Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Verdacht auf KeyLogger

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.01.2015, 19:02   #1
anderesding
 
Verdacht auf KeyLogger - Frage

Verdacht auf KeyLogger



Hallo TB!

Nachdem ich eine ausführbare Datei (leider erst nach dem öffnen) auf virustotal.com gescannt habe hat mich AegisLab mit dem Fund: "Troj.Spy.MSIL.KeyLogger" misstrauisch gemacht, sodass ich überall Angst habe meine Passwörter einzutippen.
Scan -->https://www.virustotal.com/en/file/8dcbbef5e6b66ffd919a73a0ea190f605a25a20a235e3349cec6b03e8964b54f/analysis/

Ich hoffe ihr könnt mir helfen, damit ich wieder in Ruhe mein PC bedienen kann

Hier ein FRST scan:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Utq (administrator) on Z5PLUS on 08-01-2015 18:37:49
Running from C:\Users\Utq\Downloads\Firefox
Loaded Profile: Utq (Available profiles: Utq & Utq2_000)
Platform: Windows 8 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Softwareentwicklung Remus - ArchiCrypt) C:\Program Files (x86)\ArchiCrypt\ArchiCrypt Shredder 6\ArchiCryptInjector64.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Dropbox, Inc.) C:\Users\Utq\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3921089224-1379259845-2437648751-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3921089224-1379259845-2437648751-1001\...\Run: [ArchiCrypt Shredder 6] => [X]
HKU\S-1-5-21-3921089224-1379259845-2437648751-1001\...\Run: [ArchiCrypt Scheduler 6] => [X]
HKU\S-1-5-21-3921089224-1379259845-2437648751-1001\...\Run: [ArchiCrypt SecureDZone] => [X]
HKU\S-1-5-21-3921089224-1379259845-2437648751-1001\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
Startup: C:\Users\Utq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Utq\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Utq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-3921089224-1379259845-2437648751-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.strtpoint.com/?v=insMac&t=1411&ap=578080078
HKU\S-1-5-21-3921089224-1379259845-2437648751-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
SearchScopes: HKU\S-1-5-21-3921089224-1379259845-2437648751-1001 -> {37A80672-91A9-4362-9BF4-8D3EFB792F4E} URL = hxxp://search.strtpoint.com/results.html?v=insMac&t=1411&ap=578080078&q={searchTerms}&r=320
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKU\S-1-5-21-3921089224-1379259845-2437648751-1001 -> No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-3921089224-1379259845-2437648751-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Utq\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\searchplugins\startpointkms.xml
FF Extension: Avira Browser Safety - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\abs@avira.com [2014-12-11]
FF Extension: Image Picker - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\ImagePicker@topolog.org [2014-08-07]
FF Extension: Avira SafeSearch - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\safesearch@avira.com [2014-12-04]
FF Extension: DownloadHelper - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-07]
FF Extension: Blank Your Monitor + Easy Reading - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\bym@savetheworld.org.xpi [2014-07-27]
FF Extension: Firebug - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\firebug@software.joehewitt.com.xpi [2014-10-29]
FF Extension: Dolphin Connect - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\jid1-79nQAfjhUybb3A@jetpack.xpi [2014-11-18]
FF Extension: Google Similar Images - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\nishan.naseer.googimagesearch@gmail.com.xpi [2014-06-11]
FF Extension: NoSquint - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\nosquint@urandom.ca.xpi [2014-10-19]
FF Extension: UAControl - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\uacontrol@qz.tsugumi.org.xpi [2014-10-19]
FF Extension: Quick Translator - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2015-01-02]
FF Extension: NoScript - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-11]
FF Extension: Adblock Plus - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-28]
FF Extension: Tab Mix Plus - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-10-29]

