763047-2122344536-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-04-20] (Google Inc.) HKU\S-1-5-21-1218043409-3151763047-2122344536-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\RunOnce: [FlashPlayerUpdate] => C:\windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe [538288 2014-07-13] (Adobe Systems Incorporated) HKU\S-1-5-21-1218043409-3151763047-2122344536-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1218043409-3151763047-2122344536-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1218043409-3151763047-2122344536-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {e359f3cd-4686-11e0-a932-806e6f6e6963} - "D:\StarCraft II Setup.exe" HKU\S-1-5-21-1218043409-3151763047-2122344536-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-04-20] (Google Inc.) HKU\S-1-5-21-1218043409-3151763047-2122344536-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [FlashPlayerUpdate] => C:\windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe [538288 2014-07-13] (Adobe Systems Incorporated) HKU\S-1-5-21-1218043409-3151763047-2122344536-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1218043409-3151763047-2122344536-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1218043409-3151763047-2122344536-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e359f3cd-4686-11e0-a932-806e6f6e6963} - "D:\StarCraft II Setup.exe" HKU\S-1-5-21-1218043409-3151763047-2122344536-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1218043409-3151763047-2122344536-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1218043409-3151763047-2122344536-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {e359f3cd-4686-11e0-a932-806e6f6e6963} - D:\start.exe HKU\S-1-5-21-1218043409-3151763047-2122344536-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1218043409-3151763047-2122344536-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1218043409-3151763047-2122344536-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e359f3cd-4686-11e0-a932-806e6f6e6963} - D:\start.exe HKU\S-1-5-21-1218043409-3151763047-2122344536-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1218043409-3151763047-2122344536-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1218043409-3151763047-2122344536-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\Explorer: [NoDrives] 33554432 HKU\S-1-5-21-1218043409-3151763047-2122344536-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1218043409-3151763047-2122344536-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1218043409-3151763047-2122344536-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDrives] 33554432 Startup: C:\Users\Melanie Ratzke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk.disabled ShortcutTarget: OpenOffice.org 3.3.lnk.disabled -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.) BootExecute: autocheck autochk * sdnclean64.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-1218043409-3151763047-2122344536-1003\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - DefaultScope {1C06CB70-198C-4D8F-A4F7-F06D2827FF4F} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {1C06CB70-198C-4D8F-A4F7-F06D2827FF4F} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {4C5BC4C8-BA34-41C5-A20A-897A8166A4CF} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH) BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 80.69.100.206 80.69.100.182 FireFox: ======== FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @doubletwist.com/NPPodcast -> C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll No File FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Thomas Ratzke\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Thomas Ratzke\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Thomas Ratzke\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll No File FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-11-29] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "https://www.google.de/?gws_rd=ssl" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06] CHR Extension: (YouTube) - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-26] CHR Extension: (Auf den Amazon-Wunschzettel) - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2013-02-13] CHR Extension: (Google-Suche) - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-26] CHR Extension: (Google Play Music) - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-08-29] CHR Extension: (Avira Browser Safety) - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-16] CHR Extension: (Google Wallet) - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-06] CHR Extension: (Google Mail) - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-26] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG) R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MSSQL$MYMOVIES; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2012-10-08] () [File not signed] R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation) S4 ProtexisLicensing; C:\windows\SysWOW64\PSIService.exe [177704 2007-06-05] () S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S4 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed] S4 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [278528 2010-01-12] () [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138872 2011-12-04] (SlySoft, Inc.) R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138872 2011-12-04] (SlySoft, Inc.) S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1037312 2007-04-20] (Atheros Communications, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-10] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-28] (Avira Operations GmbH & Co. KG) S3 epmntdrv; C:\windows\system32\epmntdrv.sys [17480 2012-12-21] () S3 epmntdrv; C:\windows\SysWOW64\epmntdrv.sys [14920 2012-12-21] () S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [9800 2012-12-21] () S3 EuGdiDrv; C:\windows\SysWOW64\EuGdiDrv.sys [9160 2012-12-21] () S3 GigasetGenericUSB_x64; C:\Windows\System32\DRIVERS\GigasetGenericUSB_x64.sys [54272 2013-03-05] (Siemens Home and Office Communication Devices GmbH & Co. KG) U0 idbdlyp; C:\Windows\System32\drivers\repvw.sys [79064 2014-09-10] (Malwarebytes Corporation) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-10] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.) S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation ) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2011-07-06] () [File not signed] R3 USTOR2K; C:\Windows\System32\DRIVERS\ustor2k.sys [52224 2010-02-22] (Genesys Logic) R0 WinI2C-DDC; C:\Windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.) R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-22] (Nicomsoft Ltd.) U3 afzyraq8; C:\Windows\System32\Drivers\afzyraq8.sys [0 ] (Advanced Micro Devices) S3 CBTNDIS4; \??\C:\windows\system32\CBTNDIS4.SYS [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S2 iPodDrv; \??\C:\windows\system32\drivers\iPodDrv.sys [X] R4 PxHlpa64; System32\Drivers\PxHlpa64.sys [X] ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49 C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048 C:\Windows\System32\Drivers\AnyDVD.sys 7CE7D6019D0D73F9203BA4FF4BA35B6A C:\Windows\SysWOW64\Drivers\AnyDVD.sys 7CE7D6019D0D73F9203BA4FF4BA35B6A C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\athrxusb.sys 4BC451A93DB4915569C97FDAB020E6E7 C:\Windows\system32\drivers\atikmdag.sys 3EFD964D52221360AF0673CD61C2F4F5 C:\Windows\System32\DRIVERS\avgntflt.sys 4663C5AD76FE8E19592DE808156FA07D C:\Windows\System32\DRIVERS\avipbb.sys 8902AEC2382A37E9E99A4E0D52DBD42B C:\Windows\System32\DRIVERS\avkmgr.sys 390184FAD8FCC1B6DA25AEBAE928C3B6 C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bcmwlhigh664.sys 6FA3557EA5FA09BA705298CC6B0E9F5A C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706 C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868 C:\Windows\System32\DRIVERS\e1c62x64.sys 6BAFD9819D9FEC2EDBAEBC8493C711A4 C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit C:\Windows\System32\Drivers\ElbyCDIO.sys A05FC7ECA0966EBB70E4D17B855A853B C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit C:\windows\system32\epmntdrv.sys 6106653B08F4F72EEAA7F099E7C408A4 C:\windows\SysWOW64\epmntdrv.sys 093CEE3B45F0954DCE6CB891F6A920F7 C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\windows\system32\EuGdiDrv.sys 991C04A31777ED77CB92A4F96F14C2E2 C:\windows\SysWOW64\EuGdiDrv.sys F1DE3EEF501DDA7DDF99F2EDF0C5540E C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0 C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F C:\Windows\System32\DRIVERS\GigasetGenericUSB_x64.sys B93252C4C5A3733ECD5522CAF88DE02D C:\Windows\System32\drivers\grmnusb.sys 2ED7FF3E1ADA4092632393781518B3A7 C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\Drivers\ANDROIDUSB.sys F47CEC45FB85791D4AB237563AD0FA8F C:\Windows\System32\DRIVERS\htcnprot.sys B8B1B284362E1D8135112573395D5DA5 C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\iaStor.sys F7CE9BE72EDAC499B713ECA6DAE5D26F C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366 C:\Windows\System32\drivers\repvw.sys 95B3CEAF06A2DF96FE28CD0755D319C4 C:\Windows\System32\DRIVERS\igdkmd64.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit C:\Windows\System32\drivers\RTKVHD64.sys F5872A11EB4F6DB170D636CD4E53CA9F C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6 C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\windows\system32\drivers\mbam.sys F92B0E478C0FAA6D6661E6E977247E60 C:\windows\system32\drivers\MBAMSwissArmy.sys 8A50D5304E6AE48664CF5838EC32F647 C:\windows\system32\drivers\mwac.sys 15E8ABC06843672955CE26A009533BAD C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567 C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404 C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163 C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\NBVol.sys DACA803A8D732FE5EEAA024EC342F81D C:\Windows\System32\DRIVERS\NBVolUp.sys 6208F622E9E35860DFB0753DFF56F0C0 C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netr28ux.sys 618C55B392238B9467F9113E13525C49 C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\npf.sys C31FA031335EFF434B2D94278E74BCCE C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2 C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\System32\drivers\nvhda64v.sys E20ABD5B229760158F753CA90B97E090 C:\Windows\System32\DRIVERS\nvlddmkm.sys 91C75FF8000C571CCDCB3D589A4AF0D5 C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34 C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Rtnic64.sys 68DD0457D18FCCEF7384AE84022F0C86 C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scmndisp.sys 6011CDF54BB6F4C69F38FACCDAD73D7E C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\Drivers\sptd.sys D41D8CD98F00B204E9800998ECF8427E C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28 C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3 C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8 C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09 C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426 C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240 C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31 C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965 C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24 C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6 C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3 C:\Windows\system32\drivers\usb8023x.sys 70D05EE263568A742D14E1876DF80532 C:\Windows\System32\DRIVERS\ustor2k.sys 88CE07826F25B851E824ED2E57106323 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vpchbus.sys B4A73CA4EF9A02B9738CEA9AD5FE5917 C:\Windows\System32\DRIVERS\vpcnfltr.sys E675FB2B48C54F09895482E2253B289C C:\Windows\System32\DRIVERS\vpcusb.sys 5FB42082B0D19A0268705F1DD343DF20 C:\Windows\System32\drivers\vpcvmm.sys 207B6539799CC1C112661A9B620DD233 C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\drivers\DDCDrv.sys 66C365B542195C1F6E2FF4A7D8F3827C C:\Windows\SysWOW64\drivers\DDCDrv.sys 16EB81E08165D5B2BF18E9D50E35237F C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys AD12F5C7251BB8D575D560894E73CBBA C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys AD12F5C7251BB8D575D560894E73CBBA C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys AD12F5C7251BB8D575D560894E73CBBA C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys AD12F5C7251BB8D575D560894E73CBBA C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys AD12F5C7251BB8D575D560894E73CBBA C:\Windows\System32\DRIVERS\wsvd.sys 83575C43B2BFE9AB0661A7F957E843C0 C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 C:\Windows\System32\DRIVERS\yk62x64.sys B3EEACF62445E24FBB2CD4B0FB4DB026 C:\Windows\System32\Drivers\afzyraq8.sys ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-10 20:12 - 2014-09-10 20:12 - 00079064 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\repvw.sys 2014-09-10 20:04 - 2014-09-10 20:04 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\Roxio Log Files 2014-09-10 19:35 - 2014-09-10 19:36 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-10 19:34 - 2014-09-10 19:34 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-10 19:34 - 2014-09-10 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-10 19:34 - 2014-09-10 19:34 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-10 19:34 - 2014-09-10 19:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-10 19:34 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-09-10 19:34 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-09-10 19:34 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-09-10 19:26 - 2014-09-10 19:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Thomas Ratzke\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-10 19:23 - 2014-09-10 19:23 - 00003518 _____ () C:\Users\Thomas Ratzke\Desktop\JRT.txt 2014-09-10 19:19 - 2014-09-10 19:19 - 00000000 ____D () C:\windows\ERUNT 2014-09-10 19:13 - 2014-09-10 19:13 - 01016261 _____ (Thisisu) C:\Users\Thomas Ratzke\Downloads\JRT.exe 2014-09-10 19:07 - 2014-09-10 19:07 - 00000310 _____ () C:\windows\PFRO.log 2014-09-10 19:03 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll 2014-09-10 19:02 - 2014-09-10 19:06 - 00000000 ____D () C:\AdwCleaner 2014-09-10 19:02 - 2014-09-10 19:02 - 01370483 _____ () C:\Users\Thomas Ratzke\Downloads\adwcleaner_3.309.exe 2014-09-10 18:32 - 2014-09-10 18:32 - 00137842 _____ () C:\Users\Thomas Ratzke\Downloads\Shortcut.txt 2014-09-10 18:28 - 2014-09-10 18:32 - 00061321 _____ () C:\Users\Thomas Ratzke\Downloads\Addition.txt 2014-09-10 18:25 - 2014-09-10 20:14 - 00044493 _____ () C:\Users\Thomas Ratzke\Downloads\FRST.txt 2014-09-10 18:25 - 2014-09-10 20:14 - 00000000 ____D () C:\FRST 2014-09-10 18:24 - 2014-09-10 18:25 - 02105856 _____ (Farbar) C:\Users\Thomas Ratzke\Downloads\FRST64.exe 2014-09-10 18:07 - 2014-09-10 18:07 - 00464381 _____ () C:\Users\Thomas Ratzke\Downloads\SpyHunterKiller.exe 2014-09-10 17:59 - 2014-09-10 17:59 - 00001268 _____ () C:\Users\Thomas Ratzke\Desktop\Revo Uninstaller.lnk 2014-09-10 17:59 - 2014-09-10 17:59 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-09-10 17:58 - 2014-09-10 17:59 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Thomas Ratzke\Downloads\revosetup95.exe 2014-09-10 17:39 - 2014-09-10 19:31 - 00000224 _____ () C:\windows\setupact.log 2014-09-10 17:39 - 2014-09-10 17:39 - 00000000 _____ () C:\windows\setuperr.log 2014-09-10 17:38 - 2014-09-10 17:38 - 00402328 _____ () C:\windows\system32\FNTCACHE.DAT 2014-09-09 17:25 - 2014-09-09 17:26 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Thomas Ratzke\Downloads\sh-remover.exe 2014-09-07 15:57 - 2014-09-07 15:57 - 00120224 _____ () C:\Users\Thomas Ratzke\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-07 15:57 - 2014-09-07 15:57 - 00000000 _____ () C:\autoexec.bat 2014-09-07 15:56 - 2014-09-10 17:57 - 00000000 ____D () C:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-09-07 15:56 - 2014-09-07 15:56 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-09-07 15:55 - 2014-09-07 15:55 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Thomas Ratzke\Downloads\SpyHunter-Installer.exe 2014-09-07 15:35 - 2012-09-06 21:38 - 00444231 _____ () C:\windows\system32\Drivers\etc\hosts.20140907-153520.backup 2014-09-07 15:34 - 2012-09-06 21:38 - 00444231 _____ () C:\windows\system32\Drivers\etc\hosts.20140907-153412.backup 2014-09-07 07:28 - 2014-09-07 07:28 - 00141401 _____ () C:\Users\Thomas Ratzke\Downloads\Anhänge_201497.zip 2014-09-06 20:43 - 2012-09-06 21:38 - 00444231 _____ () C:\windows\system32\Drivers\etc\hosts.20140906-204344.backup 2014-09-06 19:44 - 2014-09-06 19:44 - 00000000 ____D () C:\Users\Thomas Ratzke\Documents\ProcAlyzer Dumps 2014-09-06 19:42 - 2014-09-06 19:42 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking 2014-09-06 19:41 - 2014-09-06 19:47 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-09-06 19:41 - 2014-09-06 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-09-06 19:41 - 2014-09-06 19:41 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-09-06 19:41 - 2014-09-06 19:41 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-09-06 19:41 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe 2014-09-06 19:17 - 2014-09-06 19:17 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Local\com 2014-09-06 19:15 - 2014-09-06 19:15 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf 2014-09-06 19:14 - 2014-09-06 19:34 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-09-05 20:02 - 2014-09-05 20:04 - 21070065 _____ (LucasArts) C:\Users\Thomas Ratzke\Downloads\focupdate1_1.exe 2014-09-05 20:00 - 2014-09-05 20:04 - 11841286 _____ () C:\Users\Thomas Ratzke\Downloads\eaw-mappack_1-4_setup.zip 2014-09-05 19:59 - 2014-09-05 20:01 - 05926152 _____ () C:\Users\Thomas Ratzke\Downloads\eawmapeditor.zip 2014-09-05 19:34 - 2014-09-05 19:34 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\Petroglyph 2014-09-05 19:33 - 2014-09-05 19:35 - 22706524 _____ (LucasArts) C:\Users\Thomas Ratzke\Downloads\eawupdate1_5.exe 2014-09-05 19:29 - 2014-09-07 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts 2014-09-05 19:29 - 2014-09-07 16:21 - 00000000 ____D () C:\Program Files (x86)\LucasArts 2014-09-03 18:06 - 2014-09-03 18:15 - 116901014 _____ () C:\Users\Thomas Ratzke\Downloads\SS_DE_1.00_1.10_Patch.zip 2014-09-03 17:43 - 2014-09-03 17:43 - 00178800 _____ (Sony DADC Austria AG.) C:\windows\SysWOW64\CmdLineExt_x64.dll 2014-09-03 17:27 - 2014-09-03 17:27 - 00003068 _____ () C:\windows\System32\Tasks\{5711C5F7-3642-4CFD-80F9-9937DDC340FB} 2014-09-03 17:25 - 2014-09-03 17:25 - 00735456 _____ () C:\Users\Thomas Ratzke\Downloads\SS_DE_1.10_1.20_Patch.exe 2014-08-31 19:28 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll 2014-08-31 19:28 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll 2014-08-30 05:57 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys 2014-08-30 05:57 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-08-30 05:57 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-08-30 05:57 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll 2014-08-30 05:57 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll 2014-08-30 05:57 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll 2014-08-30 05:57 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll 2014-08-30 05:57 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll 2014-08-30 05:57 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll 2014-08-30 05:57 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll 2014-08-30 05:57 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe 2014-08-30 05:57 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe 2014-08-30 05:57 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll 2014-08-30 05:57 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe 2014-08-30 05:57 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll 2014-08-30 05:57 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe 2014-08-30 05:56 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll 2014-08-30 05:56 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll 2014-08-30 05:54 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2014-08-30 05:54 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll 2014-08-30 05:54 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-08-29 20:13 - 2014-08-29 20:13 - 00000679 _____ () C:\Users\Public\Desktop\Dark Crusade.lnk 2014-08-29 20:12 - 2014-08-29 20:12 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\InstallShield 2014-08-29 19:58 - 2014-08-29 20:27 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Local\Battle.net 2014-08-29 19:58 - 2014-08-29 20:10 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\Battle.net 2014-08-29 19:57 - 2014-08-29 19:57 - 00001122 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2014-08-29 19:57 - 2014-08-29 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2014-08-29 19:57 - 2014-08-29 19:57 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-08-29 17:17 - 2014-08-29 17:17 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-08-29 17:17 - 2014-08-29 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-08-29 17:17 - 2014-08-29 17:17 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-08-29 17:17 - 2014-08-29 17:17 - 00000000 ____D () C:\Program Files\iTunes 2014-08-29 17:17 - 2014-08-29 17:17 - 00000000 ____D () C:\Program Files\iPod 2014-08-29 17:04 - 2014-08-29 17:07 - 113492816 _____ (Apple Inc.) C:\Users\Thomas Ratzke\Downloads\iTunes64Setup.exe 2014-08-27 10:39 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll 2014-08-27 10:39 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll 2014-08-27 10:39 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll 2014-08-27 10:39 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe 2014-08-27 10:39 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll 2014-08-27 10:39 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll 2014-08-27 10:39 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll 2014-08-27 10:39 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll 2014-08-27 10:39 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll 2014-08-27 10:39 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll 2014-08-27 10:39 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll 2014-08-27 10:39 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll 2014-08-27 10:39 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe 2014-08-27 10:39 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe 2014-08-23 17:32 - 2014-08-23 17:32 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-08-16 03:02 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll 2014-08-16 03:02 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll 2014-08-16 03:02 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe 2014-08-16 03:02 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe 2014-08-16 03:02 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe 2014-08-16 03:02 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll 2014-08-16 03:02 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe 2014-08-16 03:02 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll 2014-08-16 00:39 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll 2014-08-16 00:39 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll 2014-08-16 00:39 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll 2014-08-16 00:39 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll 2014-08-16 00:39 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll 2014-08-16 00:39 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe 2014-08-16 00:39 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll 2014-08-16 00:39 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll 2014-08-16 00:39 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll 2014-08-16 00:38 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-08-16 00:38 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2014-08-16 00:38 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-08-16 00:38 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-08-16 00:38 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-08-16 00:38 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-08-16 00:38 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-08-16 00:38 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-08-16 00:38 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-08-16 00:38 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-08-16 00:38 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-08-16 00:38 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-08-16 00:38 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-08-16 00:38 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-08-16 00:38 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-08-16 00:38 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-08-16 00:38 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-08-16 00:38 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-08-16 00:38 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-08-16 00:38 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-08-16 00:38 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2014-08-16 00:38 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-08-16 00:38 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-08-16 00:38 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2014-08-16 00:38 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-08-16 00:38 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-08-16 00:38 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-08-16 00:38 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-08-16 00:38 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-08-16 00:38 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-08-16 00:38 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-08-16 00:38 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-08-16 00:38 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-08-16 00:38 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-08-16 00:38 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-08-16 00:38 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-08-16 00:38 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2014-08-16 00:38 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-08-16 00:38 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-08-16 00:38 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-08-16 00:38 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-08-16 00:38 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-08-16 00:38 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-08-16 00:38 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-08-16 00:38 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-08-16 00:38 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-08-16 00:38 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-08-16 00:38 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-08-16 00:38 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2014-08-16 00:38 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-08-16 00:38 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-08-16 00:38 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-08-16 00:38 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-08-16 00:38 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-08-16 00:38 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-08-16 00:38 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-08-16 00:38 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2014-08-16 00:38 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll 2014-08-16 00:38 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys 2014-08-16 00:36 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-08-16 00:36 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-08-16 00:36 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll 2014-08-16 00:36 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-10 20:15 - 2011-04-20 22:08 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-10 20:14 - 2014-09-10 18:25 - 00044493 _____ () C:\Users\Thomas Ratzke\Downloads\FRST.txt 2014-09-10 20:14 - 2014-09-10 18:25 - 00000000 ____D () C:\FRST 2014-09-10 20:14 - 2011-05-08 19:55 - 00001152 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1218043409-3151763047-2122344536-1001UA.job 2014-09-10 20:12 - 2014-09-10 20:12 - 00079064 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\repvw.sys 2014-09-10 20:12 - 2010-12-18 00:46 - 00000000 ____D () C:\windows\PCHEALTH 2014-09-10 20:08 - 2010-12-18 00:42 - 00000000 ____D () C:\Program Files\Lenovo 2014-09-10 20:08 - 2010-12-18 00:01 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-09-10 20:08 - 2010-12-18 00:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo 2014-09-10 20:06 - 2010-12-18 00:42 - 00000000 ____D () C:\ProgramData\Uninstall 2014-09-10 20:04 - 2014-09-10 20:04 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\Roxio Log Files 2014-09-10 20:03 - 2011-05-05 17:29 - 00000000 ____D () C:\Program Files (x86)\SugarSync 2014-09-10 19:51 - 2011-05-06 18:24 - 00000000 ____D () C:\Program Files (x86)\Ubisoft 2014-09-10 19:41 - 2009-07-14 06:45 - 00025600 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-10 19:41 - 2009-07-14 06:45 - 00025600 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-10 19:37 - 2010-12-18 00:02 - 01272887 _____ () C:\windows\WindowsUpdate.log 2014-09-10 19:36 - 2014-09-10 19:35 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-10 19:34 - 2014-09-10 19:34 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-10 19:34 - 2014-09-10 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-10 19:34 - 2014-09-10 19:34 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-10 19:34 - 2014-09-10 19:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-10 19:31 - 2014-09-10 17:39 - 00000224 _____ () C:\windows\setupact.log 2014-09-10 19:31 - 2011-04-20 22:08 - 00001120 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-10 19:31 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-09-10 19:26 - 2014-09-10 19:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Thomas Ratzke\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-10 19:23 - 2014-09-10 19:23 - 00003518 _____ () C:\Users\Thomas Ratzke\Desktop\JRT.txt 2014-09-10 19:19 - 2014-09-10 19:19 - 00000000 ____D () C:\windows\ERUNT 2014-09-10 19:13 - 2014-09-10 19:13 - 01016261 _____ (Thisisu) C:\Users\Thomas Ratzke\Downloads\JRT.exe 2014-09-10 19:07 - 2014-09-10 19:07 - 00000310 _____ () C:\windows\PFRO.log 2014-09-10 19:06 - 2014-09-10 19:02 - 00000000 ____D () C:\AdwCleaner 2014-09-10 19:06 - 2013-05-25 12:51 - 00001011 _____ () C:\Users\Thomas Ratzke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-09-10 19:06 - 2011-05-08 20:00 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-09-10 19:06 - 2011-04-20 19:13 - 00001198 _____ () C:\Users\Thomas Ratzke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (32 Bit).lnk 2014-09-10 19:02 - 2014-09-10 19:02 - 01370483 _____ () C:\Users\Thomas Ratzke\Downloads\adwcleaner_3.309.exe 2014-09-10 18:32 - 2014-09-10 18:32 - 00137842 _____ () C:\Users\Thomas Ratzke\Downloads\Shortcut.txt 2014-09-10 18:32 - 2014-09-10 18:28 - 00061321 _____ () C:\Users\Thomas Ratzke\Downloads\Addition.txt 2014-09-10 18:25 - 2014-09-10 18:24 - 02105856 _____ (Farbar) C:\Users\Thomas Ratzke\Downloads\FRST64.exe 2014-09-10 18:10 - 2011-04-20 19:55 - 00003990 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{73A8952D-2499-43E8-851C-D88DA5E487FD} 2014-09-10 18:07 - 2014-09-10 18:07 - 00464381 _____ () C:\Users\Thomas Ratzke\Downloads\SpyHunterKiller.exe 