Chrome: 
=======
CHR Profile: C:\Users\Utq\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Utq\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-26]
CHR Extension: (Google Docs) - C:\Users\Utq\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-26]
CHR Extension: (Google Drive) - C:\Users\Utq\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Utq\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-26]
CHR Extension: (YouTube) - C:\Users\Utq\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-26]
CHR Extension: (Google-Suche) - C:\Users\Utq\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-26]
CHR Extension: (Google Tabellen) - C:\Users\Utq\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-26]
CHR Extension: (Google Wallet) - C:\Users\Utq\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-26]
CHR Extension: (Google Mail) - C:\Users\Utq\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 ArchiCrypt Sichere Loeschzonen; C:\Program Files (x86)\ArchiCrypt\ArchiCrypt Shredder 6\ArchiCryptInjector64.exe [320600 2013-10-21] (Softwareentwicklung Remus - ArchiCrypt)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-18] (Nero AG)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-08-13] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [34640 2012-08-09] (ASRock Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-04-23] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
S3 HPMo4DE3; C:\Windows\System32\drivers\HPMo4DE3.sys [25088 2011-03-09] (TPMX Electronics Ltd.) [File not signed]
S3 HPub4DE3; C:\Windows\System32\Drivers\HPub4DE3.sys [18432 2011-04-12] (TPMX Electronics Ltd.) [File not signed]
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [31136 2013-07-03] (REALiX(tm))
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 sthid; C:\Windows\System32\drivers\sthid.sys [21216 2014-08-06] (Splashtop Inc.)
S3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 vjoy; C:\Windows\System32\drivers\vjoy.sys [44656 2014-09-15] (Shaul Eizikovich)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-08 18:37 - 2015-01-08 18:37 - 00000000 ____D () C:\FRST
2015-01-08 18:36 - 2015-01-08 18:36 - 00000000 _____ () C:\Users\Utq\defogger_reenable
2015-01-07 18:55 - 2015-01-07 18:55 - 01317328 _____ () C:\Users\Utq\Desktop\Screenshot_2015-01-07-16-56-02.pdn
2015-01-06 09:59 - 2015-01-06 09:59 - 00000806 _____ () C:\Users\Utq2_000\Desktop\Steam.exe - Verknüpfung.lnk
2015-01-06 09:58 - 2015-01-06 09:58 - 00000000 ____D () C:\Users\Utq2_000\AppData\Roaming\WinRAR
2015-01-06 09:53 - 2015-01-06 09:54 - 00000000 ___DC () C:\Users\Utq2_000\AppData\Local\MigWiz
2015-01-06 09:49 - 2015-01-06 09:49 - 00000000 ____D () C:\Users\Utq2_000\AppData\Roaming\Highresolution Enterprises
2015-01-04 18:23 - 2015-01-04 18:23 - 00000000 ____D () C:\Users\Utq\Documents\Fax
2015-01-02 01:09 - 2015-01-02 01:12 - 00000000 ____D () C:\Users\Utq\AppData\Local\next car game technology sneak peek
2015-01-02 00:25 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-01-02 00:25 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-01-02 00:25 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-01-02 00:25 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-01-02 00:25 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-01-02 00:25 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-01-02 00:25 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-01-02 00:25 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-01-02 00:25 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-01-02 00:25 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-01-02 00:25 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-01-02 00:25 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-01-02 00:25 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-01-02 00:25 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-01-02 00:25 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-01-02 00:25 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-01-02 00:25 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-01-02 00:25 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2015-01-02 00:25 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2015-01-02 00:25 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-01-02 00:25 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-01-02 00:25 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2015-01-02 00:25 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-01-02 00:25 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-01-02 00:25 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-01-02 00:25 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2015-01-02 00:25 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2015-01-02 00:25 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-01-02 00:25 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-01-02 00:25 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-01-02 00:25 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-01-02 00:25 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2015-01-02 00:25 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-01-02 00:25 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-01-02 00:25 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-01-02 00:25 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-01-02 00:25 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-01-02 00:25 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2015-01-02 00:25 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-01-02 00:25 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2015-01-02 00:25 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-01-02 00:25 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2015-01-02 00:25 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2015-01-02 00:25 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-01-02 00:25 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-01-02 00:25 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2015-01-02 00:25 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-01-02 00:25 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2015-01-02 00:25 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-01-02 00:25 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2015-01-02 00:25 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-01-02 00:25 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2015-01-02 00:25 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-01-02 00:25 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2015-01-02 00:25 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2015-01-02 00:25 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-01-02 00:25 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-01-02 00:25 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2015-01-02 00:25 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-01-02 00:25 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2015-01-02 00:25 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-01-02 00:25 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-01-02 00:25 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-01-02 00:25 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-01-02 00:25 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-01-02 00:25 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-01-02 00:25 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2015-01-02 00:25 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-01-02 00:25 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-01-02 00:25 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-01-02 00:25 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-01-02 00:25 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2015-01-02 00:25 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-01-02 00:25 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-01-02 00:25 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-01-02 00:25 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-01-02 00:25 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-01-02 00:25 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-01-02 00:25 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-01-02 00:25 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2015-01-02 00:25 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2015-01-02 00:25 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-01-02 00:25 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-01-02 00:25 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2015-01-02 00:25 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2015-01-02 00:25 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-01-02 00:25 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-01-02 00:25 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2015-01-02 00:25 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-01-02 00:25 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2015-01-02 00:25 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-01-02 00:25 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2015-01-02 00:25 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-01-02 00:25 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2015-01-02 00:25 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2015-01-02 00:25 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-01-02 00:25 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-01-02 00:25 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2015-01-02 00:25 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-01-02 00:25 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-01-02 00:25 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-01-02 00:25 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2015-01-02 00:25 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-01-02 00:25 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2015-01-02 00:25 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-01-02 00:25 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2015-01-02 00:25 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-01-02 00:25 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2015-01-02 00:25 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-01-02 00:25 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2015-01-02 00:25 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-01-02 00:25 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2015-01-02 00:25 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-01-02 00:25 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2015-01-02 00:25 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-01-02 00:25 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2015-01-02 00:25 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-01-02 00:25 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2015-01-02 00:25 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-01-02 00:25 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2015-01-02 00:24 - 2015-01-02 00:25 - 00016845 _____ () C:\Windows\DirectX.log
2015-01-02 00:24 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-01-02 00:24 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2015-01-02 00:24 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-01-02 00:24 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2015-01-02 00:24 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-01-02 00:24 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2015-01-02 00:24 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-01-02 00:24 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-01-02 00:24 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-01-02 00:24 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2015-01-02 00:24 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-01-02 00:24 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2015-01-02 00:24 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-01-02 00:24 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-01-02 00:24 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-01-02 00:24 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2015-01-02 00:24 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-01-02 00:24 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2015-01-02 00:24 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-01-02 00:24 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-01-02 00:24 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-01-02 00:24 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-01-02 00:24 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-01-02 00:24 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2015-01-02 00:24 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2015-01-02 00:24 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-01-02 00:24 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-01-02 00:24 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2015-01-02 00:24 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-01-02 00:24 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2015-01-02 00:24 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-01-02 00:24 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-01-02 00:24 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-01-02 00:24 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-01-02 00:24 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-01-02 00:24 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-01-02 00:24 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-01-02 00:24 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-01-02 00:24 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-01-02 00:24 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-01-02 00:24 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-01-02 00:24 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-01-02 00:24 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-01-02 00:24 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-01-02 00:24 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-01-02 00:24 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-01-02 00:24 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-01-02 00:24 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-01-02 00:24 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-01-02 00:24 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-01-02 00:24 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-01-02 00:24 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-01-02 00:24 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-01-02 00:24 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-01-02 00:24 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-01-02 00:24 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-01-02 00:24 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-01-02 00:24 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-01-02 00:24 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-01-02 00:24 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-01-02 00:24 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-01-02 00:24 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-01-01 21:25 - 2015-01-01 21:25 - 00002186 _____ () C:\Users\Utq\Desktop\Avira Free Antivirus starten.lnk
2014-12-29 23:08 - 2014-12-29 23:08 - 00001073 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-12-28 17:49 - 2014-12-28 17:49 - 00081408 ___SH () C:\Users\Utq2_000\Desktop\Thumbs.db
2014-12-28 11:46 - 2014-12-28 11:50 - 00000000 ____D () C:\Users\Utq\Desktop\GAME OF THE YEAR 420BLAZEIT
2014-12-26 10:49 - 2014-12-26 10:49 - 00000000 ____D () C:\Users\Utq\Documents\HTC
2014-12-25 17:58 - 2014-10-08 23:39 - 01603584 _____ (BahraniApps) C:\Users\Utq\Desktop\GifCam.exe
2014-12-25 17:48 - 2014-12-25 17:48 - 00000853 _____ () C:\Users\Utq\AppData\Local\recently-used.xbel
2014-12-25 11:26 - 2014-12-25 11:26 - 00003478 _____ () C:\Windows\System32\Tasks\StartPoint Updater
2014-12-25 11:26 - 2014-12-25 11:26 - 00001205 _____ () C:\Users\Utq\Desktop\Format Factory.lnk
2014-12-25 11:26 - 2014-12-25 11:26 - 00000000 ____D () C:\Users\Utq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-12-25 11:26 - 2014-12-25 11:26 - 00000000 ____D () C:\Users\Utq\AppData\Local\StartPoint
2014-12-25 11:26 - 2014-12-25 11:26 - 00000000 ____D () C:\ProgramData\Baidu
2014-12-25 11:26 - 2014-12-25 11:26 - 00000000 ____D () C:\Program Files (x86)\FreeTime
2014-12-25 09:59 - 2014-12-25 09:59 - 00230840 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2014-12-21 21:35 - 2014-10-09 05:00 - 01519104 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2014-12-21 21:35 - 2014-10-09 05:00 - 01484288 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2014-12-21 21:35 - 2014-10-09 05:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll
2014-12-21 21:35 - 2014-10-09 04:59 - 01195520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2014-12-21 21:35 - 2014-10-09 04:59 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll
2014-12-21 21:32 - 2014-12-09 08:12 - 00590816 _____ (Microsoft Corporation) C:\Windows\system32\AutoUpdate.exe
2014-12-21 21:32 - 2014-12-09 08:12 - 00467408 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-12-21 21:32 - 2014-10-30 08:20 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-21 21:32 - 2014-10-30 06:22 - 01569792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-21 19:27 - 2014-12-21 19:27 - 00000304 _____ () C:\Users\Utq\Desktop\Windows 8.1 - Nach Update auf Windows 8.1 hohe CPU-Last - Hope This Helps.URL
2014-12-21 17:20 - 2014-12-21 17:20 - 00001818 _____ () C:\Users\Utq\Desktop\Recuva.lnk
2014-12-21 17:18 - 2014-12-21 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2014-12-21 16:44 - 2014-12-25 19:09 - 00045568 ___SH () C:\Users\Utq\Documents\Thumbs.db
2014-12-21 09:42 - 2015-01-02 00:40 - 00000197 _____ () C:\Users\Utq\Desktop\gifoptzr.ini
2014-12-21 08:42 - 2002-06-18 13:06 - 00728576 _____ (Chemware Ltd) C:\Users\Utq\Desktop\GIFOptzr.exe
2014-12-21 08:42 - 2002-06-17 17:07 - 00001354 _____ () C:\Users\Utq\Desktop\ReadMe.txt
2014-12-19 12:25 - 2014-12-19 12:25 - 00000000 ____D () C:\Users\Utq\AppData\Roaming\EurekaLab s.a.s
2014-12-17 21:36 - 2015-01-08 16:36 - 00969216 ___SH () C:\Users\Utq\Desktop\Thumbs.db
2014-12-17 15:40 - 2014-05-25 14:33 - 03888736 _____ () C:\Users\Utq\Desktop\GTA - Vice City v1.03.apk
2014-12-16 13:08 - 2014-12-16 13:08 - 00000000 ____D () C:\Users\Utq\AppData\Local\TGE
2014-12-16 13:07 - 2014-12-19 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\o2
2014-12-15 14:55 - 2014-12-15 14:55 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-15 14:53 - 2014-12-15 15:12 - 00017404 _____ () C:\Windows\setupact.log
2014-12-15 14:53 - 2014-12-15 14:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-12-15 14:53 - 2014-12-15 14:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-14 14:04 - 2014-12-14 14:04 - 00000000 ____D () C:\Users\Utq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Animake
2014-12-14 14:04 - 2014-12-14 14:04 - 00000000 ____D () C:\Program Files (x86)\Animake
2014-12-13 13:01 - 2014-12-13 13:01 - 00000000 ____D () C:\usr
2014-12-12 20:05 - 2014-12-19 12:33 - 00000000 __HDC () C:\ProgramData\{CD3330DC-8B86-4AE3-B2E4-09E56CB3E702}
2014-12-12 13:26 - 2014-12-12 14:07 - 00000000 ____D () C:\Users\Utq\Desktop\vcmod_coderhire
2014-12-12 12:53 - 2014-07-28 23:22 - 00000000 ____D () C:\Users\Utq\Desktop\httrack

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-08 18:37 - 2014-09-11 18:10 - 00000000 ____D () C:\Users\Utq\Downloads\Firefox
2015-01-08 18:37 - 2013-06-28 18:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-08 18:36 - 2013-06-20 19:48 - 00000000 ____D () C:\Users\Utq
2015-01-08 18:25 - 2013-10-26 16:58 - 00000000 ____D () C:\Users\Utq\AppData\Roaming\ClassicShell
2015-01-08 18:20 - 2014-10-26 15:09 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-08 18:05 - 2012-07-26 11:27 - 00751892 _____ () C:\Windows\system32\perfh007.dat
2015-01-08 18:05 - 2012-07-26 11:27 - 00155620 _____ () C:\Windows\system32\perfc007.dat
2015-01-08 18:05 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-08 18:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2015-01-08 17:03 - 2013-06-20 19:54 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3921089224-1379259845-2437648751-1001
2015-01-08 16:54 - 2013-06-20 19:48 - 02020150 _____ () C:\Windows\WindowsUpdate.log
2015-01-08 16:38 - 2013-07-09 18:13 - 00000000 ___RD () C:\Users\Utq\Dropbox
2015-01-08 16:38 - 2013-07-09 18:07 - 00000000 ____D () C:\Users\Utq\AppData\Roaming\Dropbox
2015-01-08 16:36 - 2014-10-26 15:09 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-08 16:36 - 2014-04-07 19:49 - 00000000 ____D () C:\Users\Utq\AppData\Local\HTC MediaHub
2015-01-08 16:36 - 2013-11-29 13:37 - 00000000 ____D () C:\Users\Utq\AppData\Local\TSVNCache
2015-01-08 16:34 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-06 20:25 - 2014-10-27 12:48 - 00000000 ____D () C:\Users\Utq2_000\AppData\Local\TSVNCache
2015-01-06 10:45 - 2014-10-27 12:48 - 00000000 ____D () C:\Users\Utq2_000\AppData\Roaming\ClassicShell
2015-01-06 09:53 - 2014-10-27 12:53 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3921089224-1379259845-2437648751-1004
2015-01-05 23:06 - 2014-05-12 15:03 - 00000000 ____D () C:\Users\Utq\AppData\Roaming\Audacity
2015-01-03 19:56 - 2014-11-08 17:20 - 00000772 _____ () C:\Users\Utq\Desktop\key.txt
2015-01-03 12:45 - 2014-01-11 12:19 - 00004524 _____ () C:\Windows\Sandboxie.ini
2015-01-01 23:44 - 2013-08-22 16:06 - 00000000 ____D () C:\Users\Utq\dwhelper
2015-01-01 23:06 - 2013-06-28 17:23 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-01 21:33 - 2012-07-26 06:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-01-01 21:12 - 2013-11-05 19:45 - 00000000 ____D () C:\Users\Utq\AppData\Roaming\vlc
2014-12-30 19:37 - 2014-09-14 09:21 - 00000000 ____D () C:\Users\Utq\AppData\Roaming\eve Updater
2014-12-30 15:20 - 2014-07-15 15:37 - 00000000 ____D () C:\Users\Utq\Downloads\cmic
2014-12-30 11:27 - 2014-10-19 16:15 - 00000308 _____ () C:\Users\Utq\Desktop\ClientRegistry.blob
2014-12-29 23:08 - 2013-11-05 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-12-26 18:31 - 2014-12-01 18:37 - 00001291 _____ () C:\Users\Public\Desktop\paint.net.lnk
2014-12-26 18:31 - 2013-07-14 12:11 - 00000000 ___RD () C:\Users\Utq\Desktop\Unterschlupf Ordner
2014-12-26 18:31 - 2013-07-05 12:37 - 00001303 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2014-12-26 18:31 - 2013-07-05 12:37 - 00000000 ____D () C:\Program Files\Paint.NET
2014-12-25 19:11 - 2014-01-10 16:54 - 00000000 ____D () C:\Users\Utq\Documents\Praktikum2014
2014-12-25 19:08 - 2013-07-29 15:24 - 00000000 ____D () C:\Users\Utq\Downloads\Old
2014-12-25 18:12 - 2013-08-07 15:04 - 00000000 ____D () C:\Users\Utq\.gimp-2.8
2014-12-25 17:48 - 2013-08-07 15:06 - 00000000 ____D () C:\Users\Utq\AppData\Local\gtk-2.0
2014-12-25 11:36 - 2014-05-16 18:30 - 61882687 _____ () C:\Users\Utq\Downloads\OBB_CarXDrift.rar
2014-12-25 10:29 - 2014-10-04 05:41 - 00000000 ____D () C:\Users\Utq\Desktop\XnView
2014-12-22 18:29 - 2014-11-02 17:36 - 00000000 ____D () C:\Users\Utq\Documents\freigabe
2014-12-21 21:35 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-21 17:21 - 2014-01-17 14:35 - 00000000 ____D () C:\Program Files\Recuva
2014-12-19 12:20 - 2014-11-29 10:21 - 00005692 _____ () C:\Windows\PFRO.log
2014-12-18 16:15 - 2014-11-30 20:17 - 831323316 _____ () C:\Users\Utq\Downloads\NeuroTec Vehicles Addon Pack (300914).rar.part
2014-12-17 16:29 - 2014-10-29 20:14 - 00000578 _____ () C:\Users\Utq\Desktop\gm+.txt
2014-12-17 16:21 - 2014-09-09 13:37 - 00000558 _____ () C:\SSUUpdater.log
2014-12-17 16:13 - 2013-07-09 18:08 - 00000000 ____D () C:\Users\Utq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-16 20:07 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-15 15:03 - 2014-10-18 18:07 - 00000000 ____D () C:\Users\Utq\AppData\Local\Adobe
2014-12-15 14:55 - 2013-06-28 18:02 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-14 10:19 - 2014-09-15 08:07 - 00454296 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-14 10:18 - 2013-06-20 22:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-11 17:57 - 2014-11-11 14:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-10 15:49 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-12-09 16:16 - 2013-11-15 18:12 - 00000000 ____D () C:\Users\Utq\Documents\Visual Studio 2013
2014-12-09 13:22 - 2014-10-28 18:10 - 00001140 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-09 13:22 - 2014-03-09 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-09 13:22 - 2014-03-09 09:38 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-09 13:22 - 2013-07-03 09:09 - 00000000 ____D () C:\ProgramData\Package Cache

Some content of TEMP:
====================
C:\Users\Utq\AppData\Local\Temp\avgnt.exe
C:\Users\Utq\AppData\Local\Temp\AviraSetup183415258.exe
C:\Users\Utq\AppData\Local\Temp\bitool.dll
C:\Users\Utq\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Utq\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\Utq\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf5iijp.dll
C:\Users\Utq\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Utq\AppData\Local\Temp\startpoint_1.exe
C:\Users\Utq\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Utq2_000\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-08 18:08

==================== End Of Log ============================
         
--- --- ---

und die Addition.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Utq at 2015-01-08 18:38:58
Running from C:\Users\Utq\Downloads\Firefox
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ace of Spades (HKLM-x32\...\Steam App 224540) (Version:  - Jagex Limited)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Advanced Renamer (HKLM-x32\...\Advanced Renamer_is1) (Version: 3.64 - Hulubulu Software)
Algodoo v2.1.0 (HKLM-x32\...\Algodoo_is1) (Version:  - Algoryx)
Alliance of Valiant Arms (HKLM-x32\...\Steam App 102700) (Version:  - RED DUCK Inc.)
AMD Catalyst Install Manager (HKLM\...\{C8807716-1F6F-5C43-3C32-7295A45CF060}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Android Commander version 0.7.9.11 (HKLM-x32\...\Android Commander_is1) (Version: 0.7.9.11 - )
Andy OS (HKLM-x32\...\Andy OS) (Version: 0.41 - Andy OS, Inc)
APB Reloaded (HKLM-x32\...\Steam App 113400) (Version:  - Reloaded Productions)
ArchiCrypt Shredder Version 6.9.3.5701 (HKLM-x32\...\ACRYSH6_is1) (Version: 6.9.3.5701 - Softwareentwicklung Remus - ArchiCrypt)
ASRock XFast RAM v2.0.25 (HKLM\...\ASRock XFast RAM_is1) (Version:  - ASRock Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.4.1.0 - Auslogics Labs Pty Ltd)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{152E0B21-19D5-4772-9EF8-8E76074B0C0A}) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Buildtools-Sprachressourcen - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Buildtools-Sprachressourcen - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Call of Duty Modern Warfare 2 (HKLM-x32\...\Call of Duty Modern Warfare 2_is1) (Version:  - Activision)
CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Combined Community Codec Pack 2013-05-30 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2013.05.30.0 - CCCP Project)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
DAS (HKLM-x32\...\DAS) (Version: 4.5.0 - Infineon Technologies AG)
DAS (x32 Version: 4.5.0 - Infineon Technologies AG) Hidden
Dropbox (HKU\S-1-5-21-3921089224-1379259845-2437648751-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Erforderliche Komponenten für SSDT  (HKLM-x32\...\{3FF082A7-A5DE-4BDA-B56A-1D2BEFD617A3}) (Version: 11.1.3000.0 - Microsoft Corporation)
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.114 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.114 - Etron Technology) Hidden
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
FormatFactory 3.5.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.5.1.0 - Format Factory)
Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.3.9.906 - DVDVideoSoft Ltd.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GCFScape 1.8.5 (HKLM\...\GCFScape_is1) (Version:  - Ryan Gregg)
Genymotion version 2.3.0 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.3.0 - Genymobile)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version:  - Rockstar North / Toronto)
GTA IV Vehicle Mod Installer v1.3 (HKLM-x32\...\GTA IV Vehicle Mod Installer v1.3_is1) (Version:  - MobileD2)
GTA IV Vehicle Mod Installer v1.5 (HKLM-x32\...\GTA IV Vehicle Mod Installer v1.5_is1) (Version:  - MobileD2)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version:  - Valve)
Half-Life 2: Demo (HKLM-x32\...\Steam App 219) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version:  - Valve)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.10.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.0.52.0 - HTC)
HWiNFO32 Version 4.20 (HKLM-x32\...\HWiNFO32_is1) (Version: 4.20 - Martin Malík - REALiX)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)
Keil µVision4 (HKLM-x32\...\Keil µVision4) (Version: 5.11.2.0 - ARM Ltd)
LCPD First Response (HKLM-x32\...\LCPD First Response) (Version: 1.0.0.0b - G17 Media)
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version:  - Valve)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
Logitech SetPoint 6.52 (HKLM\...\sp6) (Version: 6.52.74 - Logitech)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Metro: Last Light (c) Deep Silver version 1 (HKLM-x32\...\TWV0cm9MYXN0TGlnaHQ=_is1) (Version: 1 - )
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - DEU) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{F09DEB00-9F41-4BC9-BA81-9F131B12B3D5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{D4E30517-FE6F-491E-942F-AE10E1B18F38}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{B4EDAE03-DB34-4DD0-BA7E-2ED80DEA50B1}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{269A8DF6-BBDA-441F-932B-233F9B746D72}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{EC75BD20-F9CA-4E77-825F-ABD77E95BE91}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{0BF65908-D137-4A9E-B7C9-78F32F74F6FD}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{93945D16-4C3D-433E-B7E4-3D0D86B284C8}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{6F173435-3F19-4043-BA3D-A46AA8472859}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL-Sprachdienst  (HKLM-x32\...\{1D812D86-D8EF-41AC-A518-BA12E1913747}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU  (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (12.0.30919.1) (HKLM-x32\...\{7CC03C58-3471-43D2-A251-EC9AE225E772}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (12.0.30919.1) (HKLM-x32\...\{BCB8A870-2B3D-4CC0-87D6-F931E065AC0C}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C668416A-9213-4058-B7F2-01A42D85559D}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 für Windows Desktop - DEU (HKLM-x32\...\{31e4d2a5-b246-4c2d-a7fb-aee157c26b02}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{43341417-7882-4F34-8390-53DFD00F6C0F}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{24440413-490E-41CA-BD33-0B30FD3EBE3A}) (Version: 11.1.3366.16 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Multiple Image Resizer .NET 4 (HKLM-x32\...\Multiple Image Resizer .NET 4) (Version: 4.0.0.6 - Acumen Business Systems Ltd)
Multiple Image Resizer .NET 4 (x32 Version: 4.0.0.6 - Acumen Business Systems Ltd) Hidden
Next Car Game Sneak Peek 2.0 (HKLM-x32\...\Steam App 272860) (Version:  - Bugbear)
Next Car Game: Wreckfest (HKLM-x32\...\Steam App 228380) (Version:  - Bugbear)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Oracle VM VirtualBox 4.2.12 (HKLM\...\{0C1DE303-E41B-44BA-8ABA-B7F09D857001}) (Version: 4.2.12 - Oracle Corporation)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation)
PDF24 Creator 5.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
PictureRelate (HKLM-x32\...\picture-relate@walthelm.net) (Version: 2.6.3 D - Axel Walthelm)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Product Library (HKLM\...\Product Library) (Version: 4.2.1909 - KYOCERA Document Solutions Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Sandboxie 4.08 (64-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - United Front Games)
Source SDK (HKLM-x32\...\Steam App 211) (Version:  - Valve)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Speccy (HKLM\...\Speccy) (Version: 1.23 - Piriform)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.6.2.4 - Splashtop Inc.)
StartPoint (HKU\S-1-5-21-3921089224-1379259845-2437648751-1001\...\startpoint) (Version:  - StartPoint) <==== ATTENTION!
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TortoiseSVN 1.8.8.25755 (64 bit) (HKLM\...\{7DAA9D5A-ED99-40D2-AA9D-386722FE105A}) (Version: 1.8.25755 - TortoiseSVN)
TrackMania² Stadium Demo (HKLM-x32\...\Steam App 233070) (Version:  - Nadeo)
UltraUXThemePatcher (HKLM-x32\...\UltraUXThemePatcher) (Version: 2.0.0.0 - Manuel Hoefs (Zottel))
Unity Web Player (HKU\S-1-5-21-3921089224-1379259845-2437648751-1001\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Webocton - Scriptly 0.8.95.6 (HKLM-x32\...\Webocton - Scriptly_is1) (Version: 0.8.95.6 - Webocton)
Window Hide Tool 2.0 (HKLM-x32\...\Window Hide Tool_is1) (Version:  - FOMINE SOFTWARE)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3921089224-1379259845-2437648751-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Utq\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3921089224-1379259845-2437648751-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3921089224-1379259845-2437648751-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3921089224-1379259845-2437648751-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3921089224-1379259845-2437648751-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3921089224-1379259845-2437648751-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3921089224-1379259845-2437648751-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3921089224-1379259845-2437648751-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3921089224-1379259845-2437648751-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