2014-09-10 17:59 - 2014-09-10 17:59 - 00001268 _____ () C:\Users\Thomas Ratzke\Desktop\Revo Uninstaller.lnk 2014-09-10 17:59 - 2014-09-10 17:59 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-09-10 17:59 - 2014-09-10 17:58 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Thomas Ratzke\Downloads\revosetup95.exe 2014-09-10 17:57 - 2014-09-07 15:56 - 00000000 ____D () C:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-09-10 17:39 - 2014-09-10 17:39 - 00000000 _____ () C:\windows\setuperr.log 2014-09-10 17:39 - 2013-03-16 11:53 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-09-10 17:38 - 2014-09-10 17:38 - 00402328 _____ () C:\windows\system32\FNTCACHE.DAT 2014-09-09 17:34 - 2011-05-08 19:55 - 00001100 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1218043409-3151763047-2122344536-1001Core.job 2014-09-09 17:34 - 2011-04-21 21:09 - 00050176 _____ () C:\Users\Thomas Ratzke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-09-09 17:26 - 2014-09-09 17:25 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Thomas Ratzke\Downloads\sh-remover.exe 2014-09-07 18:08 - 2011-04-30 11:16 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Local\DVD Profiler 2014-09-07 16:21 - 2014-09-05 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts 2014-09-07 16:21 - 2014-09-05 19:29 - 00000000 ____D () C:\Program Files (x86)\LucasArts 2014-09-07 15:57 - 2014-09-07 15:57 - 00120224 _____ () C:\Users\Thomas Ratzke\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-07 15:57 - 2014-09-07 15:57 - 00000000 _____ () C:\autoexec.bat 2014-09-07 15:56 - 2014-09-07 15:56 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-09-07 15:55 - 2014-09-07 15:55 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Thomas Ratzke\Downloads\SpyHunter-Installer.exe 2014-09-07 15:52 - 2013-03-16 11:53 - 00003824 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-09-07 15:37 - 2011-04-25 11:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-09-07 15:32 - 2014-05-23 21:53 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-09-07 15:32 - 2011-05-08 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-09-07 15:32 - 2011-05-08 18:50 - 00000000 ____D () C:\Program Files\CCleaner 2014-09-07 07:30 - 2011-04-22 11:39 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Local\Windows Live 2014-09-07 07:28 - 2014-09-07 07:28 - 00141401 _____ () C:\Users\Thomas Ratzke\Downloads\Anhänge_201497.zip 2014-09-07 07:28 - 2009-09-14 08:03 - 03030668 _____ () C:\windows\system32\perfh007.dat 2014-09-07 07:28 - 2009-09-14 08:03 - 00885842 _____ () C:\windows\system32\perfc007.dat 2014-09-07 07:28 - 2009-07-14 07:13 - 00006458 _____ () C:\windows\system32\PerfStringBackup.INI 2014-09-06 20:47 - 2011-04-25 11:56 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2014-09-06 19:47 - 2014-09-06 19:41 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-09-06 19:44 - 2014-09-06 19:44 - 00000000 ____D () C:\Users\Thomas Ratzke\Documents\ProcAlyzer Dumps 2014-09-06 19:42 - 2014-09-06 19:42 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking 2014-09-06 19:42 - 2014-09-06 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-09-06 19:41 - 2014-09-06 19:41 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-09-06 19:41 - 2014-09-06 19:41 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-09-06 19:34 - 2014-09-06 19:14 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-09-06 19:23 - 2011-04-25 11:40 - 00000000 ____D () C:\windows\pss 2014-09-06 19:17 - 2014-09-06 19:17 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Local\com 2014-09-06 19:15 - 2014-09-06 19:15 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf 2014-09-06 19:14 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy 2014-09-06 18:43 - 2010-12-18 00:42 - 00000000 ____D () C:\ProgramData\InstallShield 2014-09-06 18:42 - 2011-04-28 21:39 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-09-05 20:04 - 2014-09-05 20:02 - 21070065 _____ (LucasArts) C:\Users\Thomas Ratzke\Downloads\focupdate1_1.exe 2014-09-05 20:04 - 2014-09-05 20:00 - 11841286 _____ () C:\Users\Thomas Ratzke\Downloads\eaw-mappack_1-4_setup.zip 2014-09-05 20:01 - 2014-09-05 19:59 - 05926152 _____ () C:\Users\Thomas Ratzke\Downloads\eawmapeditor.zip 2014-09-05 19:35 - 2014-09-05 19:33 - 22706524 _____ (LucasArts) C:\Users\Thomas Ratzke\Downloads\eawupdate1_5.exe 2014-09-05 19:34 - 2014-09-05 19:34 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\Petroglyph 2014-09-04 19:47 - 2014-07-09 09:13 - 00000045 _____ () C:\user.js 2014-09-03 18:15 - 2014-09-03 18:06 - 116901014 _____ () C:\Users\Thomas Ratzke\Downloads\SS_DE_1.00_1.10_Patch.zip 2014-09-03 17:43 - 2014-09-03 17:43 - 00178800 _____ (Sony DADC Austria AG.) C:\windows\SysWOW64\CmdLineExt_x64.dll 2014-09-03 17:40 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF 2014-09-03 17:27 - 2014-09-03 17:27 - 00003068 _____ () C:\windows\System32\Tasks\{5711C5F7-3642-4CFD-80F9-9937DDC340FB} 2014-09-03 17:25 - 2014-09-03 17:25 - 00735456 _____ () C:\Users\Thomas Ratzke\Downloads\SS_DE_1.10_1.20_Patch.exe 2014-08-31 21:00 - 2011-04-22 11:40 - 00000000 ____D () C:\Users\Thomas Ratzke\E-Mail 2014-08-31 20:40 - 2013-03-02 15:25 - 00000000 ____D () C:\Program Files (x86)\The GodFather 2014-08-30 05:50 - 2013-01-11 21:03 - 00000000 ____D () C:\Program Files (x86)\ffdshow 2014-08-29 20:27 - 2014-08-29 19:58 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Local\Battle.net 2014-08-29 20:13 - 2014-08-29 20:13 - 00000679 _____ () C:\Users\Public\Desktop\Dark Crusade.lnk 2014-08-29 20:13 - 2011-04-29 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ 2014-08-29 20:12 - 2014-08-29 20:12 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\InstallShield 2014-08-29 20:12 - 2011-04-20 21:44 - 00000000 ____D () C:\Games 2014-08-29 20:10 - 2014-08-29 19:58 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\Battle.net 2014-08-29 19:57 - 2014-08-29 19:57 - 00001122 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2014-08-29 19:57 - 2014-08-29 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2014-08-29 19:57 - 2014-08-29 19:57 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-08-29 17:17 - 2014-08-29 17:17 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-08-29 17:17 - 2014-08-29 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-08-29 17:17 - 2014-08-29 17:17 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-08-29 17:17 - 2014-08-29 17:17 - 00000000 ____D () C:\Program Files\iTunes 2014-08-29 17:17 - 2014-08-29 17:17 - 00000000 ____D () C:\Program Files\iPod 2014-08-29 17:17 - 2011-11-18 22:10 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-08-29 17:07 - 2014-08-29 17:04 - 113492816 _____ (Apple Inc.) C:\Users\Thomas Ratzke\Downloads\iTunes64Setup.exe 2014-08-23 17:33 - 2014-05-16 07:12 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-23 17:32 - 2014-08-23 17:32 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-08-23 17:32 - 2012-11-16 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-23 17:32 - 2012-11-16 23:07 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-08-23 04:07 - 2014-08-30 05:54 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2014-08-23 03:45 - 2014-08-30 05:54 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll 2014-08-23 02:59 - 2014-08-30 05:54 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-08-20 10:57 - 2011-05-09 19:00 - 00000000 ___RD () C:\Users\Melanie Ratzke\Virtual Machines 2014-08-16 09:39 - 2011-04-25 11:52 - 00000000 ___RD () C:\Users\Thomas Ratzke\Virtual Machines 2014-08-16 03:38 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions 2014-08-16 03:16 - 2013-08-15 09:56 - 00000000 ____D () C:\windows\system32\MRT 2014-08-16 03:09 - 2011-04-20 21:32 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-08-16 03:01 - 2014-05-08 03:19 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-08-15 19:44 - 2012-11-16 23:07 - 00000000 ____D () C:\ProgramData\Avira Files to move or delete: ==================== C:\ProgramData\flashax10.exe C:\Users\Public\dcmsvcsetup.exe C:\Users\Public\invokesi.exe Some content of TEMP: ==================== C:\Users\Luke Ratzke\AppData\Local\Temp\AskSLib.dll C:\Users\Melanie Ratzke\AppData\Local\Temp\AskSLib.dll C:\Users\Melanie Ratzke\AppData\Local\Temp\avgnt.exe C:\Users\Thomas Ratzke\AppData\Local\Temp\avgnt.exe C:\Users\Thomas Ratzke\AppData\Local\Temp\drm_dialogs.dll C:\Users\Thomas Ratzke\AppData\Local\Temp\Quarantine.exe C:\Users\Thomas Ratzke\AppData\Local\Temp\SHSetup.exe C:\Users\Thomas Ratzke\AppData\Local\Temp\_is3F50.exe C:\Users\Thomas Ratzke\AppData\Local\Temp\_isB220.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ Windows-Start-Manager --------------------- Bezeichner {bootmgr} device partition=\Device\HarddiskVolume1 description Windows Boot Manager locale de-DE inherit {globalsettings} default {current} resumeobject {c0409721-0a72-11e0-b6cf-40618672ea2c} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Windows-Startladeprogramm ------------------------- Bezeichner {current} device partition=C: path \windows\system32\winload.exe description Windows 7 locale de-DE inherit {bootloadersettings} recoverysequence {c0409723-0a72-11e0-b6cf-40618672ea2c} recoveryenabled Yes osdevice partition=C: systemroot \windows resumeobject {c0409721-0a72-11e0-b6cf-40618672ea2c} nx OptIn Windows-Startladeprogramm ------------------------- Bezeichner {c0409723-0a72-11e0-b6cf-40618672ea2c} device ramdisk=[C:]\Recovery\c0409723-0a72-11e0-b6cf-40618672ea2c\Winre.wim,{c0409724-0a72-11e0-b6cf-40618672ea2c} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\c0409723-0a72-11e0-b6cf-40618672ea2c\Winre.wim,{c0409724-0a72-11e0-b6cf-40618672ea2c} systemroot \windows nx OptIn winpe Yes Wiederaufnahme aus dem Ruhezustand ---------------------------------- Bezeichner {c0409721-0a72-11e0-b6cf-40618672ea2c} device partition=C: path \windows\system32\winresume.exe description Windows Resume Application locale de-DE inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows-Speichertestprogramm ---------------------------- Bezeichner {memdiag} device partition=\Device\HarddiskVolume1 path \boot\memtest.exe description Windows Memory Diagnostic locale de-DE inherit {globalsettings} badmemoryaccess Yes EMS-Einstellungen ----------------- Bezeichner {emssettings} bootems Yes Debuggereinstellungen --------------------- Bezeichner {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM-Defekte ----------- Bezeichner {badmemory} Globale Einstellungen --------------------- Bezeichner {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Startladeprogramm-Einstellungen ------------------------------- Bezeichner {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisoreinstellungen ------------------- Bezeichner {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Einstellungen zur Ladeprogrammfortsetzung ----------------------------------------- Bezeichner {resumeloadersettings} inherit {globalsettings} Ger„teoptionen -------------- Bezeichner {c0409724-0a72-11e0-b6cf-40618672ea2c} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\c0409723-0a72-11e0-b6cf-40618672ea2c\boot.sdi LastRegBack: 2014-07-28 12:43 ==================== End Of Log ============================ --- --- --- |
|
10.09.2014, 19:20
| #6 |
| |  Spy Hunter 4 & iStartSurf und Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2014
Ran by Thomas Ratzke at 2014-09-10 20:15:07
Running from C:\Users\Thomas Ratzke\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)
Age of Mythology: Extended Edition (HKLM-x32\...\Steam App 266840) (Version: - SkyBox Labs)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.1.0.570 - Amazon Services LLC)
Any Video Converter 5 5.0.3 (HKLM-x32\...\Any Video Converter 5_is1) (Version: - Any-Video-Converter.com)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 6.8.9.0 - SlySoft)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Corel MediaOne (HKLM-x32\...\{3C569633-C8DE-46E2-BB8F-F65198681C2F}) (Version: 2.100.0000 - Corel Corporation)
Corel Painter Essentials 3 (HKLM-x32\...\_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}) (Version: - Corel Corporation)
Corel Painter Essentials 3 (x32 Version: 3.2 - Corel Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dawn of War - Dark Crusade (HKLM-x32\...\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}) (Version: 1.00.0000 - THQ)
Dawn of War - Soulstorm (HKLM-x32\...\{20533183-D42D-4261-A125-956736FBEA8C}) (Version: 1.00.0000 - THQ)
Dawn of War - Soulstorm (x32 Version: 1.00.0000 - THQ) Hidden
dcmsvc 1.0 (HKLM-x32\...\dcmsvc_is1) (Version: - )
Defraggler (HKLM\...\Defraggler) (Version: 2.13 - Piriform)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DIE SIEDLER - Aufstieg eines Königreichs (HKLM-x32\...\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}) (Version: 1.00.0000 - Ubisoft)
Die Siedler 7 (HKLM-x32\...\{9C916142-C18C-429D-BFED-40094A7E0BEB}) (Version: 1.12.1396 - Ubisoft)
Dropbox (HKCU\...\Dropbox) (Version: 1.6.16 - Dropbox, Inc.)
Druckerdeinstallation für EPSON Stylus SX400 Series (HKLM\...\EPSON Stylus SX400 Series) (Version: - SEIKO EPSON Corporation)
DVD Profiler Version 3.8.2 (HKLM-x32\...\InvelosDVDProfiler_is1) (Version: - )
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
DVD Shrink 3.2 deutsch (DeCSS-frei) (HKLM-x32\...\DVD Shrink DE_is1) (Version: - DVD Shrink)
EA Download Manager (HKLM-x32\...\InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}) (Version: 4.0.0.396 - Electronic Arts)
EA Download Manager (x32 Version: 4.0.0.396 - Electronic Arts) Hidden
EaseUS Partition Master 9.2.1 Home Edition (HKLM-x32\...\EaseUS Partition Master Home Edition_is1) (Version: - EaseUS)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Fallout 3 (HKLM-x32\...\Steam App 22300) (Version: - Bethesda Softworks)
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
FileZilla Client 3.5.3 (HKCU\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 3.0.4.9 - Genesys Logic)
Gigaset QuickSync (HKLM\...\{18e951f2-329a-4ed2-833b-d980960db29e}) (Version: 8.2.0865.2 - Gigaset Communications GmbH)
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version: - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version: - Valve)
Heroes of Might and Magic 5 (HKLM-x32\...\Steam App 15170) (Version: - Ubisoft)
Heroes of Might and Magic V: Hammers of Fate (HKLM-x32\...\Steam App 15380) (Version: - Ubisoft)
iClone v4.2 EX (HKLM-x32\...\{7430B12A-3B67-4191-B0C5-59E57344CB1F}) (Version: 4.2.1718.1 - Reallusion Inc.)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Inhaltsmanager-Assistent für PlayStation(R) (HKLM-x32\...\{81AD22B9-C28A-45a3-94B3-5FECD221AD5C}) (Version: 3.10.7525.4 - Sony Computer Entertainment Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Internet-TV für Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
IPTInstaller (HKLM-x32\...\{6965F2F4-1CD2-4F42-A8EF-9EF433F9AA72}) (Version: 4.0.4 - HTC)
iSkysoft DRM Removal(Build 1.1.0.0) (HKLM-x32\...\iSkysoft DRM Removal_is1) (Version: - iSkysoft Software)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java(TM) 6 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416025FF}) (Version: 6.0.250 - Oracle)
Java(TM) SE Development Kit 6 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160250}) (Version: 1.6.0.250 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeePass Password Safe 2.17 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: - Dominik Reichl)
Lenovo Dynamic Brightness System (HKLM-x32\...\{D9ED6D06-6002-495E-A7BC-46E6AE386996}) (Version: 4.0.00.22080 - Lenovo)
Lenovo Eye Distance System (HKLM-x32\...\{5183D7AB-D09B-411F-A74E-BBAEA61C6505}) (Version: 4.0.00.21090 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3720 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.3720 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.)