12-12-2014 12:20:17 Avira System Speedup 1.5
21-12-2014 21:33:20 Windows Update
25-12-2014 09:58:33 TrueCrypt installation
26-12-2014 18:29:29 paint.net v4.0.5
02-01-2015 00:23:07 DirectX wurde installiert

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1346A8DD-A644-4ADB-A61B-679C63287892} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-15] (Adobe Systems Incorporated)
Task: {58DA61A3-48EB-49DF-95D3-DD933ECADF32} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {6949625F-D52B-417A-9D05-3023E43DC26D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-09-26] (Oracle Corporation)
Task: {91A3909B-591A-4F73-9D9D-0494CBDABD06} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {9712256D-F299-4ABA-8369-87687D017DAC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {B942CC9C-46E6-4FF1-915F-13AD125715E9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {C6C1A37A-761F-4CF6-B6D0-3594EE9F6D80} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\WatTask => C:\Windows Activation Technologies\wat.exe [2006-04-21] ()
Task: {E10AA390-4A06-4D4F-ACF3-B9B2BF9496A2} - System32\Tasks\StartPoint Updater => C:\Users\Utq\AppData\Local\StartPoint\startpoint\1.3.18.7\startup.exe [2014-12-25] (Pay By Ads LTD)
Task: {E6857CAF-CDE2-4875-8633-EE98BC89C65A} - System32\Tasks\Core Temp Autostart Utq => C:\Users\Utq\Desktop\coretempp\Core Temp.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-03-28 21:31 - 2013-03-28 21:31 - 00210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-09-23 12:53 - 2012-09-23 12:53 - 00748544 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-09-23 12:53 - 2012-09-23 12:53 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-07-03 09:07 - 2013-08-13 15:46 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-08-10 16:10 - 2014-08-10 16:10 - 00076032 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
2014-08-10 16:10 - 2014-08-10 16:10 - 00088832 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2014-03-24 10:32 - 2014-03-24 10:32 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2013-06-20 23:05 - 2013-06-20 23:05 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-03-28 21:30 - 2013-03-28 21:30 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-03-24 10:31 - 2014-03-24 10:31 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-03-24 10:32 - 2014-03-24 10:32 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-03-24 10:32 - 2014-03-24 10:32 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-03-24 10:32 - 2014-03-24 10:32 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-03-24 10:32 - 2014-03-24 10:32 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-03-24 10:34 - 2014-03-24 10:34 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-03-24 10:36 - 2014-03-24 10:36 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Utq\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-08 16:37 - 2015-01-08 16:37 - 00043008 _____ () c:\users\Utq\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf5iijp.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Utq\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Utq\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Utq\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-11-11 14:13 - 2014-12-11 17:57 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKU\S-1-5-21-3921089224-1379259845-2437648751-1001\...\StartupApproved\StartupFolder: => "Logitech . Produktregistrierung.lnk"
HKU\S-1-5-21-3921089224-1379259845-2437648751-1001\...\StartupApproved\Run: => "ASRockXTU"
HKU\S-1-5-21-3921089224-1379259845-2437648751-1001\...\StartupApproved\Run: => "RGSC"

========================= Accounts: ==========================

Administrator (S-1-5-21-3921089224-1379259845-2437648751-500 - Administrator - Disabled)
Gast (S-1-5-21-3921089224-1379259845-2437648751-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3921089224-1379259845-2437648751-1008 - Limited - Enabled)
Utq (S-1-5-21-3921089224-1379259845-2437648751-1001 - Administrator - Enabled) => C:\Users\Utq
Utq2_000 (S-1-5-21-3921089224-1379259845-2437648751-1004 - Administrator - Enabled) => C:\Users\Utq2_000

==================== Faulty Device Manager Devices =============

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/08/2015 05:28:33 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007232B
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/08/2015 04:37:41 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007232B
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/08/2015 04:37:25 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007232B
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/08/2015 04:35:35 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/07/2015 09:12:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x5154efc9
Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x5154efc9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002ea19
ID des fehlerhaften Prozesses: 0x1488
Startzeit der fehlerhaften Anwendung: 0xatieclxx.exe0
Pfad der fehlerhaften Anwendung: atieclxx.exe1
Pfad des fehlerhaften Moduls: atieclxx.exe2
Berichtskennung: atieclxx.exe3
Vollständiger Name des fehlerhaften Pakets: atieclxx.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: atieclxx.exe5

Error: (01/07/2015 07:20:40 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007232B
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/07/2015 06:52:06 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007232B
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/07/2015 04:59:11 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007232B
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/07/2015 03:46:33 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007232B
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=3

Error: (01/07/2015 03:40:20 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007232B
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable


System errors:
=============
Error: (01/08/2015 05:36:20 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "O2",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{BC70B8EF-9FC4-4D62-88F9-EFCE7DCAD5DA}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (01/08/2015 05:27:22 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "O2" zum Namen "Z5PLUS" auf Transport "NetBT_Tcpip_{BC70B8EF-9FC4-4D62-88F9-EFCE7DCAD5DA}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (01/08/2015 04:37:10 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "O2" zum Namen "Z5PLUS" auf Transport "NetBT_Tcpip_{BC70B8EF-9FC4-4D62-88F9-EFCE7DCAD5DA}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (01/08/2015 04:35:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.

Error: (01/08/2015 04:35:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (01/08/2015 04:35:22 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "O2" zum Namen "Z5PLUS" auf Transport "NetBT_Tcpip_{BC70B8EF-9FC4-4D62-88F9-EFCE7DCAD5DA}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (01/08/2015 04:35:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Internet Pass-Through Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/08/2015 04:34:44 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎07.‎01.‎2015 um 20:37:26 unerwartet heruntergefahren.

Error: (01/07/2015 07:19:33 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "O2" zum Namen "Z5PLUS" auf Transport "NetBT_Tcpip_{BC70B8EF-9FC4-4D62-88F9-EFCE7DCAD5DA}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (01/07/2015 06:55:48 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4


Microsoft Office Sessions:
=========================
Error: (03/16/2014 01:06:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1161 seconds with 720 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-06-28 19:57:03.597
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Utq\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-28 19:57:03.550
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) X4 750K Quad Core Processor 
Percentage of memory in use: 26%
Total physical RAM: 8143 MB
Available physical RAM: 6006.63 MB
Total Pagefile: 9359 MB
Available Pagefile: 6761.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (HDD) (Fixed) (Total:465.41 GB) (Free:143.33 GB) NTFS
Drive d: (HDD) (Fixed) (Total:465.76 GB) (Free:149.06 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:298.09 GB) (Free:195.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 17AC57E7)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 298.1 GB) (Disk ID: 28F12A69)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Vielen Dank im Vorraus!

Geändert von anderesding (08.01.2015 um 19:12 Uhr)

Alt 08.01.2015, 19:15   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Verdacht auf KeyLogger - Standard

Verdacht auf KeyLogger



Hi,

nur einer von 57 Scannern hat bei VT was angezeigt. Das ist ne Fehlerkennung. Aber da ist Adware drauf.

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    StartPoint

  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 






Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________

__________________

Alt 08.01.2015, 21:42   #3
anderesding
 
Verdacht auf KeyLogger - Standard

Verdacht auf KeyLogger



Danke, für die schnelle Antwort.

Hab alles durchgemacht.

Malwarebytes hat einiges von StartPoint gefunden und in Quarantäne verschoben.
Jedoch ist das neueste Suchlauf-Protokoll, das ich gefunden habe, nicht von heute...

mbam.txt:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 24.11.2014
Suchlauf-Zeit: 15:46:27
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.11.24.05
Rootkit Datenbank: v2014.11.22.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Utq

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 374843
Verstrichene Zeit: 12 Min, 33 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
ADW:
Code:
ATTFilter
# AdwCleaner v4.107 - Bericht erstellt am 08/01/2015 um 20:52:33
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 8 Pro  (64 bits)
# Benutzername : Utq - Z5PLUS
# Gestartet von : C:\Users\Utq\Downloads\Firefox\AdwCleaner_4.107.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\baidu
Ordner Gelöscht : C:\Users\Utq\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Utq\AppData\Local\CrashRpt

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Classes\keepmysearch
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{41564952-412D-5637-00A7-7A786E7484D7}]
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\PIP

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.17148


-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[3qjca1yq.default-1402511594936\prefs.js] - Zeile gelöscht : user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"149b292f569158-096cd08bce3815-40524236-0-149b292f56a175\"");
[3qjca1yq.default-1402511594936\prefs.js] - Zeile gelöscht : user_pref("extensions.safesearch.SAUTH_expires_at", "1419769991");
[3qjca1yq.default-1402511594936\prefs.js] - Zeile gelöscht : user_pref("extensions.safesearch.SAUTH_rndsnr", "\"27d3999300939e5d72fc15f8d686c7578d3dc539\"");
[3qjca1yq.default-1402511594936\prefs.js] - Zeile gelöscht : user_pref("extensions.safesearch.SAUTH_userid", "5642301715");
[3qjca1yq.default-1402511594936\prefs.js] - Zeile gelöscht : user_pref("extensions.safesearch.SAUTH_utoken", "\"eb1bf7cfdf0aad8af6743e784107f678b03873ce\"");
[3qjca1yq.default-1402511594936\prefs.js] - Zeile gelöscht : user_pref("extensions.safesearch.install", "1416040215919");
[3qjca1yq.default-1402511594936\prefs.js] - Zeile gelöscht : user_pref("extensions.safesearch.search_offer_disabled", "true");
[3qjca1yq.default-1402511594936\prefs.js] - Zeile gelöscht : user_pref("extensions.safesearch@avira.com.install-event-fired", true);

-\\ Google Chrome v39.0.2171.95


*************************

AdwCleaner[R0].txt - [2455 octets] - [08/01/2015 20:48:10]
AdwCleaner[S0].txt - [2352 octets] - [08/01/2015 20:52:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2412 octets] ##########
         
JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8 Pro x64
Ran by Utq on 08.01.2015 at 21:02:05,85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\Utq\AppData\Roaming\mozilla\firefox\profiles\3qjca1yq.default-1402511594936\searchplugins\avira-safesearch.xml
Successfully deleted: [Folder] C:\Users\Utq\AppData\Roaming\mozilla\firefox\profiles\3qjca1yq.default-1402511594936\extensions\safesearch@avira.com
Successfully deleted the following from C:\Users\Utq\AppData\Roaming\mozilla\firefox\profiles\3qjca1yq.default-1402511594936\prefs.js

user_pref("avira.safe_search.search_was_active", "false");
user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"pr
user_pref("extensions.safesearch@avira.com.install-event-fired", true);
Emptied folder: C:\Users\Utq\AppData\Roaming\mozilla\firefox\profiles\3qjca1yq.default-1402511594936\minidumps [23 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.01.2015 at 21:05:35,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Utq (administrator) on Z5PLUS on 08-01-2015 21:08:29
Running from C:\Users\Utq\Downloads\Firefox
Loaded Profile: Utq (Available profiles: Utq & Utq2_000)
Platform: Windows 8 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Softwareentwicklung Remus - ArchiCrypt) C:\Program Files (x86)\ArchiCrypt\ArchiCrypt Shredder 6\ArchiCryptInjector64.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Dropbox, Inc.) C:\Users\Utq\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3921089224-1379259845-2437648751-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3921089224-1379259845-2437648751-1001\...\Run: [ArchiCrypt Shredder 6] => [X]
HKU\S-1-5-21-3921089224-1379259845-2437648751-1001\...\Run: [ArchiCrypt Scheduler 6] => [X]
HKU\S-1-5-21-3921089224-1379259845-2437648751-1001\...\Run: [ArchiCrypt SecureDZone] => [X]
HKU\S-1-5-21-3921089224-1379259845-2437648751-1001\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
Startup: C:\Users\Utq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Utq\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Utq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-3921089224-1379259845-2437648751-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3921089224-1379259845-2437648751-1001 -> {37A80672-91A9-4362-9BF4-8D3EFB792F4E} URL = hxxp://search.strtpoint.com/results.html?v=insMac&t=1411&ap=578080078&q={searchTerms}&r=320
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-3921089224-1379259845-2437648751-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Utq\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\searchplugins\startpointkms.xml
FF Extension: Avira Browser Safety - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\abs@avira.com [2014-12-11]
FF Extension: Image Picker - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\ImagePicker@topolog.org [2014-08-07]
FF Extension: DownloadHelper - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-07]
FF Extension: Blank Your Monitor + Easy Reading - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\bym@savetheworld.org.xpi [2014-07-27]
FF Extension: Firebug - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\firebug@software.joehewitt.com.xpi [2014-10-29]
FF Extension: Dolphin Connect - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\jid1-79nQAfjhUybb3A@jetpack.xpi [2014-11-18]
FF Extension: Google Similar Images - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\nishan.naseer.googimagesearch@gmail.com.xpi [2014-06-11]
FF Extension: NoSquint - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\nosquint@urandom.ca.xpi [2014-10-19]
FF Extension: UAControl - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\uacontrol@qz.tsugumi.org.xpi [2014-10-19]
FF Extension: Quick Translator - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2015-01-02]
FF Extension: NoScript - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-11]
FF Extension: Adblock Plus - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-28]
FF Extension: Tab Mix Plus - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-10-29]