Lenovo Rescue System (Version: 3.0.1409 - CyberLink Corp.) Hidden
Lenovo Treiber- und Anwendungsinstallation (HKLM-x32\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.10.1809 - Lenovo)
Lenovo USB2.0 UVC Camera (HKLM-x32\...\{70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B}) (Version: 1.00.0000 - Vimicro Corporation)
LVT (HKLM-x32\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.2.0919 - Lenovo)
LXH-JME2207FN Hotkey Driver (HKLM-x32\...\{42B21298-C850-4272-AFD9-636CBC005421}) (Version: 5.1.0804 - Lenovo)
MAGIX 3D Maker (embeded) (HKLM-x32\...\MAGIX 3D Maker D) (Version: 6.0.0.8 - MAGIX AG)
MAGIX Foto Manager 8 6.0.1.457 (D) (HKLM-x32\...\MAGIX Foto Manager 8 D) (Version: 6.0.1.457 - MAGIX AG)
MAGIX Fotobuch 3.6 (HKLM-x32\...\MAGIX Fotobuch) (Version: 3.6 - MAGIX AG)
MAGIX Online Druck Service 3.4.3.0 (D) (HKLM-x32\...\MAGIX Online Druck Service D) (Version: 3.4.3.0 - MAGIX AG)
MAGIX Screenshare (HKLM-x32\...\{0BEB1F3E-D965-460B-B7D6-4E4B50A679A7}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare 4.3.6.1987 (D) (HKLM-x32\...\MAGIX Screenshare D) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM-x32\...\{842030D5-3615-43D1-A0CB-644C8D70E957}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Video deluxe 15 Premium Sonderedition 8.5.0.28 (D) (HKLM-x32\...\MAGIX Video deluxe 15 Premium Sonderedition D) (Version: 8.5.0.28 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (Demo) (HKLM-x32\...\{5B694269-60EF-44C2-8A3B-3DC28D02F104}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (Designelemente) (HKLM-x32\...\{090D4332-7A77-4C17-B51D-E9F0C1406DF1}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (Fotoshow Maker-Stile 1) (HKLM-x32\...\{E049787A-CA87-4FE6-A413-0FB7EBCB9273}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (Fotoshow Maker-Stile 2) (HKLM-x32\...\{0E770203-9A9A-44B6-96EB-06FE6DD20AA9}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (Individuelle Menüvorlagen) (HKLM-x32\...\{60748DD7-CDC0-4BE9-BC97-B34CB28BDE79}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (Klangerzeuger) (HKLM-x32\...\{B153B45F-4539-4FB6-B4DA-5D6AD1778A0F}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (Menüvorlagen 1) (HKLM-x32\...\{365B539F-AC54-4DDB-95EB-70DF42A79EA6}) (Version: 1.1.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (Menüvorlagen 2) (HKLM-x32\...\{6CECE788-573E-4184-B90C-026D931D6D6F}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (NewBlueFX Lightning & Light Rays) (HKLM-x32\...\{2CB20F3B-FB80-47BC-BDAF-8A2D9A065A6D}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (NewBlueFX Premium Effects) (HKLM-x32\...\{4C40A729-70DE-463C-820F-282F0039422A}) (Version: 1.1.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (proDAD Adorage 11) (HKLM-x32\...\{76F8AA5E-7959-4964-9FF1-C9F1EB5DF882}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (proDAD Heroglyph 2.6) (HKLM-x32\...\{4A150B32-0BE7-4480-82D1-3ED9B4D7870F}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (proDAD Mercalli 2) (HKLM-x32\...\{67031FA6-070F-4003-9541-72A61703353F}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (Reallusion iClone 4.2 Starter-Version) (HKLM-x32\...\{A025CC04-DE6B-47A6-9E00-4FF3743FE0C4}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (Soundtrack Maker-Stile) (HKLM-x32\...\{FE8E514C-68AE-430A-BCFF-C4097B6D3866}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (Titeleffekte) (HKLM-x32\...\{41BBE7BA-8C98-47CE-95A1-1C0B0245B007}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (Tutorials) (HKLM-x32\...\{EE0BF74C-0D7A-4B82-9E12-0C65136CBCEF}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (Überblendeffekte) (HKLM-x32\...\{02F0341B-EECC-4D3E-ACD8-FBF77C45DB5B}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (Vasco da Gama 4 HDPro) (HKLM-x32\...\{F0ED7F47-5194-417F-8FE6-C6358574BB9C}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (XXL-Nachvertonungsarchiv 1) (HKLM-x32\...\{111DA346-B0FA-4B7F-BF5A-AE2ECAFB5BC5}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (XXL-Nachvertonungsarchiv 2) (HKLM-x32\...\{17ED9EC6-C3E3-4D83-A3E7-84D7CAB04E8D}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition Download-Version (HKLM-x32\...\MAGIX_MSI_Videodeluxe17_premium) (Version: 10.0.11.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition Download-Version (x32 Version: 10.0.11.0 - MAGIX AG) Hidden
MAGIX Xtreme Foto Designer 6 6.0.27.0 (D) (HKLM-x32\...\MAGIX Xtreme Foto Designer 6 D) (Version: 6.0.27.0 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MYMOVIES) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Tools Express Edition (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Might & Magic Heroes VI - Game Official Demo (HKLM-x32\...\{A024B9E5-7702-4556-A7BF-A04BFF2DE5D8}) (Version: 1.0 - Ubisoft)
Might and Magic Heroes VI Demo (HKLM-x32\...\Steam App 48280) (Version: - )
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Music Manager (HKCU\...\MusicManager) (Version: - Google, Inc.)
My Movies for Windows Media Center (HKLM-x32\...\{9A8B281C-1078-4BE5-8892-67F76B894C4E}) (Version: 3.2.0.0 - Binnerup Consult)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.4 - F.J. Wechselberger)
Nero 11 (HKLM-x32\...\{810B7362-6B05-4714-AF6A-EF3A20CCD634}) (Version: 11.2.00600 - Nero AG)
Nero 11 Video Samples (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero BackItUp 11 (x32 Version: 6.2.18400.2.100 - Nero AG) Hidden
Nero BackItUp 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 12.0.4000 - Nero AG)
Nero Blu-ray Player (x32 Version: 12.0.17700 - Nero AG) Hidden
Nero Burning ROM 11 (x32 Version: 11.2.10300.0.0 - Nero AG) Hidden
Nero Burning ROM 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero Cliparts (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.15500 - Nero AG) Hidden
Nero ControlCenter 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.19400 - Nero AG) Hidden
Nero CoverDesigner 11 (x32 Version: 6.0.11000.13.100 - Nero AG) Hidden
Nero CoverDesigner 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero Disc Menus Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Express 11 (x32 Version: 11.2.10300.0.0 - Nero AG) Hidden
Nero Express 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero Image Samples (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Kwik Media (x32 Version: 1.18.19600 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero PiP Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Recode 11 (x32 Version: 5.2.10900.0.0 - Nero AG) Hidden
Nero Recode 11 Help (CHM) (x32 Version: 11.0.10600 - Nero AG) Hidden
Nero RescueAgent 11 (x32 Version: 4.0.10600.10.100 - Nero AG) Hidden
Nero RescueAgent 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden
Nero SoundTrax 11 (x32 Version: 5.0.10700.6.100 - Nero AG) Hidden
Nero SoundTrax 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden
Nero Video 11 (x32 Version: 8.2.15700.3.100 - Nero AG) Hidden
Nero Video 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero WaveEditor 11 (x32 Version: 6.2.11300.0.100 - Nero AG) Hidden
Nero WaveEditor 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden
nero.prerequisites.msi (x32 Version: 11.0.20010 - Nero AG) Hidden
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR)
NewBlue Light Rays for Magix (HKLM-x32\...\NewBlue Light Rays for Magix) (Version: 1.4 - NewBlue)
NewBlue Lightning for Magix (HKLM-x32\...\NewBlue Lightning for Magix) (Version: 1.4 - NewBlue)
NVIDIA 3D Vision Controller Driver (x32 Version: 259.83 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 270.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 270.61 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 270.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 270.61 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5983 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Grafiktreiber 270.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 270.61 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.270.54.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Systemsteuerung 270.61 (Version: 270.61 - NVIDIA Corporation) Hidden
NVIDIA Update 1.1.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.1.34 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.1.34 - NVIDIA Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.9.1 - pdfforge)
PlayMemories Home (HKLM-x32\...\{0657DE52-8F5C-4073-B70C-ED4F3F7FA076}) (Version: 7.0.03.04240 - Sony Corporation)
Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
Prey (HKLM-x32\...\Steam App 3970) (Version: - Human Head)
proDAD Heroglyph 2.5 (HKLM-x32\...\proDAD-Heroglyph-2.5) (Version: 2.6.32 - proDAD GmbH)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6151 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Sid Meier's Civilization IV (HKLM-x32\...\Steam App 3900) (Version: - Firaxis)
Sid Meier's Civilization IV: Beyond the Sword (HKLM-x32\...\Steam App 8800) (Version: - Firaxis)
Splashtop Streamer (HKLM-x32\...\InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}) (Version: 2.1.5.2 - Splashtop Inc.)
Splashtop Streamer (x32 Version: 2.1.5.2 - Splashtop Inc.) Hidden
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steuer-Spar-Erklärung 2011 (HKLM-x32\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.13 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.11 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49 (HKLM-x32\...\{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1) (Version: v2011.build.49 - eRightSoft)
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version: - )
The GodFather (HKLM-x32\...\The GodFather) (Version: - )
ThemeWallpaper (HKLM-x32\...\{F29CBF73-C211-4616-898A-379A2679F990}) (Version: 1.1.0.090804 - Lenovo)
Trillian (HKLM-x32\...\Trillian) (Version: - Cerulean Studios, LLC)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Ulead PhotoImpact X3 (HKLM-x32\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 1.00.0000 - Corel)
Ulead PhotoImpact X3 (x32 Version: 1.00.0000 - Corel) Hidden
Ultra Defragmenter (HKLM-x32\...\UltraDefrag) (Version: 6.0.2 - UltraDefrag Development Team)
Vasco da Gama 4 HDPro (HKLM-x32\...\{05BBF12D-565E-4212-8BDD-C482C72866DD}) (Version: 4.00.0000 - MotionStudios)
Warhammer® 40,000™: Dawn of War® II - Single Player Demo (HKLM-x32\...\Steam App 15680) (Version: - Relic)
Warner Bros. Digital Copy Manager (HKLM-x32\...\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1) (Version: 1.70 - Warner Bros. Entertainment Inc.)
Warner Bros. Digital Copy Manager (x32 Version: 1.70 - Warner Bros. Entertainment Inc.) Hidden
Welcome App (Start-up experience) (x32 Version: 11.0.23500.0.0 - Nero AG) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Center Add-in for Silverlight (HKLM-x32\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16432 - Microsoft Corporation)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1218043409-3151763047-2122344536-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1218043409-3151763047-2122344536-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Thomas Ratzke\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1218043409-3151763047-2122344536-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Thomas Ratzke\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1218043409-3151763047-2122344536-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1218043409-3151763047-2122344536-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1218043409-3151763047-2122344536-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1218043409-3151763047-2122344536-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
==================== Restore Points =========================
29-08-2014 18:13:24 Installiert Dawn of War - Dark Crusade
30-08-2014 03:56:26 Windows Update
31-08-2014 17:21:30 Windows-Sicherung
31-08-2014 19:16:41 Windows Update
05-09-2014 17:25:08 Windows Update
05-09-2014 17:29:13 Installiert Star Wars Empire at War
05-09-2014 17:31:28 DirectX 9.0 wurde installiert
06-09-2014 16:45:48 DirectX wurde installiert
06-09-2014 17:13:44 Uniblue SpeedUpMyPC installation
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-09-07 15:35 - 00450770 ____N C:\windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {21A89B6C-0790-4C8E-A07E-8DDCB459033E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-20] (Google Inc.)
Task: {22A0719D-C9AD-431D-BD06-5BC98C7B7FA9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {5FEF2A98-26DF-462E-BECA-2FE735102649} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {6843F01E-E280-43C8-A99C-754C2C7F83F6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1218043409-3151763047-2122344536-1001UA => C:\Users\Thomas Ratzke\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-30] (Google Inc.)
Task: {6A6CA0A2-0A16-4AC1-B7F2-8B83130A24D5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {7E91FD94-C7DE-42FD-9892-259B96CFE314} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-20] (Google Inc.)
Task: {830705EE-60F7-4F9B-AEC7-1DF95B97CB54} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {AA319D91-B1DE-4C1B-A4D7-305F75E4891D} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-13] (Adobe Systems Incorporated)
Task: {C0A5E14C-243E-4010-A18E-DC200474BD05} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {C75B18B4-09C9-4518-981C-49C5B44AC909} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D55D07A2-C7B9-4BF7-BF47-E5DC83277E7E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1218043409-3151763047-2122344536-1001Core => C:\Users\Thomas Ratzke\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-30] (Google Inc.)