Chrome: 
=======
CHR Profile: C:\Users\Utq\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Utq\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-26]
CHR Extension: (Google Docs) - C:\Users\Utq\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-26]
CHR Extension: (Google Drive) - C:\Users\Utq\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Utq\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-26]
CHR Extension: (YouTube) - C:\Users\Utq\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-26]
CHR Extension: (Google-Suche) - C:\Users\Utq\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-26]
CHR Extension: (Google Tabellen) - C:\Users\Utq\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-26]
CHR Extension: (Google Wallet) - C:\Users\Utq\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-26]
CHR Extension: (Google Mail) - C:\Users\Utq\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 ArchiCrypt Sichere Loeschzonen; C:\Program Files (x86)\ArchiCrypt\ArchiCrypt Shredder 6\ArchiCryptInjector64.exe [320600 2013-10-21] (Softwareentwicklung Remus - ArchiCrypt)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-18] (Nero AG)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-08-13] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [34640 2012-08-09] (ASRock Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-04-23] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
S3 HPMo4DE3; C:\Windows\System32\drivers\HPMo4DE3.sys [25088 2011-03-09] (TPMX Electronics Ltd.) [File not signed]
S3 HPub4DE3; C:\Windows\System32\Drivers\HPub4DE3.sys [18432 2011-04-12] (TPMX Electronics Ltd.) [File not signed]
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [31136 2013-07-03] (REALiX(tm))
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 sthid; C:\Windows\System32\drivers\sthid.sys [21216 2014-08-06] (Splashtop Inc.)
S3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 vjoy; C:\Windows\System32\drivers\vjoy.sys [44656 2014-09-15] (Shaul Eizikovich)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-08 21:05 - 2015-01-08 21:05 - 00001509 _____ () C:\Users\Utq\Desktop\JRT.txt
2015-01-08 21:02 - 2015-01-08 21:02 - 00000000 ____D () C:\Windows\ERUNT
2015-01-08 21:00 - 2015-01-08 21:00 - 01707939 _____ (Thisisu) C:\Users\Utq\Desktop\JRT.exe
2015-01-08 20:47 - 2015-01-08 20:52 - 00000000 ____D () C:\AdwCleaner
2015-01-08 20:12 - 2015-01-08 20:12 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-08 19:49 - 2015-01-08 19:49 - 00001271 _____ () C:\Users\Utq\Desktop\Revo Uninstaller.lnk
2015-01-08 19:49 - 2015-01-08 19:49 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-08 18:45 - 2015-01-08 21:05 - 00000000 ____D () C:\Users\Utq\Desktop\troj
2015-01-08 18:37 - 2015-01-08 21:08 - 00000000 ____D () C:\FRST
2015-01-08 18:36 - 2015-01-08 18:36 - 00000000 _____ () C:\Users\Utq\defogger_reenable
2015-01-07 18:55 - 2015-01-07 18:55 - 01317328 _____ () C:\Users\Utq\Desktop\Screenshot_2015-01-07-16-56-02.pdn
2015-01-06 09:59 - 2015-01-06 09:59 - 00000806 _____ () C:\Users\Utq2_000\Desktop\Steam.exe - Verknüpfung.lnk
2015-01-06 09:58 - 2015-01-06 09:58 - 00000000 ____D () C:\Users\Utq2_000\AppData\Roaming\WinRAR
2015-01-06 09:53 - 2015-01-06 09:54 - 00000000 ___DC () C:\Users\Utq2_000\AppData\Local\MigWiz
2015-01-06 09:49 - 2015-01-06 09:49 - 00000000 ____D () C:\Users\Utq2_000\AppData\Roaming\Highresolution Enterprises
2015-01-04 18:23 - 2015-01-04 18:23 - 00000000 ____D () C:\Users\Utq\Documents\Fax
2015-01-02 01:09 - 2015-01-02 01:12 - 00000000 ____D () C:\Users\Utq\AppData\Local\next car game technology sneak peek
2015-01-02 00:25 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-01-02 00:25 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-01-02 00:25 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-01-02 00:25 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-01-02 00:25 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-01-02 00:25 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-01-02 00:25 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-01-02 00:25 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-01-02 00:25 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-01-02 00:25 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-01-02 00:25 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-01-02 00:25 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-01-02 00:25 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-01-02 00:25 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-01-02 00:25 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-01-02 00:25 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-01-02 00:25 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-01-02 00:25 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2015-01-02 00:25 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2015-01-02 00:25 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-01-02 00:25 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-01-02 00:25 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2015-01-02 00:25 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-01-02 00:25 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-01-02 00:25 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-01-02 00:25 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2015-01-02 00:25 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2015-01-02 00:25 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-01-02 00:25 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-01-02 00:25 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-01-02 00:25 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-01-02 00:25 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2015-01-02 00:25 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-01-02 00:25 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-01-02 00:25 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-01-02 00:25 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-01-02 00:25 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-01-02 00:25 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2015-01-02 00:25 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-01-02 00:25 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2015-01-02 00:25 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-01-02 00:25 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2015-01-02 00:25 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2015-01-02 00:25 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-01-02 00:25 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-01-02 00:25 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2015-01-02 00:25 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-01-02 00:25 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2015-01-02 00:25 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-01-02 00:25 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2015-01-02 00:25 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-01-02 00:25 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2015-01-02 00:25 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-01-02 00:25 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2015-01-02 00:25 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2015-01-02 00:25 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-01-02 00:25 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-01-02 00:25 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2015-01-02 00:25 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-01-02 00:25 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2015-01-02 00:25 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-01-02 00:25 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-01-02 00:25 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-01-02 00:25 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-01-02 00:25 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-01-02 00:25 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-01-02 00:25 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2015-01-02 00:25 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-01-02 00:25 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-01-02 00:25 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-01-02 00:25 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-01-02 00:25 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2015-01-02 00:25 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-01-02 00:25 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-01-02 00:25 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-01-02 00:25 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-01-02 00:25 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-01-02 00:25 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-01-02 00:25 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-01-02 00:25 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2015-01-02 00:25 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2015-01-02 00:25 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-01-02 00:25 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-01-02 00:25 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2015-01-02 00:25 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2015-01-02 00:25 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-01-02 00:25 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-01-02 00:25 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2015-01-02 00:25 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-01-02 00:25 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2015-01-02 00:25 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-01-02 00:25 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2015-01-02 00:25 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-01-02 00:25 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2015-01-02 00:25 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2015-01-02 00:25 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-01-02 00:25 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-01-02 00:25 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2015-01-02 00:25 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-01-02 00:25 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-01-02 00:25 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-01-02 00:25 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2015-01-02 00:25 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-01-02 00:25 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2015-01-02 00:25 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-01-02 00:25 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2015-01-02 00:25 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-01-02 00:25 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2015-01-02 00:25 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-01-02 00:25 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2015-01-02 00:25 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-01-02 00:25 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2015-01-02 00:25 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-01-02 00:25 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2015-01-02 00:25 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-01-02 00:25 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2015-01-02 00:25 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-01-02 00:25 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2015-01-02 00:25 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-01-02 00:25 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2015-01-02 00:24 - 2015-01-02 00:25 - 00016845 _____ () C:\Windows\DirectX.log
2015-01-02 00:24 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-01-02 00:24 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2015-01-02 00:24 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-01-02 00:24 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2015-01-02 00:24 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-01-02 00:24 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2015-01-02 00:24 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-01-02 00:24 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-01-02 00:24 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-01-02 00:24 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2015-01-02 00:24 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-01-02 00:24 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2015-01-02 00:24 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-01-02 00:24 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-01-02 00:24 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-01-02 00:24 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2015-01-02 00:24 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-01-02 00:24 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2015-01-02 00:24 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-01-02 00:24 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-01-02 00:24 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-01-02 00:24 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-01-02 00:24 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-01-02 00:24 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2015-01-02 00:24 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2015-01-02 00:24 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-01-02 00:24 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-01-02 00:24 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2015-01-02 00:24 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-01-02 00:24 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2015-01-02 00:24 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-01-02 00:24 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-01-02 00:24 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-01-02 00:24 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-01-02 00:24 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-01-02 00:24 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-01-02 00:24 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-01-02 00:24 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-01-02 00:24 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-01-02 00:24 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-01-02 00:24 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-01-02 00:24 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-01-02 00:24 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-01-02 00:24 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-01-02 00:24 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-01-02 00:24 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-01-02 00:24 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-01-02 00:24 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-01-02 00:24 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-01-02 00:24 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-01-02 00:24 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-01-02 00:24 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-01-02 00:24 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-01-02 00:24 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-01-02 00:24 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-01-02 00:24 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-01-02 00:24 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-01-02 00:24 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-01-02 00:24 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-01-02 00:24 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-01-02 00:24 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-01-02 00:24 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-01-01 21:25 - 2015-01-01 21:25 - 00002186 _____ () C:\Users\Utq\Desktop\Avira Free Antivirus starten.lnk
2014-12-29 23:08 - 2014-12-29 23:08 - 00001073 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-12-28 17:49 - 2014-12-28 17:49 - 00081408 ___SH () C:\Users\Utq2_000\Desktop\Thumbs.db
2014-12-28 11:46 - 2014-12-28 11:50 - 00000000 ____D () C:\Users\Utq\Desktop\GAME OF THE YEAR 420BLAZEIT
2014-12-26 10:49 - 2014-12-26 10:49 - 00000000 ____D () C:\Users\Utq\Documents\HTC
2014-12-25 17:58 - 2014-10-08 23:39 - 01603584 _____ (BahraniApps) C:\Users\Utq\Desktop\GifCam.exe
2014-12-25 17:48 - 2014-12-25 17:48 - 00000853 _____ () C:\Users\Utq\AppData\Local\recently-used.xbel
2014-12-25 11:26 - 2015-01-08 20:10 - 00000000 ____D () C:\Users\Utq\AppData\Local\StartPoint
2014-12-25 11:26 - 2014-12-25 11:26 - 00001205 _____ () C:\Users\Utq\Desktop\Format Factory.lnk
2014-12-25 11:26 - 2014-12-25 11:26 - 00000000 ____D () C:\Users\Utq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-12-25 11:26 - 2014-12-25 11:26 - 00000000 ____D () C:\Program Files (x86)\FreeTime
2014-12-25 09:59 - 2014-12-25 09:59 - 00230840 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2014-12-21 21:35 - 2014-10-09 05:00 - 01519104 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2014-12-21 21:35 - 2014-10-09 05:00 - 01484288 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2014-12-21 21:35 - 2014-10-09 05:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll
2014-12-21 21:35 - 2014-10-09 04:59 - 01195520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2014-12-21 21:35 - 2014-10-09 04:59 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll
2014-12-21 21:32 - 2014-12-09 08:12 - 00590816 _____ (Microsoft Corporation) C:\Windows\system32\AutoUpdate.exe
2014-12-21 21:32 - 2014-12-09 08:12 - 00467408 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-12-21 21:32 - 2014-10-30 08:20 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-21 21:32 - 2014-10-30 06:22 - 01569792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-21 19:27 - 2014-12-21 19:27 - 00000304 _____ () C:\Users\Utq\Desktop\Windows 8.1 - Nach Update auf Windows 8.1 hohe CPU-Last - Hope This Helps.URL
2014-12-21 17:20 - 2014-12-21 17:20 - 00001818 _____ () C:\Users\Utq\Desktop\Recuva.lnk
2014-12-21 17:18 - 2014-12-21 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2014-12-21 16:44 - 2014-12-25 19:09 - 00045568 ___SH () C:\Users\Utq\Documents\Thumbs.db
2014-12-21 09:42 - 2015-01-02 00:40 - 00000197 _____ () C:\Users\Utq\Desktop\gifoptzr.ini
2014-12-21 08:42 - 2002-06-18 13:06 - 00728576 _____ (Chemware Ltd) C:\Users\Utq\Desktop\GIFOptzr.exe
2014-12-21 08:42 - 2002-06-17 17:07 - 00001354 _____ () C:\Users\Utq\Desktop\ReadMe.txt
2014-12-19 12:25 - 2014-12-19 12:25 - 00000000 ____D () C:\Users\Utq\AppData\Roaming\EurekaLab s.a.s
2014-12-17 21:36 - 2015-01-08 20:39 - 00975360 ___SH () C:\Users\Utq\Desktop\Thumbs.db
2014-12-17 15:40 - 2014-05-25 14:33 - 03888736 _____ () C:\Users\Utq\Desktop\GTA - Vice City v1.03.apk
2014-12-16 13:08 - 2014-12-16 13:08 - 00000000 ____D () C:\Users\Utq\AppData\Local\TGE
2014-12-16 13:07 - 2014-12-19 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\o2
2014-12-15 14:55 - 2014-12-15 14:55 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-15 14:53 - 2014-12-15 15:12 - 00017404 _____ () C:\Windows\setupact.log
2014-12-15 14:53 - 2014-12-15 14:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-12-15 14:53 - 2014-12-15 14:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-14 14:04 - 2014-12-14 14:04 - 00000000 ____D () C:\Users\Utq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Animake
2014-12-14 14:04 - 2014-12-14 14:04 - 00000000 ____D () C:\Program Files (x86)\Animake
2014-12-13 13:01 - 2014-12-13 13:01 - 00000000 ____D () C:\usr
2014-12-12 20:05 - 2014-12-19 12:33 - 00000000 __HDC () C:\ProgramData\{CD3330DC-8B86-4AE3-B2E4-09E56CB3E702}
2014-12-12 13:26 - 2014-12-12 14:07 - 00000000 ____D () C:\Users\Utq\Desktop\vcmod_coderhire
2014-12-12 12:53 - 2014-07-28 23:22 - 00000000 ____D () C:\Users\Utq\Desktop\httrack

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-08 21:08 - 2014-09-11 18:10 - 00000000 ____D () C:\Users\Utq\Downloads\Firefox
2015-01-08 21:07 - 2013-06-20 19:54 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3921089224-1379259845-2437648751-1001
2015-01-08 21:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2015-01-08 20:59 - 2013-06-20 19:48 - 02061627 _____ () C:\Windows\WindowsUpdate.log
2015-01-08 20:57 - 2013-07-09 18:13 - 00000000 ___RD () C:\Users\Utq\Dropbox
2015-01-08 20:57 - 2013-07-09 18:07 - 00000000 ____D () C:\Users\Utq\AppData\Roaming\Dropbox
2015-01-08 20:55 - 2014-04-07 19:49 - 00000000 ____D () C:\Users\Utq\AppData\Local\HTC MediaHub
2015-01-08 20:54 - 2014-10-26 15:09 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-08 20:53 - 2014-11-29 10:21 - 00006002 _____ () C:\Windows\PFRO.log
2015-01-08 20:53 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-08 20:52 - 2012-07-26 06:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-01-08 20:45 - 2014-05-06 18:09 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-08 20:41 - 2013-10-26 16:58 - 00000000 ____D () C:\Users\Utq\AppData\Roaming\ClassicShell
2015-01-08 20:38 - 2013-11-29 13:37 - 00000000 ____D () C:\Users\Utq\AppData\Local\TSVNCache
2015-01-08 20:37 - 2013-06-28 18:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-08 20:20 - 2014-10-26 15:09 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-08 20:12 - 2014-05-06 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-08 20:12 - 2014-05-06 18:09 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-08 18:36 - 2013-06-20 19:48 - 00000000 ____D () C:\Users\Utq
2015-01-08 18:05 - 2012-07-26 11:27 - 00751892 _____ () C:\Windows\system32\perfh007.dat
2015-01-08 18:05 - 2012-07-26 11:27 - 00155620 _____ () C:\Windows\system32\perfc007.dat
2015-01-08 18:05 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-06 20:25 - 2014-10-27 12:48 - 00000000 ____D () C:\Users\Utq2_000\AppData\Local\TSVNCache
2015-01-06 10:45 - 2014-10-27 12:48 - 00000000 ____D () C:\Users\Utq2_000\AppData\Roaming\ClassicShell
2015-01-06 09:53 - 2014-10-27 12:53 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3921089224-1379259845-2437648751-1004
2015-01-05 23:06 - 2014-05-12 15:03 - 00000000 ____D () C:\Users\Utq\AppData\Roaming\Audacity
2015-01-03 19:56 - 2014-11-08 17:20 - 00000772 _____ () C:\Users\Utq\Desktop\key.txt
2015-01-03 12:45 - 2014-01-11 12:19 - 00004524 _____ () C:\Windows\Sandboxie.ini
2015-01-01 23:44 - 2013-08-22 16:06 - 00000000 ____D () C:\Users\Utq\dwhelper
2015-01-01 23:06 - 2013-06-28 17:23 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-01 21:12 - 2013-11-05 19:45 - 00000000 ____D () C:\Users\Utq\AppData\Roaming\vlc
2014-12-30 19:37 - 2014-09-14 09:21 - 00000000 ____D () C:\Users\Utq\AppData\Roaming\eve Updater
2014-12-30 15:20 - 2014-07-15 15:37 - 00000000 ____D () C:\Users\Utq\Downloads\cmic
2014-12-30 11:27 - 2014-10-19 16:15 - 00000308 _____ () C:\Users\Utq\Desktop\ClientRegistry.blob
2014-12-29 23:08 - 2013-11-05 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-12-26 18:31 - 2014-12-01 18:37 - 00001291 _____ () C:\Users\Public\Desktop\paint.net.lnk
2014-12-26 18:31 - 2013-07-14 12:11 - 00000000 ___RD () C:\Users\Utq\Desktop\Unterschlupf Ordner
2014-12-26 18:31 - 2013-07-05 12:37 - 00001303 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2014-12-26 18:31 - 2013-07-05 12:37 - 00000000 ____D () C:\Program Files\Paint.NET
2014-12-25 19:11 - 2014-01-10 16:54 - 00000000 ____D () C:\Users\Utq\Documents\Praktikum2014
2014-12-25 19:08 - 2013-07-29 15:24 - 00000000 ____D () C:\Users\Utq\Downloads\Old
2014-12-25 18:12 - 2013-08-07 15:04 - 00000000 ____D () C:\Users\Utq\.gimp-2.8
2014-12-25 17:48 - 2013-08-07 15:06 - 00000000 ____D () C:\Users\Utq\AppData\Local\gtk-2.0
2014-12-25 11:36 - 2014-05-16 18:30 - 61882687 _____ () C:\Users\Utq\Downloads\OBB_CarXDrift.rar
2014-12-25 10:29 - 2014-10-04 05:41 - 00000000 ____D () C:\Users\Utq\Desktop\XnView
2014-12-22 18:29 - 2014-11-02 17:36 - 00000000 ____D () C:\Users\Utq\Documents\freigabe
2014-12-21 21:35 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-21 17:21 - 2014-01-17 14:35 - 00000000 ____D () C:\Program Files\Recuva
2014-12-18 16:15 - 2014-11-30 20:17 - 831323316 _____ () C:\Users\Utq\Downloads\NeuroTec Vehicles Addon Pack (300914).rar.part
2014-12-17 16:29 - 2014-10-29 20:14 - 00000578 _____ () C:\Users\Utq\Desktop\gm+.txt
2014-12-17 16:21 - 2014-09-09 13:37 - 00000558 _____ () C:\SSUUpdater.log
2014-12-17 16:13 - 2013-07-09 18:08 - 00000000 ____D () C:\Users\Utq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-16 20:07 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-15 15:03 - 2014-10-18 18:07 - 00000000 ____D () C:\Users\Utq\AppData\Local\Adobe
2014-12-15 14:55 - 2013-06-28 18:02 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-14 10:19 - 2014-09-15 08:07 - 00454296 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-14 10:18 - 2013-06-20 22:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-11 17:57 - 2014-11-11 14:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-10 15:49 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-12-09 16:16 - 2013-11-15 18:12 - 00000000 ____D () C:\Users\Utq\Documents\Visual Studio 2013
2014-12-09 13:22 - 2014-10-28 18:10 - 00001140 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-09 13:22 - 2014-03-09 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-09 13:22 - 2014-03-09 09:38 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-09 13:22 - 2013-07-03 09:09 - 00000000 ____D () C:\ProgramData\Package Cache

Some content of TEMP:
====================
C:\Users\Utq\AppData\Local\Temp\avgnt.exe
C:\Users\Utq\AppData\Local\Temp\AviraSetup183415258.exe
C:\Users\Utq\AppData\Local\Temp\bitool.dll
C:\Users\Utq\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Utq\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\Utq\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpoe_qvi.dll
C:\Users\Utq\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Utq\AppData\Local\Temp\Quarantine.exe
C:\Users\Utq\AppData\Local\Temp\sqlite3.dll
C:\Users\Utq\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Utq2_000\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-08 18:08