Task: {EF55379A-60E7-42BF-9DD1-D0B73264760E} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1218043409-3151763047-2122344536-1001Core.job => C:\Users\Thomas Ratzke\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1218043409-3151763047-2122344536-1001UA.job => C:\Users\Thomas Ratzke\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-08 15:41 - 2012-01-08 15:41 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-08-15 19:44 - 2014-08-04 14:20 - 00052472 _____ () C:\Users\Thomas Ratzke\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-09-06 19:41 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-09-06 19:41 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-09-06 19:41 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-09-06 19:19 - 2014-08-30 04:49 - 01098056 _____ () C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
2014-09-06 19:19 - 2014-08-30 04:49 - 00174408 _____ () C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\37.0.2062.103\libegl.dll
2014-09-06 19:19 - 2014-08-30 04:49 - 08577864 _____ () C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-06 19:19 - 2014-08-30 04:49 - 00331592 _____ () C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-06 19:19 - 2014-08-30 04:49 - 01660232 _____ () C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00067832 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-08-29 19:49 - 2014-08-21 20:15 - 01171456 _____ () C:\Games\Steam\libavcodec-56.dll
2014-08-29 19:49 - 2014-08-21 20:15 - 00442368 _____ () C:\Games\Steam\libavutil-54.dll
2014-08-29 19:49 - 2014-08-21 20:15 - 00332800 _____ () C:\Games\Steam\libavresample-2.dll
2014-03-31 14:09 - 2014-08-21 00:38 - 00774656 _____ () C:\Games\Steam\SDL2.dll
2014-08-29 19:50 - 2014-08-28 13:48 - 02224320 _____ () C:\Games\Steam\video.dll
2014-08-29 19:49 - 2014-08-21 20:15 - 00403968 _____ () C:\Games\Steam\libavformat-56.dll
2014-08-29 19:49 - 2014-08-21 20:15 - 00485888 _____ () C:\Games\Steam\libswscale-3.dll
2011-10-29 12:29 - 2014-08-28 13:48 - 00678080 _____ () C:\Games\Steam\bin\chromehtml.DLL
2011-04-23 00:07 - 2014-08-21 00:38 - 34589376 _____ () C:\Games\Steam\bin\libcef.dll
2014-08-29 19:49 - 2014-08-21 00:38 - 00837824 _____ () C:\Games\Steam\bin\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CEEBC40A-FDED-4C59-B354-939132350B01 => 2
MSCONFIG\Services: EPSON_EB_RPCV4_01 => 2
MSCONFIG\Services: EPSON_PM_RPCV4_01 => 2
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LenovoCOMSvc => 2
MSCONFIG\Services: LitModeCtrl => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: NVSvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: PassThru Service => 2
MSCONFIG\Services: PMBDeviceInfoProvider => 2
MSCONFIG\Services: ProtexisLicensing => 2
MSCONFIG\Services: SBSDWSCService => 2
MSCONFIG\Services: SSUService => 2
MSCONFIG\Services: StarWindServiceAE => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: WSWNA3100 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Inhaltsmanager-Assistent für PlayStation(R).lnk => C:\windows\pss\Inhaltsmanager-Assistent für PlayStation(R).lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNA3100 Setup-Assistent.lnk => C:\windows\pss\NETGEAR WNA3100 Setup-Assistent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRServer.exe.lnk => C:\windows\pss\SRServer.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Thomas Ratzke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Thomas Ratzke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Thomas Ratzke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Thomas Ratzke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Medien-Prüfung.lnk => C:\windows\pss\Picture Motion Browser Medien-Prüfung.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Thomas Ratzke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Trillian.lnk => C:\windows\pss\Trillian.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
MSCONFIG\startupreg: Amazon Cloud Player => "C:\Users\Thomas Ratzke\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
MSCONFIG\startupreg: Amazon Music => "C:\Users\Thomas Ratzke\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\Thomas Ratzke\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MSCONFIG\startupreg: AnyDVD => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Browser Infrastructure Helper => C:\Users\Thomas Ratzke\AppData\Local\Smartbar\Application\Linkury.exe startup
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: Corel File Shell Monitor => C:\Program Files (x86)\Corel\Corel MediaOne\CorelIOMonitor.exe
MSCONFIG\startupreg: Corel Photo Downloader => "C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe" -startup
MSCONFIG\startupreg: dcmsvc => C:\Program Files (x86)\dcmsvc\dcmsvc.exe
MSCONFIG\startupreg: EA Core => C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
MSCONFIG\startupreg: Garmin Lifetime Updater => C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
MSCONFIG\startupreg: Google Update => "C:\Users\Thomas Ratzke\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_42BCF34DF888FA5E24C109D3BA6D368A => "C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HTC Sync Loader => "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: jmekey => C:\Program Files (x86)\jmesoft\hotkey.exe
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: Lenovo Dynamic Brightness System => C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe 1
MSCONFIG\startupreg: Lenovo Eye Distance System => C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe 1
MSCONFIG\startupreg: mbot_de_60 => "C:\Program Files (x86)\mbot_de_60\mbot_de_60.exe"
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: ModeSwitch => "C:\Program Files\Lenovo\Power Dial\LitModeSwitch.exe" /AutoRun
MSCONFIG\startupreg: MusicManager => "C:\Users\Thomas Ratzke\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
MSCONFIG\startupreg: My Movies Tray => "C:\Program Files (x86)\My Movies for Windows Media Center\My Movies Tray.exe"
MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: Steam => "C:\Games\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TrayServer => C:\PROGRA~2\MAGIX\VIDEO_~2\TrayServer.exe
MSCONFIG\startupreg: Ulead AutoDetector v2 => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe
MSCONFIG\startupreg: UMonit => C:\windows\SysWOW64\UMonit.exe
MSCONFIG\startupreg: Unattend0000000001{BFA3D12B-66DD-4617-923A-E864BC7D20B5} => C:\Windows\test.bat
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: UpdatePRCShortCut => "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
==================== Faulty Device Manager Devices =============
Name: iPodDrv
Description: iPodDrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: iPodDrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/10/2014 08:08:13 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Users\THOMAS~1\AppData\Local\Temp\_is1FFE.exe -removeonly -clone_of"C:\Program Files (x86)\InstallShield Installation Information\{816F9A97-9889-43DA-A394-7AA45DD68BA0}\" -your_launcherSetup.exe -tempdisk1folder"C:\Users\THOMAS~1\AppData\Local\Temp\{1C1494B5-1C79-429E-95BB-5D26F32F799D}\"; Beschreibung = Entfernt Power Dial; Fehler = 0x80070422).
Error: (09/10/2014 08:08:06 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" ; Beschreibung = Revo Uninstaller's restore point - Power Dial; Fehler = 0x80070422).
Error: (09/10/2014 08:07:30 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. 0xc0041801 (0xc0041801)
Error: (09/10/2014 08:07:30 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=2350} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. 0xc0041801 (0xc0041801)
Error: (09/10/2014 08:04:18 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" ; Beschreibung = Revo Uninstaller's restore point - Roxio BackOnTrack; Fehler = 0x80070422).
Error: (09/10/2014 08:02:22 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" ; Beschreibung = Revo Uninstaller's restore point - SugarSync Manager; Fehler = 0x80070422).
Error: (09/10/2014 07:59:40 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" ; Beschreibung = Revo Uninstaller's restore point - mufin player 2.5; Fehler = 0x80070422).
Error: (09/10/2014 07:52:03 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" ; Beschreibung = Revo Uninstaller's restore point - ANNO 2070 DEMO; Fehler = 0x80070422).
Error: (09/10/2014 07:51:18 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" ; Beschreibung = Revo Uninstaller's restore point - ANNO 2070 DEMO; Fehler = 0x80070422).
Error: (09/10/2014 07:31:26 PM) (Source: MSSQL$MYMOVIES) (EventID: 3409) (User: )
Description: Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions.
System errors:
=============
Error: (09/10/2014 07:33:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/10/2014 07:33:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (09/10/2014 07:31:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/10/2014 07:31:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (09/10/2014 07:31:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "iPodDrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (09/10/2014 08:08:13 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Users\THOMAS~1\AppData\Local\Temp\_is1FFE.exe -removeonly -clone_of"C:\Program Files (x86)\InstallShield Installation Information\{816F9A97-9889-43DA-A394-7AA45DD68BA0}\" -your_launcherSetup.exe -tempdisk1folder"C:\Users\THOMAS~1\AppData\Local\Temp\{1C1494B5-1C79-429E-95BB-5D26F32F799D}\"Entfernt Power Dial0x80070422
Error: (09/10/2014 08:08:06 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" Revo Uninstaller's restore point - Power Dial0x80070422
Error: (09/10/2014 08:07:30 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. 0xc0041801 (0xc0041801)
The catalog is corrupt
Error: (09/10/2014 08:07:30 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. 0xc0041801 (0xc0041801)
2350
Error: (09/10/2014 08:04:18 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" Revo Uninstaller's restore point - Roxio BackOnTrack0x80070422
Error: (09/10/2014 08:02:22 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" Revo Uninstaller's restore point - SugarSync Manager0x80070422
Error: (09/10/2014 07:59:40 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" Revo Uninstaller's restore point - mufin player 2.50x80070422
Error: (09/10/2014 07:52:03 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" Revo Uninstaller's restore point - ANNO 2070 DEMO0x80070422
Error: (09/10/2014 07:51:18 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" Revo Uninstaller's restore point - ANNO 2070 DEMO0x80070422
Error: (09/10/2014 07:31:26 PM) (Source: MSSQL$MYMOVIES) (EventID: 3409) (User: )
Description: -1
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 48%
Total physical RAM: 6126.53 MB
Available physical RAM: 3174.67 MB
Total Pagefile: 12251.24 MB
Available Pagefile: 8752.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:906.34 GB) (Free:27.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (SC2-200-D1) (CDROM) (Total:7.82 GB) (Free:0 GB) UDF
Drive g: (Backup) (Fixed) (Total:1366.21 GB) (Free:108.7 GB) NTFS
Drive h: (BACKUPFAT) (Fixed) (Total:496.74 GB) (Free:366 GB) FAT32
Drive i: (Elements) (Fixed) (Total:439.01 GB) (Free:95.98 GB) NTFS
Drive j: (PS3) (Fixed) (Total:492.44 GB) (Free:225.76 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 94BB371C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=906.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0003C302)
Partition 1: (Active) - (Size=1366.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=496.8 GB) - (Type=OF Extended)
========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 469D60DF)
Partition 1: (Not Active) - (Size=439 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=492.5 GB) - (Type=OF Extended)
==================== End Of Log ============================
Bis hierhin erstmal danke. Wie sieht es aus? Besser? iStartSurf bin ich wohl in der Tat bereits los geworden.  Edit: die Java-Programme konnte ich nicht deinstallieren, weil sie gar nicht in der Liste auftauchten: Java(TM) 6 Update 25 (64-bit) Java(TM) SE Development Kit 6 Update 25 (64-bit) |
|
10.09.2014, 20:32
| #7 |
| /// TB-Ausbilder | Spy Hunter 4 & iStartSurf Gibts auf dem Rechner einen oder mehrere eingeschränkte Benutzer ? Oder ne Kindersicherungssoftware ?
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
11.09.2014, 14:11
| #8 |
| | Spy Hunter 4 & iStartSurf Hi, ja, es gibt noch zwei User, die nicht Administrator sind (wobei ich bei dem Benutzer meiner Frau noch mal schauen muss, wenn ich zu Hause bin, ob diese nicht doch Admin-Rechte hat). Kindersicherungs-Software setze ich (bewusst) keine ein. Ich will aber nicht ausschließen, dass nicht schon welche vorinstalliert war). Inwiefern ist das relevant? Siehst du irgendwas in den Logs?  Gruß, Thomas |
|
11.09.2014, 15:48
| #9 |
| /// TB-Ausbilder | Spy Hunter 4 & iStartSurf Bitte ein neues FRST Log. Bitte ALLE Haken bei Whitelist setzen, ALLE Haken bei Option Scan entfernen.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
11.09.2014, 17:39
| #10 |
| | Spy Hunter 4 & iStartSurf Your wish is my command.  FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014 Ran by Thomas Ratzke (administrator) on THOMASRATZKE-PC on 11-09-2014 18:37:21 Running from C:\Users\Thomas Ratzke\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Google Inc.) C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-1218043409-3151763047-2122344536-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.) HKU\S-1-5-21-1218043409-3151763047-2122344536-1001\...\Run: [GoogleChromeAutoLaunch_42BCF34DF888FA5E24C109D3BA6D368A] => C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\chrome.exe [852808 2014-08-30] (Google Inc.) HKU\S-1-5-21-1218043409-3151763047-2122344536-1001\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1218043409-3151763047-2122344536-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1218043409-3151763047-2122344536-1001\...\MountPoints2: {9c11f84e-35ea-11e4-9322-806e6f6e6963} - "D:\StarCraft II Setup.exe" HKU\S-1-5-21-1218043409-3151763047-2122344536-1001\...\MountPoints2: {e359f3cd-4686-11e0-a932-806e6f6e6963} - D:\EAWXLauncher.exe HKU\S-1-5-21-1218043409-3151763047-2122344536-1001\...\MountPoints2: {fd879af9-6716-11e2-9f7d-406186748295} - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1218043409-3151763047-2122344536-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-04-20] (Google Inc.) HKU\S-1-5-21-1218043409-3151763047-2122344536-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\RunOnce: [FlashPlayerUpdate] => C:\windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe [538288 2014-07-13] (Adobe Systems Incorporated) HKU\S-1-5-21-1218043409-3151763047-2122344536-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1218043409-3151763047-2122344536-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1218043409-3151763047-2122344536-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {e359f3cd-4686-11e0-a932-806e6f6e6963} - "D:\StarCraft II Setup.exe" HKU\S-1-5-21-1218043409-3151763047-2122344536-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1218043409-3151763047-2122344536-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1218043409-3151763047-2122344536-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {e359f3cd-4686-11e0-a932-806e6f6e6963} - D:\start.exe Startup: C:\Users\Melanie Ratzke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk.disabled ShortcutTarget: OpenOffice.org 3.3.lnk.disabled -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.) BootExecute: autocheck autochk * sdnclean64.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-1218043409-3151763047-2122344536-1003\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - DefaultScope {1C06CB70-198C-4D8F-A4F7-F06D2827FF4F} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {1C06CB70-198C-4D8F-A4F7-F06D2827FF4F} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {4C5BC4C8-BA34-41C5-A20A-897A8166A4CF} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH) BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 80.69.100.206 80.69.100.182 FireFox: ======== FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @doubletwist.com/NPPodcast -> C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll No File FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Thomas Ratzke\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Thomas Ratzke\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Thomas Ratzke\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll No File FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-11-29] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "https://www.google.de/?gws_rd=ssl" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06] CHR Extension: (YouTube) - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-26] CHR Extension: (Auf den Amazon-Wunschzettel) - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2013-02-13] CHR Extension: (Google-Suche) - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-26] CHR Extension: (Google Play Music) - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-08-29] CHR Extension: (Avira Browser Safety) - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-16] CHR Extension: (Google Wallet) - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-06] CHR Extension: (Google Mail) - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-26] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG) R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MSSQL$MYMOVIES; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2012-10-08] () [File not signed] R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation) S4 ProtexisLicensing; C:\windows\SysWOW64\PSIService.exe [177704 2007-06-05] () R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S4 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed] S4 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [278528 2010-01-12] () [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138872 2011-12-04] (SlySoft, Inc.) R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138872 2011-12-04] (SlySoft, Inc.) S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1037312 2007-04-20] (Atheros Communications, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-10] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-28] (Avira Operations GmbH & Co. KG) S3 epmntdrv; C:\windows\system32\epmntdrv.sys [17480 2012-12-21] () S3 epmntdrv; C:\windows\SysWOW64\epmntdrv.sys [14920 2012-12-21] () S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [9800 2012-12-21] () S3 EuGdiDrv; C:\windows\SysWOW64\EuGdiDrv.sys [9160 2012-12-21] () S3 GigasetGenericUSB_x64; C:\Windows\System32\DRIVERS\GigasetGenericUSB_x64.sys [54272 2013-03-05] (Siemens Home and Office Communication Devices GmbH & Co. KG) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-11] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.) S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation ) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2011-07-06] () [File not signed] R3 USTOR2K; C:\Windows\System32\DRIVERS\ustor2k.sys [52224 2010-02-22] (Genesys Logic) R0 WinI2C-DDC; C:\Windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.) R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-22] (Nicomsoft Ltd.) U3 aktbctu9; C:\Windows\System32\Drivers\aktbctu9.sys [0 ] (Microsoft Corporation) S3 CBTNDIS4; \??\C:\windows\system32\CBTNDIS4.SYS [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S2 iPodDrv; \??\C:\windows\system32\drivers\iPodDrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-10 20:38 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-09-10 20:38 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2014-09-10 20:38 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-09-10 20:38 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-09-10 20:38 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-09-10 20:38 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-09-10 20:38 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-09-10 20:38 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-09-10 20:38 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-09-10 20:38 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-09-10 20:38 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-09-10 20:38 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-09-10 20:38 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-09-10 20:38 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-09-10 20:38 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-09-10 20:38 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-09-10 20:38 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-09-10 20:38 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-09-10 20:38 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-09-10 20:38 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-09-10 20:38 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-09-10 20:38 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-09-10 20:38 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2014-09-10 20:38 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-09-10 20:38 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-09-10 20:38 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2014-09-10 20:38 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-09-10 20:38 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-09-10 20:38 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-09-10 20:38 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-09-10 20:38 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-09-10 20:38 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-09-10 20:38 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-09-10 20:38 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-09-10 20:38 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-09-10 20:38 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-09-10 20:38 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2014-09-10 20:38 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-09-10 20:38 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-09-10 20:38 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-09-10 20:38 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-09-10 20:38 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-10 20:38 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-09-10 20:38 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-09-10 20:38 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-09-10 20:38 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-09-10 20:38 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-09-10 20:38 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-09-10 20:38 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-09-10 20:38 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-09-10 20:38 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2014-09-10 20:38 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-09-10 20:38 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-09-10 20:38 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-09-10 20:38 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-09-10 20:38 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-09-10 20:32 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-09-10 20:32 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-09-10 20:30 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll 2014-09-10 20:30 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll 2014-09-10 20:04 - 2014-09-10 20:04 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\Roxio Log Files 2014-09-10 19:35 - 2014-09-11 18:35 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-10 19:34 - 2014-09-10 19:34 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-10 19:34 - 2014-09-10 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-10 19:34 - 2014-09-10 19:34 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-10 19:34 - 2014-09-10 19:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-10 19:34 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-09-10 19:34 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-09-10 19:34 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-09-10 19:26 - 2014-09-10 19:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Thomas Ratzke\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-10 19:23 - 2014-09-10 19:23 - 00003518 _____ () C:\Users\Thomas Ratzke\Desktop\JRT.txt 2014-09-10 19:19 - 2014-09-10 19:19 - 00000000 ____D () C:\windows\ERUNT 2014-09-10 19:13 - 2014-09-10 19:13 - 01016261 _____ (Thisisu) C:\Users\Thomas Ratzke\Downloads\JRT.exe 2014-09-10 19:07 - 2014-09-11 17:53 - 00002760 _____ () C:\windows\PFRO.log 2014-09-10 19:03 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll 2014-09-10 19:02 - 2014-09-10 19:06 - 00000000 ____D () C:\AdwCleaner 2014-09-10 19:02 - 2014-09-10 19:02 - 01370483 _____ () C:\Users\Thomas Ratzke\Downloads\adwcleaner_3.309.exe 2014-09-10 18:32 - 2014-09-10 20:17 - 00134070 _____ () C:\Users\Thomas Ratzke\Downloads\Shortcut.txt 2014-09-10 18:28 - 2014-09-10 20:17 - 00059762 _____ () C:\Users\Thomas Ratzke\Downloads\Addition.txt 2014-09-10 18:25 - 2014-09-11 18:37 - 00022375 _____ () C:\Users\Thomas Ratzke\Downloads\FRST.txt 2014-09-10 18:25 - 2014-09-11 18:37 - 00000000 ____D () C:\FRST 2014-09-10 18:24 - 2014-09-10 18:25 - 02105856 _____ (Farbar) C:\Users\Thomas Ratzke\Downloads\FRST64.exe 2014-09-10 18:19 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll 2014-09-10 18:19 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll 2014-09-10 18:19 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-09-10 18:19 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-09-10 18:19 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2014-09-10 18:19 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll 2014-09-10 18:19 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2014-09-10 18:19 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll 2014-09-10 18:19 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll 2014-09-10 18:07 - 2014-09-10 18:07 - 00464381 _____ () C:\Users\Thomas Ratzke\Downloads\SpyHunterKiller.exe 2014-09-10 17:59 - 2014-09-10 17:59 - 00001268 _____ () C:\Users\Thomas Ratzke\Desktop\Revo Uninstaller.lnk 2014-09-10 17:59 - 2014-09-10 17:59 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-09-10 17:58 - 2014-09-10 17:59 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Thomas Ratzke\Downloads\revosetup95.exe 2014-09-10 17:39 - 2014-09-11 17:54 - 00000280 _____ () C:\windows\setupact.log 2014-09-10 17:39 - 2014-09-10 17:39 - 00000000 _____ () C:\windows\setuperr.log 2014-09-10 17:38 - 2014-09-10 17:38 - 00402328 _____ () C:\windows\system32\FNTCACHE.DAT 2014-09-09 17:25 - 2014-09-09 17:26 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Thomas Ratzke\Downloads\sh-remover.exe 2014-09-07 15:57 - 2014-09-07 15:57 - 00120224 _____ () C:\Users\Thomas Ratzke\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-07 15:57 - 2014-09-07 15:57 - 00000000 _____ () C:\autoexec.bat 2014-09-07 15:56 - 2014-09-10 17:57 - 00000000 ____D () C:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-09-07 15:56 - 2014-09-07 15:56 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-09-07 15:55 - 2014-09-07 15:55 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Thomas Ratzke\Downloads\SpyHunter-Installer.exe 2014-09-07 15:35 - 2012-09-06 21:38 - 00444231 _____ () C:\windows\system32\Drivers\etc\hosts.20140907-153520.backup 2014-09-07 15:34 - 2012-09-06 21:38 - 00444231 _____ () C:\windows\system32\Drivers\etc\hosts.20140907-153412.backup 2014-09-07 07:28 - 2014-09-07 07:28 - 00141401 _____ () C:\Users\Thomas Ratzke\Downloads\Anhänge_201497.zip 2014-09-06 20:43 - 2012-09-06 21:38 - 00444231 _____ () C:\windows\system32\Drivers\etc\hosts.20140906-204344.backup 2014-09-06 19:44 - 2014-09-06 19:44 - 00000000 ____D () C:\Users\Thomas Ratzke\Documents\ProcAlyzer Dumps 2014-09-06 19:42 - 2014-09-06 19:42 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking 2014-09-06 19:41 - 2014-09-06 19:47 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-09-06 19:41 - 2014-09-06 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-09-06 19:41 - 2014-09-06 19:41 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-09-06 19:41 - 2014-09-06 19:41 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-09-06 19:41 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe 2014-09-06 19:17 - 2014-09-06 19:17 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Local\com 2014-09-06 19:15 - 2014-09-06 19:15 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf 2014-09-06 19:14 - 2014-09-06 19:34 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-09-05 20:02 - 2014-09-05 20:04 - 21070065 _____ (LucasArts) C:\Users\Thomas Ratzke\Downloads\focupdate1_1.exe 2014-09-05 20:00 - 2014-09-05 20:04 - 11841286 _____ () C:\Users\Thomas Ratzke\Downloads\eaw-mappack_1-4_setup.zip 2014-09-05 19:59 - 2014-09-05 20:01 - 05926152 _____ () C:\Users\Thomas Ratzke\Downloads\eawmapeditor.zip 2014-09-05 19:34 - 2014-09-05 19:34 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\Petroglyph 2014-09-05 19:33 - 2014-09-05 19:35 - 22706524 _____ (LucasArts) C:\Users\Thomas Ratzke\Downloads\eawupdate1_5.exe 2014-09-05 19:29 - 2014-09-07 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts 2014-09-05 19:29 - 2014-09-07 16:21 - 00000000 ____D () C:\Program Files (x86)\LucasArts 2014-09-03 18:06 - 2014-09-03 18:15 - 116901014 _____ () C:\Users\Thomas Ratzke\Downloads\SS_DE_1.00_1.10_Patch.zip 2014-09-03 17:43 - 2014-09-03 17:43 - 00178800 _____ (Sony DADC Austria AG.) C:\windows\SysWOW64\CmdLineExt_x64.dll 2014-09-03 17:27 - 2014-09-03 17:27 - 00003068 _____ () C:\windows\System32\Tasks\{5711C5F7-3642-4CFD-80F9-9937DDC340FB} 2014-09-03 17:25 - 2014-09-03 17:25 - 00735456 _____ () C:\Users\Thomas Ratzke\Downloads\SS_DE_1.10_1.20_Patch.exe 2014-08-31 19:28 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll 2014-08-31 19:28 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll 2014-08-30 05:57 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys 2014-08-30 05:57 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-08-30 05:57 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-08-30 05:57 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll 2014-08-30 05:57 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll 2014-08-30 05:57 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll 2014-08-30 05:57 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll 2014-08-30 05:57 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll 2014-08-30 05:57 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll 2014-08-30 05:57 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll 2014-08-30 05:57 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe 2014-08-30 05:57 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe 2014-08-30 05:57 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll 2014-08-30 05:57 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe 2014-08-30 05:57 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll 2014-08-30 05:57 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe 2014-08-30 05:54 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2014-08-30 05:54 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll 2014-08-30 05:54 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-08-29 20:13 - 2014-08-29 20:13 - 00000679 _____ () C:\Users\Public\Desktop\Dark Crusade.lnk 2014-08-29 20:12 - 2014-08-29 20:12 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\InstallShield 2014-08-29 19:58 - 2014-08-29 20:27 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Local\Battle.net 2014-08-29 19:58 - 2014-08-29 20:10 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\Battle.net 2014-08-29 19:57 - 2014-08-29 19:57 - 00001122 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2014-08-29 19:57 - 2014-08-29 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2014-08-29 19:57 - 2014-08-29 19:57 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-08-29 17:17 - 2014-08-29 17:17 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-08-29 17:17 - 2014-08-29 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-08-29 17:17 - 2014-08-29 17:17 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-08-29 17:17 - 2014-08-29 17:17 - 00000000 ____D () C:\Program Files\iTunes 2014-08-29 17:17 - 2014-08-29 17:17 - 00000000 ____D () C:\Program Files\iPod 2014-08-29 17:04 - 2014-08-29 17:07 - 113492816 _____ (Apple Inc.) C:\Users\Thomas Ratzke\Downloads\iTunes64Setup.exe 2014-08-27 10:39 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll 2014-08-27 10:39 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll 2014-08-27 10:39 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll 2014-08-27 10:39 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe 2014-08-27 10:39 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll 2014-08-27 10:39 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll 2014-08-27 10:39 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll 2014-08-27 10:39 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll 2014-08-27 10:39 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll 2014-08-27 10:39 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll 2014-08-27 10:39 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll 2014-08-27 10:39 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll 2014-08-27 10:39 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe 2014-08-27 10:39 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe 2014-08-23 17:32 - 2014-08-23 17:32 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-08-16 03:02 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll 2014-08-16 03:02 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll 2014-08-16 03:02 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe 2014-08-16 03:02 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe 2014-08-16 03:02 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe 2014-08-16 03:02 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll 2014-08-16 03:02 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe 2014-08-16 03:02 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll 2014-08-16 00:39 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll 2014-08-16 00:39 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll 2014-08-16 00:39 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll 2014-08-16 00:39 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll 2014-08-16 00:39 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll 2014-08-16 00:39 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe 2014-08-16 00:39 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll 2014-08-16 00:39 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll 2014-08-16 00:39 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll 2014-08-16 00:38 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2014-08-16 00:38 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll 2014-08-16 00:38 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys 2014-08-16 00:36 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll 2014-08-16 00:36 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-11 18:38 - 2014-09-10 18:25 - 00022375 _____ () C:\Users\Thomas Ratzke\Downloads\FRST.txt 2014-09-11 18:37 - 2014-09-10 18:25 - 00000000 ____D () C:\FRST 2014-09-11 18:35 - 2014-09-10 19:35 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-11 18:35 - 2011-04-20 22:08 - 00001120 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-11 18:15 - 2011-04-20 22:08 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-11 18:14 - 2011-05-08 19:55 - 00001152 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1218043409-3151763047-2122344536-1001UA.job 2014-09-11 18:04 - 2010-12-18 00:02 - 01085741 _____ () C:\windows\WindowsUpdate.log 2014-09-11 18:02 - 2009-07-14 06:45 - 00025600 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-11 18:02 - 2009-07-14 06:45 - 00025600 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-11 18:01 - 2014-05-08 03:19 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-09-11 17:54 - 2014-09-10 17:39 - 00000280 _____ () C:\windows\setupact.log 2014-09-11 17:54 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-09-11 17:53 - 2014-09-10 19:07 - 00002760 _____ () C:\windows\PFRO.log 2014-09-10 20:36 - 2013-08-15 09:56 - 00000000 ____D () C:\windows\system32\MRT 2014-09-10 20:32 - 2011-04-20 21:32 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-09-10 20:17 - 2014-09-10 18:32 - 00134070 _____ () C:\Users\Thomas Ratzke\Downloads\Shortcut.txt 2014-09-10 20:17 - 2014-09-10 18:28 - 00059762 _____ () C:\Users\Thomas Ratzke\Downloads\Addition.txt 2014-09-10 20:12 - 2010-12-18 00:46 - 00000000 ____D () C:\windows\PCHEALTH 2014-09-10 20:08 - 2010-12-18 00:42 - 00000000 ____D () C:\Program Files\Lenovo 2014-09-10 20:08 - 2010-12-18 00:01 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-09-10 20:08 - 2010-12-18 00:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo 2014-09-10 20:04 - 2014-09-10 20:04 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\Roxio Log Files 2014-09-10 19:51 - 2011-05-06 18:24 - 00000000 ____D () C:\Program Files (x86)\Ubisoft 2014-09-10 19:34 - 2014-09-10 19:34 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-10 19:34 - 2014-09-10 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-10 19:34 - 2014-09-10 19:34 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-10 19:34 - 2014-09-10 19:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-10 19:26 - 2014-09-10 19:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Thomas Ratzke\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-10 19:23 - 2014-09-10 19:23 - 00003518 _____ () C:\Users\Thomas Ratzke\Desktop\JRT.txt 2014-09-10 19:19 - 2014-09-10 19:19 - 00000000 ____D () C:\windows\ERUNT 2014-09-10 19:13 - 2014-09-10 19:13 - 01016261 _____ (Thisisu) C:\Users\Thomas Ratzke\Downloads\JRT.exe 2014-09-10 19:06 - 2014-09-10 19:02 - 00000000 ____D () C:\AdwCleaner 2014-09-10 19:06 - 2013-05-25 12:51 - 00001011 _____ () C:\Users\Thomas Ratzke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-09-10 19:06 - 2011-05-08 20:00 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-09-10 19:06 - 2011-04-20 19:13 - 00001198 _____ () C:\Users\Thomas Ratzke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (32 Bit).lnk 2014-09-10 19:02 - 2014-09-10 19:02 - 01370483 _____ () C:\Users\Thomas Ratzke\Downloads\adwcleaner_3.309.exe 2014-09-10 18:25 - 2014-09-10 18:24 - 02105856 _____ (Farbar) C:\Users\Thomas Ratzke\Downloads\FRST64.exe 2014-09-10 18:10 - 2011-04-20 19:55 - 00003990 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{73A8952D-2499-43E8-851C-D88DA5E487FD} 2014-09-10 18:07 - 2014-09-10 18:07 - 00464381 _____ () C:\Users\Thomas Ratzke\Downloads\SpyHunterKiller.exe 2014-09-10 17:59 - 2014-09-10 17:59 - 00001268 _____ () C:\Users\Thomas Ratzke\Desktop\Revo Uninstaller.lnk 2014-09-10 17:59 - 2014-09-10 17:59 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-09-10 17:59 - 2014-09-10 17:58 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Thomas Ratzke\Downloads\revosetup95.exe 2014-09-10 17:57 - 2014-09-07 15:56 - 00000000 ____D () C:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-09-10 17:39 - 2014-09-10 17:39 - 00000000 _____ () C:\windows\setuperr.log 2014-09-10 17:39 - 2013-03-16 11:53 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-09-10 17:38 - 2014-09-10 17:38 - 00402328 _____ () C:\windows\system32\FNTCACHE.DAT 2014-09-09 17:34 - 2011-05-08 19:55 - 00001100 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1218043409-3151763047-2122344536-1001Core.job 2014-09-09 17:34 - 2011-04-21 21:09 - 00050176 _____ () C:\Users\Thomas Ratzke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-09-09 17:26 - 2014-09-09 17:25 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Thomas Ratzke\Downloads\sh-remover.exe 2014-09-07 18:08 - 2011-04-30 11:16 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Local\DVD Profiler 2014-09-07 16:21 - 2014-09-05 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts 2014-09-07 16:21 - 2014-09-05 19:29 - 00000000 ____D () C:\Program Files (x86)\LucasArts 2014-09-07 15:57 - 2014-09-07 15:57 - 00120224 _____ () C:\Users\Thomas Ratzke\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-07 15:57 - 2014-09-07 15:57 - 00000000 _____ () C:\autoexec.bat 2014-09-07 15:56 - 2014-09-07 15:56 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-09-07 15:55 - 2014-09-07 15:55 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Thomas Ratzke\Downloads\SpyHunter-Installer.exe 2014-09-07 15:52 - 2013-03-16 11:53 - 00003824 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-09-07 15:37 - 2011-04-25 11:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-09-07 15:32 - 2014-05-23 21:53 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-09-07 15:32 - 2011-05-08 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-09-07 15:32 - 2011-05-08 18:50 - 00000000 ____D () C:\Program Files\CCleaner 2014-09-07 07:30 - 2011-04-22 11:39 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Local\Windows Live 2014-09-07 07:28 - 2014-09-07 07:28 - 00141401 _____ () C:\Users\Thomas Ratzke\Downloads\Anhänge_201497.zip 2014-09-07 07:28 - 2009-09-14 08:03 - 03030668 _____ () C:\windows\system32\perfh007.dat 2014-09-07 07:28 - 2009-09-14 08:03 - 00885842 _____ () C:\windows\system32\perfc007.dat 2014-09-07 07:28 - 2009-07-14 07:13 - 00006458 _____ () C:\windows\system32\PerfStringBackup.INI 2014-09-06 20:47 - 2011-04-25 11:56 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2014-09-06 19:47 - 2014-09-06 19:41 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-09-06 19:44 - 2014-09-06 19:44 - 00000000 ____D () C:\Users\Thomas Ratzke\Documents\ProcAlyzer Dumps 2014-09-06 19:42 - 2014-09-06 19:42 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking 2014-09-06 19:42 - 2014-09-06 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-09-06 19:41 - 2014-09-06 19:41 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-09-06 19:41 - 2014-09-06 19:41 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-09-06 19:34 - 2014-09-06 19:14 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-09-06 19:23 - 2011-04-25 11:40 - 00000000 ____D () C:\windows\pss 2014-09-06 19:17 - 2014-09-06 19:17 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Local\com 2014-09-06 19:15 - 2014-09-06 19:15 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf 2014-09-06 19:14 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy 2014-09-06 18:43 - 2010-12-18 00:42 - 00000000 ____D () C:\ProgramData\InstallShield 2014-09-06 18:42 - 2011-04-28 21:39 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-09-05 20:04 - 2014-09-05 20:02 - 21070065 _____ (LucasArts) C:\Users\Thomas Ratzke\Downloads\focupdate1_1.exe 2014-09-05 20:04 - 2014-09-05 20:00 - 11841286 _____ () C:\Users\Thomas Ratzke\Downloads\eaw-mappack_1-4_setup.zip 2014-09-05 20:01 - 2014-09-05 19:59 - 05926152 _____ () C:\Users\Thomas Ratzke\Downloads\eawmapeditor.zip 2014-09-05 19:35 - 2014-09-05 19:33 - 22706524 _____ (LucasArts) C:\Users\Thomas Ratzke\Downloads\eawupdate1_5.exe 2014-09-05 19:34 - 2014-09-05 19:34 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\Petroglyph 2014-09-05 04:10 - 2014-09-10 20:32 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-09-05 04:05 - 2014-09-10 20:32 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-09-04 19:47 - 2014-07-09 09:13 - 00000045 _____ () C:\user.js 2014-09-03 18:15 - 2014-09-03 18:06 - 116901014 _____ () C:\Users\Thomas Ratzke\Downloads\SS_DE_1.00_1.10_Patch.zip 2014-09-03 17:43 - 2014-09-03 17:43 - 00178800 _____ (Sony DADC Austria AG.) C:\windows\SysWOW64\CmdLineExt_x64.dll 2014-09-03 17:40 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF 2014-09-03 17:27 - 2014-09-03 17:27 - 00003068 _____ () C:\windows\System32\Tasks\{5711C5F7-3642-4CFD-80F9-9937DDC340FB} 2014-09-03 17:25 - 2014-09-03 17:25 - 00735456 _____ () C:\Users\Thomas Ratzke\Downloads\SS_DE_1.10_1.20_Patch.exe 2014-08-31 21:00 - 2011-04-22 11:40 - 00000000 ____D () C:\Users\Thomas Ratzke\E-Mail 2014-08-31 20:40 - 2013-03-02 15:25 - 00000000 ____D () C:\Program Files (x86)\The GodFather 2014-08-30 05:50 - 2013-01-11 21:03 - 00000000 ____D () C:\Program Files (x86)\ffdshow 2014-08-29 20:27 - 2014-08-29 19:58 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Local\Battle.net 2014-08-29 20:13 - 2014-08-29 20:13 - 00000679 _____ () C:\Users\Public\Desktop\Dark Crusade.lnk 2014-08-29 20:13 - 2011-04-29 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ 2014-08-29 20:12 - 2014-08-29 20:12 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\InstallShield 2014-08-29 20:12 - 2011-04-20 21:44 - 00000000 ____D () C:\Games 2014-08-29 20:10 - 2014-08-29 19:58 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\Battle.net 2014-08-29 19:57 - 2014-08-29 19:57 - 00001122 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2014-08-29 19:57 - 2014-08-29 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2014-08-29 19:57 - 2014-08-29 19:57 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-08-29 17:17 - 2014-08-29 17:17 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-08-29 17:17 - 2014-08-29 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-08-29 17:17 - 2014-08-29 17:17 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-08-29 17:17 - 2014-08-29 17:17 - 00000000 ____D () C:\Program Files\iTunes 2014-08-29 17:17 - 2014-08-29 17:17 - 00000000 ____D () C:\Program Files\iPod 2014-08-29 17:17 - 2011-11-18 22:10 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-08-29 17:07 - 2014-08-29 17:04 - 113492816 _____ (Apple Inc.) C:\Users\Thomas Ratzke\Downloads\iTunes64Setup.exe 2014-08-23 17:33 - 2014-05-16 07:12 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-23 17:32 - 2014-08-23 17:32 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-08-23 17:32 - 2012-11-16 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-23 17:32 - 2012-11-16 23:07 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-08-23 04:07 - 2014-08-30 05:54 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2014-08-23 03:45 - 2014-08-30 05:54 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll 2014-08-23 02:59 - 2014-08-30 05:54 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-08-20 10:57 - 2011-05-09 19:00 - 00000000 ___RD () C:\Users\Melanie Ratzke\Virtual Machines 2014-08-19 20:05 - 2014-09-10 20:38 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-08-19 19:39 - 2014-09-10 20:38 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2014-08-19 01:01 - 2014-09-10 20:38 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-08-19 00:29 - 2014-09-10 20:38 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-08-19 00:29 - 2014-09-10 20:38 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-08-19 00:26 - 2014-09-10 20:38 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-08-19 00:20 - 2014-09-10 20:38 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-08-19 00:19 - 2014-09-10 20:38 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-08-19 00:15 - 2014-09-10 20:38 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-08-19 00:15 - 2014-09-10 20:38 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-08-19 00:14 - 2014-09-10 20:38 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-08-19 00:14 - 2014-09-10 20:38 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-08-19 00:08 - 2014-09-10 20:38 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-08-19 00:08 - 2014-09-10 20:38 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-08-19 00:08 - 2014-09-10 20:38 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-08-19 00:05 - 2014-09-10 20:38 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-08-19 00:03 - 2014-09-10 20:38 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-08-19 00:03 - 2014-09-10 20:38 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-08-19 00:03 - 2014-09-10 20:38 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-08-18 23:57 - 2014-09-10 20:38 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-08-18 23:56 - 2014-09-10 20:38 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-08-18 23:51 - 2014-09-10 20:38 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-08-18 23:46 - 2014-09-10 20:38 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2014-08-18 23:45 - 2014-09-10 20:38 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-08-18 23:45 - 2014-09-10 20:38 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-08-18 23:44 - 2014-09-10 20:38 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2014-08-18 23:44 - 2014-09-10 20:38 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-08-18 23:42 - 2014-09-10 20:38 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-08-18 23:40 - 2014-09-10 20:38 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-08-18 23:39 - 2014-09-10 20:38 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-08-18 23:39 - 2014-09-10 20:38 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-08-18 23:39 - 2014-09-10 20:38 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-08-18 23:38 - 2014-09-10 20:38 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-08-18 23:37 - 2014-09-10 20:38 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-08-18 23:36 - 2014-09-10 20:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-08-18 23:35 - 2014-09-10 20:38 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-08-18 23:27 - 2014-09-10 20:38 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2014-08-18 23:25 - 2014-09-10 20:38 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-08-18 23:25 - 2014-09-10 20:38 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-08-18 23:23 - 2014-09-10 20:38 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-08-18 23:23 - 2014-09-10 20:38 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-08-18 23:22 - 2014-09-10 20:38 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-08-18 23:19 - 2014-09-10 20:38 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-08-18 23:17 - 2014-09-10 20:38 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-08-18 23:17 - 2014-09-10 20:38 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-08-18 23:16 - 2014-09-10 20:38 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-08-18 23:15 - 2014-09-10 20:38 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-08-18 23:15 - 2014-09-10 20:38 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-08-18 23:09 - 2014-09-10 20:38 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-08-18 23:08 - 2014-09-10 20:38 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-08-18 23:07 - 2014-09-10 20:38 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2014-08-18 22:55 - 2014-09-10 20:38 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-08-18 22:46 - 2014-09-10 20:38 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-08-18 22:38 - 2014-09-10 20:38 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-08-18 22:38 - 2014-09-10 20:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-08-18 22:36 - 2014-09-10 20:38 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-08-16 09:39 - 2011-04-25 11:52 - 00000000 ___RD () C:\Users\Thomas Ratzke\Virtual Machines 2014-08-16 03:38 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions 2014-08-15 19:44 - 2012-11-16 23:07 - 00000000 ____D () C:\ProgramData\Avira Files to move or delete: ==================== C:\ProgramData\flashax10.exe C:\Users\Public\dcmsvcsetup.exe C:\Users\Public\invokesi.exe Some content of TEMP: ==================== C:\Users\Luke Ratzke\AppData\Local\Temp\AskSLib.dll C:\Users\Melanie Ratzke\AppData\Local\Temp\AskSLib.dll C:\Users\Melanie Ratzke\AppData\Local\Temp\avgnt.exe C:\Users\Thomas Ratzke\AppData\Local\Temp\avgnt.exe C:\Users\Thomas Ratzke\AppData\Local\Temp\drm_dialogs.dll C:\Users\Thomas Ratzke\AppData\Local\Temp\Quarantine.exe C:\Users\Thomas Ratzke\AppData\Local\Temp\SHSetup.exe C:\Users\Thomas Ratzke\AppData\Local\Temp\_is3F50.exe C:\Users\Thomas Ratzke\AppData\Local\Temp\_isB220.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-28 12:43 ==================== End Of Log ============================ |
|
12.09.2014, 08:01
| #11 |
| /// TB-Ausbilder | Spy Hunter 4 & iStartSurf Ok, hauen wir mal ein paar Sachen raus: Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-1218043409-3151763047-2122344536-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1218043409-3151763047-2122344536-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1218043409-3151763047-2122344536-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1218043409-3151763047-2122344536-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1218043409-3151763047-2122344536-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1218043409-3151763047-2122344536-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1218043409-3151763047-2122344536-1003\User: Group Policy restriction detected <======= ATTENTION
S3 CBTNDIS4; \??\C:\windows\system32\CBTNDIS4.SYS [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S2 iPodDrv; \??\C:\windows\system32\drivers\iPodDrv.sys [X]
emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Downloade Dir bitte  SecurityCheck und:
ESET Scan dauert länger ! ESET Online Scanner
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
13.09.2014, 04:37
| #12 |
| |  Spy Hunter 4 & iStartSurfCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Thomas Ratzke at 2014-09-12 16:05:43 Run:1
Running from C:\Users\Thomas Ratzke\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-21-1218043409-3151763047-2122344536-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1218043409-3151763047-2122344536-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1218043409-3151763047-2122344536-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1218043409-3151763047-2122344536-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1218043409-3151763047-2122344536-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1218043409-3151763047-2122344536-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1218043409-3151763047-2122344536-1003\User: Group Policy restriction detected <======= ATTENTION
S3 CBTNDIS4; \??\C:\windows\system32\CBTNDIS4.SYS [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S2 iPodDrv; \??\C:\windows\system32\drivers\iPodDrv.sys [X]
emptytemp:
*****************
HKU\S-1-5-21-1218043409-3151763047-2122344536-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => value deleted successfully.
HKU\S-1-5-21-1218043409-3151763047-2122344536-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => value deleted successfully.
HKU\S-1-5-21-1218043409-3151763047-2122344536-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => value deleted successfully.
HKU\S-1-5-21-1218043409-3151763047-2122344536-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => value deleted successfully.
HKU\S-1-5-21-1218043409-3151763047-2122344536-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => value deleted successfully.
HKU\S-1-5-21-1218043409-3151763047-2122344536-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => value deleted successfully.
C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\windows\system32\GroupPolicyUsers\S-1-5-21-1218043409-3151763047-2122344536-1003\User => Moved successfully.
CBTNDIS4 => Service deleted successfully.
esgiguard => Service deleted successfully.
iPodDrv => Service deleted successfully.
EmptyTemp: => Removed 945 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====
Code:
ATTFilter Results of screen317's Security Check version 0.99.87 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File Spybot - Search & Destroy Adobe Reader 10.1.1 Adobe Reader out of Date! Google Chrome 36.0.1985.143 Google Chrome 37.0.2062.103 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Spybot Teatimer.exe is disabled! Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Obwohl ich ein 64-Bit-System habe, wurde unter Programme kein Eset-Ordner angelegt, lediglich unter Programme (x86). Ohne es wirklich beurteilen zu können: das sieht ja gar nicht gut aus... Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c8ccf40d68a3cb41892d4bbe63d8edf5
# engine=20127
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-13 02:22:04
# local_time=2014-09-13 04:22:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 44350 275994614 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 43458 162204774 0 0
# scanned=914536
# found=26
# cleaned=0
# scan_time=41563
sh=53F226B3D1D3828304E40C6C7A50667ADF23B42A ft=1 fh=e1ea10a5e9416a5c vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=0CB68F399D491465198E3E86F1D2923A211614E7 ft=1 fh=021f675753f993f2 vn="Win64/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=86EA851108D635D9ED47C01E86899845DFDA3EC7 ft=1 fh=90733a3b10b3e858 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe.vir"
sh=12EBF6FC8AD543662053CA101C2D5DA175137EB2 ft=1 fh=c71c00119e5c1a87 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe.vir"
sh=8F0ABE23DDA3F9DC04497B1A4F455AF8CE9D45B8 ft=1 fh=787e176d56997de7 vn="Win64/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe.vir"
sh=30E2FB1C671B2808D2E80518D793575965AF2416 ft=1 fh=d06e6f3f3f60e357 vn="Variante von Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir"
sh=AC11914CC02E023E2EF06A80DEE1701419A5473A ft=1 fh=4cb2d0bd10147652 vn="Win64/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=36F969E522FD53A189312D946C430EFD02D5A982 ft=1 fh=5d022c015afe1524 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe.vir"
sh=D037F58CF4B36F3B437FAA0D9500720445B27D65 ft=1 fh=b07c7921935b766c vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=4139F95644E13A650D4827C943BCC9F2F0F6AA93 ft=1 fh=3b96e1736604b8bc vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir"
sh=0251A98359989D3FF7386BAD50BC485040A95924 ft=1 fh=0cf885787e233dea vn="Variante von Win64/Adware.AddLyrics.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver9Re-markit\x64\TandemRunner.exe.vir"
sh=36F969E522FD53A189312D946C430EFD02D5A982 ft=1 fh=5d022c015afe1524 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=5D069A14EF7ECA6CCD14F2E16CCFDA4BFC19D71C ft=1 fh=51dcde48c46cf518 vn="möglicherweise Variante von MSIL/Toolbar.Linkury.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thomas Ratzke\AppData\Roaming\OpenCandy\F4B0460357D346C5A0C7D4A03FDB3F95\LinkuryInstaller_p1v15.exe.vir"
sh=633BC524428DEF52C6A1DFFF6593B1C6054A480B ft=1 fh=76b4636b0ec33ffb vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\System32\roboot64.exe.vir"
sh=0788F9BA8535DB4FA464484181B5E01BBD2C4EC5 ft=0 fh=0000000000000000 vn="möglicherweise Variante von MSIL/Toolbar.Linkury.A evtl. unerwünschte Anwendung" ac=I fn="G:\THOMASRATZKE-PC\Backup Set 2014-08-04 204947\Backup Files 2014-08-04 204947\Backup files 119.zip"
sh=759890C8C29109C6CEAB41747D0A2044C93B4C55 ft=0 fh=0000000000000000 vn="Win32/InstallMonetizer.AN evtl. unerwünschte Anwendung" ac=I fn="G:\THOMASRATZKE-PC\Backup Set 2014-08-04 204947\Backup Files 2014-08-04 204947\Backup files 133.zip"
sh=33F06C9C5BAED4E4DA3EA0DD6B48E1A6E3424922 ft=1 fh=cac44e7c46f9437f vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="I:\Downloads\Software\Setup_FreeConverter.exe"
sh=8854C7C28938FD9E6E729DB0DDC652B5D7B1A5D2 ft=1 fh=cac44e7c63bcf1bb vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="I:\Downloads\Software\Setup_FreeFlvConverter.exe"
sh=71DD1A2BCA8F0D4B674A7CA096DF64B7C15370F1 ft=1 fh=cac44e7c466ca804 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="I:\Downloads\Software\Setup_FreeIpodConverter.exe"
sh=1758F77A52B316BCBCA720102428CF5E444A4FCF ft=1 fh=cac44e7ca5fd5721 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="I:\Downloads\Software\Setup_FreeVideoConverter.exe"
sh=B09F1FF3A086A8B0F99C3AE0793CBDD5DD34B513 ft=1 fh=cac44e7c3e7c07b5 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="I:\Downloads\Software\Setup_FreeVideoPhoneConverter.exe"
sh=1D80D7DDD273FB72A85863E5EF417A7572DF122D ft=1 fh=fac99307de9fff25 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="I:\Downloads\Software\Setup_MoviesToDVD.exe"
sh=7C914325EC5A4353C2A401B32ED302BC814EFF12 ft=1 fh=cac44e7c5fbadd59 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="I:\Users\Thomas Ratzke\Downloads\Setup_FreeConverter.exe"
sh=837498BF1E866E53C1E8F808C3F321052A1D23EE ft=1 fh=cac44e7cf59ccb9e vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="I:\Users\Thomas Ratzke\Downloads\Setup_FreeFlvConverter.exe"
sh=7C914325EC5A4353C2A401B32ED302BC814EFF12 ft=1 fh=cac44e7c5fbadd59 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="I:\Users\Thomas Ratzke\Downloads\Software\Setup_FreeConverter.exe"
sh=6F771E93DEDF77F6D321861F91866B3296EB9E48 ft=1 fh=cac44e7cf1c2f416 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="I:\Users\Thomas Ratzke\Downloads\Software\Setup_FreeVideoConverter.exe"
|
|
14.09.2014, 10:29
| #13 | |
| /// TB-Ausbilder | Spy Hunter 4 & iStartSurf Nö das ist halb so wild. Zitat:
Der Rest sind Meldungen aus der Quarantäne. Ansonsten sind die Logs sauber ! Update: Adobe Reader Deinstalliere bitte deine aktuelle Version von Adobe Reader Start--> Systemsteuerung--> Software--> Adobe Reader und lade dir die neue Version von Hier herunter- Entferne den Haken für den McAfee SecurityScan bzw. Google Chrome. Die Reihenfolge ist hier entscheidend.
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ändere regelmäßig alle deine Passwörter, jetzt, nach der Bereinigung ist ein idealer Zeitpunkt dafür
Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti-Viren-Programm und zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden. Mozilla Firefox
Performance
Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
20.09.2014, 15:59
| #14 |
| | Spy Hunter 4 & iStartSurfCode:
ATTFilter # DelFix v10.8 - Datei am 20/09/2014 um 16:56:57 erstellt
# Aktualisiert am 29/07/2014 von Xplode
# Benutzer : Thomas Ratzke - THOMASRATZKE-PC
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
~ Entferne die Bereinigungsprogramme ...
Gelöscht : C:\FRST
Gelöscht : C:\AdwCleaner
Gelöscht : C:\log.txt
Gelöscht : C:\Users\Thomas Ratzke\Desktop\JRT.txt
Gelöscht : C:\Users\Thomas Ratzke\Downloads\Addition.txt
Gelöscht : C:\Users\Thomas Ratzke\Downloads\adwcleaner_3.309.exe
Gelöscht : C:\Users\Thomas Ratzke\Downloads\esetsmartinstaller_deu.exe
Gelöscht : C:\Users\Thomas Ratzke\Downloads\Fixlog.txt
Gelöscht : C:\Users\Thomas Ratzke\Downloads\FRST.txt
Gelöscht : C:\Users\Thomas Ratzke\Downloads\FRST64.exe
Gelöscht : C:\Users\Thomas Ratzke\Downloads\JRT.exe
Gelöscht : C:\Users\Thomas Ratzke\Downloads\SecurityCheck.exe
Gelöscht : C:\Users\Thomas Ratzke\Downloads\Shortcut.txt
Gelöscht : HKLM\SOFTWARE\AdwCleaner
########## - EOF - ##########
 Ich werde euch etwas spenden!Sind solche Programme wie AVIRA, Spybot, CCleaner oder ZoneAlarm zu empfehlen? Welche Kombination macht hier Sinn? |
|
20.09.2014, 16:53
| #15 | |
| /// TB-Ausbilder | Spy Hunter 4 & iStartSurfZitat:
Der folgende Abschnitt ist meine persönliche Meinung  Du hast Avira Free als Virenschutz installiert und das ist "leider" ein zweischneidiges Schwert. Zum einen ist es ein Virenschutz, zum anderen Adware, denn die Free Version von Avira bringt die AskToolbar mit, ohne die der Surfschutz nicht funktioniert. Deswegen würde ich dir "persönlich" ein anderes Produkt empfehlen. Als kostenlose Alternative nenne ich: Spybot S+D ist in die Jahre gekommen, wechsel lieber zu Malwarebytes AntiMalware. Firewalls gehören vor den Rechner, nicht darauf. Wenns schon ne Software Firewall sein soll, würd ich ne Komplettlösung AV+Firewall nutzen.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
Linear-Darstellung