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Utq at 2015-01-08 21:09:26
Running from C:\Users\Utq\Downloads\Firefox
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ace of Spades (HKLM-x32\...\Steam App 224540) (Version:  - Jagex Limited)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Advanced Renamer (HKLM-x32\...\Advanced Renamer_is1) (Version: 3.64 - Hulubulu Software)
Algodoo v2.1.0 (HKLM-x32\...\Algodoo_is1) (Version:  - Algoryx)
Alliance of Valiant Arms (HKLM-x32\...\Steam App 102700) (Version:  - RED DUCK Inc.)
AMD Catalyst Install Manager (HKLM\...\{C8807716-1F6F-5C43-3C32-7295A45CF060}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Android Commander version 0.7.9.11 (HKLM-x32\...\Android Commander_is1) (Version: 0.7.9.11 - )
Andy OS (HKLM-x32\...\Andy OS) (Version: 0.41 - Andy OS, Inc)
APB Reloaded (HKLM-x32\...\Steam App 113400) (Version:  - Reloaded Productions)
ArchiCrypt Shredder Version 6.9.3.5701 (HKLM-x32\...\ACRYSH6_is1) (Version: 6.9.3.5701 - Softwareentwicklung Remus - ArchiCrypt)
ASRock XFast RAM v2.0.25 (HKLM\...\ASRock XFast RAM_is1) (Version:  - ASRock Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.4.1.0 - Auslogics Labs Pty Ltd)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{152E0B21-19D5-4772-9EF8-8E76074B0C0A}) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Buildtools-Sprachressourcen - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Buildtools-Sprachressourcen - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Call of Duty Modern Warfare 2 (HKLM-x32\...\Call of Duty Modern Warfare 2_is1) (Version:  - Activision)
CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Combined Community Codec Pack 2013-05-30 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2013.05.30.0 - CCCP Project)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
DAS (HKLM-x32\...\DAS) (Version: 4.5.0 - Infineon Technologies AG)
DAS (x32 Version: 4.5.0 - Infineon Technologies AG) Hidden
Dropbox (HKU\S-1-5-21-3921089224-1379259845-2437648751-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Erforderliche Komponenten für SSDT  (HKLM-x32\...\{3FF082A7-A5DE-4BDA-B56A-1D2BEFD617A3}) (Version: 11.1.3000.0 - Microsoft Corporation)
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.114 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.114 - Etron Technology) Hidden
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
FormatFactory 3.5.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.5.1.0 - Format Factory)
Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.3.9.906 - DVDVideoSoft Ltd.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GCFScape 1.8.5 (HKLM\...\GCFScape_is1) (Version:  - Ryan Gregg)
Genymotion version 2.3.0 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.3.0 - Genymobile)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version:  - Rockstar North / Toronto)
GTA IV Vehicle Mod Installer v1.3 (HKLM-x32\...\GTA IV Vehicle Mod Installer v1.3_is1) (Version:  - MobileD2)
GTA IV Vehicle Mod Installer v1.5 (HKLM-x32\...\GTA IV Vehicle Mod Installer v1.5_is1) (Version:  - MobileD2)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version:  - Valve)
Half-Life 2: Demo (HKLM-x32\...\Steam App 219) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version:  - Valve)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.10.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.0.52.0 - HTC)
HWiNFO32 Version 4.20 (HKLM-x32\...\HWiNFO32_is1) (Version: 4.20 - Martin Malík - REALiX)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)
Keil µVision4 (HKLM-x32\...\Keil µVision4) (Version: 5.11.2.0 - ARM Ltd)
LCPD First Response (HKLM-x32\...\LCPD First Response) (Version: 1.0.0.0b - G17 Media)
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version:  - Valve)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
Logitech SetPoint 6.52 (HKLM\...\sp6) (Version: 6.52.74 - Logitech)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Metro: Last Light (c) Deep Silver version 1 (HKLM-x32\...\TWV0cm9MYXN0TGlnaHQ=_is1) (Version: 1 - )
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - DEU) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{F09DEB00-9F41-4BC9-BA81-9F131B12B3D5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{D4E30517-FE6F-491E-942F-AE10E1B18F38}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{B4EDAE03-DB34-4DD0-BA7E-2ED80DEA50B1}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{269A8DF6-BBDA-441F-932B-233F9B746D72}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{EC75BD20-F9CA-4E77-825F-ABD77E95BE91}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{0BF65908-D137-4A9E-B7C9-78F32F74F6FD}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{93945D16-4C3D-433E-B7E4-3D0D86B284C8}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{6F173435-3F19-4043-BA3D-A46AA8472859}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL-Sprachdienst  (HKLM-x32\...\{1D812D86-D8EF-41AC-A518-BA12E1913747}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU  (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (12.0.30919.1) (HKLM-x32\...\{7CC03C58-3471-43D2-A251-EC9AE225E772}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (12.0.30919.1) (HKLM-x32\...\{BCB8A870-2B3D-4CC0-87D6-F931E065AC0C}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C668416A-9213-4058-B7F2-01A42D85559D}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 für Windows Desktop - DEU (HKLM-x32\...\{31e4d2a5-b246-4c2d-a7fb-aee157c26b02}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{43341417-7882-4F34-8390-53DFD00F6C0F}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{24440413-490E-41CA-BD33-0B30FD3EBE3A}) (Version: 11.1.3366.16 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Multiple Image Resizer .NET 4 (HKLM-x32\...\Multiple Image Resizer .NET 4) (Version: 4.0.0.6 - Acumen Business Systems Ltd)
Multiple Image Resizer .NET 4 (x32 Version: 4.0.0.6 - Acumen Business Systems Ltd) Hidden
Next Car Game Sneak Peek 2.0 (HKLM-x32\...\Steam App 272860) (Version:  - Bugbear)
Next Car Game: Wreckfest (HKLM-x32\...\Steam App 228380) (Version:  - Bugbear)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Oracle VM VirtualBox 4.2.12 (HKLM\...\{0C1DE303-E41B-44BA-8ABA-B7F09D857001}) (Version: 4.2.12 - Oracle Corporation)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation)
PDF24 Creator 5.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
PictureRelate (HKLM-x32\...\picture-relate@walthelm.net) (Version: 2.6.3 D - Axel Walthelm)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Product Library (HKLM\...\Product Library) (Version: 4.2.1909 - KYOCERA Document Solutions Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Sandboxie 4.08 (64-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - United Front Games)
Source SDK (HKLM-x32\...\Steam App 211) (Version:  - Valve)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Speccy (HKLM\...\Speccy) (Version: 1.23 - Piriform)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.6.2.4 - Splashtop Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TortoiseSVN 1.8.8.25755 (64 bit) (HKLM\...\{7DAA9D5A-ED99-40D2-AA9D-386722FE105A}) (Version: 1.8.25755 - TortoiseSVN)
TrackMania² Stadium Demo (HKLM-x32\...\Steam App 233070) (Version:  - Nadeo)
UltraUXThemePatcher (HKLM-x32\...\UltraUXThemePatcher) (Version: 2.0.0.0 - Manuel Hoefs (Zottel))
Unity Web Player (HKU\S-1-5-21-3921089224-1379259845-2437648751-1001\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Webocton - Scriptly 0.8.95.6 (HKLM-x32\...\Webocton - Scriptly_is1) (Version: 0.8.95.6 - Webocton)
Window Hide Tool 2.0 (HKLM-x32\...\Window Hide Tool_is1) (Version:  - FOMINE SOFTWARE)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3921089224-1379259845-2437648751-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Utq\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3921089224-1379259845-2437648751-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3921089224-1379259845-2437648751-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3921089224-1379259845-2437648751-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3921089224-1379259845-2437648751-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3921089224-1379259845-2437648751-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3921089224-1379259845-2437648751-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3921089224-1379259845-2437648751-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3921089224-1379259845-2437648751-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

12-12-2014 12:20:17 Avira System Speedup 1.5
21-12-2014 21:33:20 Windows Update
25-12-2014 09:58:33 TrueCrypt installation
26-12-2014 18:29:29 paint.net v4.0.5
02-01-2015 00:23:07 DirectX wurde installiert
08-01-2015 20:04:16 Revo Uninstaller's restore point - StartPoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1346A8DD-A644-4ADB-A61B-679C63287892} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-15] (Adobe Systems Incorporated)
Task: {58DA61A3-48EB-49DF-95D3-DD933ECADF32} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {6949625F-D52B-417A-9D05-3023E43DC26D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-09-26] (Oracle Corporation)
Task: {91A3909B-591A-4F73-9D9D-0494CBDABD06} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {9712256D-F299-4ABA-8369-87687D017DAC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {B942CC9C-46E6-4FF1-915F-13AD125715E9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {C6C1A37A-761F-4CF6-B6D0-3594EE9F6D80} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\WatTask => C:\Windows Activation Technologies\wat.exe [2006-04-21] ()
Task: {E10AA390-4A06-4D4F-ACF3-B9B2BF9496A2} - \StartPoint Updater No Task File <==== ATTENTION
Task: {E6857CAF-CDE2-4875-8633-EE98BC89C65A} - System32\Tasks\Core Temp Autostart Utq => C:\Users\Utq\Desktop\coretempp\Core Temp.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-03-28 21:31 - 2013-03-28 21:31 - 00210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-09-23 12:53 - 2012-09-23 12:53 - 00748544 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-09-23 12:53 - 2012-09-23 12:53 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-07-03 09:07 - 2013-08-13 15:46 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-03-24 10:32 - 2014-03-24 10:32 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2014-08-10 16:10 - 2014-08-10 16:10 - 00088832 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2013-03-28 21:30 - 2013-03-28 21:30 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-08-10 16:10 - 2014-08-10 16:10 - 00076032 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
2014-03-24 10:31 - 2014-03-24 10:31 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-03-24 10:32 - 2014-03-24 10:32 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-03-24 10:32 - 2014-03-24 10:32 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-03-24 10:32 - 2014-03-24 10:32 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-03-24 10:32 - 2014-03-24 10:32 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-03-24 10:34 - 2014-03-24 10:34 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-03-24 10:36 - 2014-03-24 10:36 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Utq\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-08 20:56 - 2015-01-08 20:56 - 00043008 _____ () c:\users\Utq\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpoe_qvi.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Utq\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Utq\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Utq\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-11-11 14:13 - 2014-12-11 17:57 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKU\S-1-5-21-3921089224-1379259845-2437648751-1001\...\StartupApproved\StartupFolder: => "Logitech . Produktregistrierung.lnk"
HKU\S-1-5-21-3921089224-1379259845-2437648751-1001\...\StartupApproved\Run: => "ASRockXTU"
HKU\S-1-5-21-3921089224-1379259845-2437648751-1001\...\StartupApproved\Run: => "RGSC"

========================= Accounts: ==========================

Administrator (S-1-5-21-3921089224-1379259845-2437648751-500 - Administrator - Disabled)
Gast (S-1-5-21-3921089224-1379259845-2437648751-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3921089224-1379259845-2437648751-1008 - Limited - Enabled)
Utq (S-1-5-21-3921089224-1379259845-2437648751-1001 - Administrator - Enabled) => C:\Users\Utq
Utq2_000 (S-1-5-21-3921089224-1379259845-2437648751-1004 - Administrator - Enabled) => C:\Users\Utq2_000

==================== Faulty Device Manager Devices =============

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (01/08/2015 09:09:27 PM) (Source: DCOM) (EventID: 10010) (User: Z5Plus)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/08/2015 09:08:57 PM) (Source: DCOM) (EventID: 10010) (User: Z5Plus)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/08/2015 09:08:27 PM) (Source: DCOM) (EventID: 10010) (User: Z5Plus)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/08/2015 09:07:57 PM) (Source: DCOM) (EventID: 10010) (User: Z5Plus)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================
Error: (03/16/2014 01:06:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1161 seconds with 720 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-06-28 19:57:03.597
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Utq\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-28 19:57:03.550
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) X4 750K Quad Core Processor 
Percentage of memory in use: 22%
Total physical RAM: 8143 MB
Available physical RAM: 6323.95 MB
Total Pagefile: 9359 MB
Available Pagefile: 7177.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (HDD) (Fixed) (Total:465.41 GB) (Free:143.25 GB) NTFS
Drive d: (HDD) (Fixed) (Total:465.76 GB) (Free:148.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 17AC57E7)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Geändert von anderesding (08.01.2015 um 21:44 Uhr) Grund: Groß und Kleinschreibung *pingelig sein*

Alt 08.01.2015, 22:55   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Verdacht auf KeyLogger - Standard

Verdacht auf KeyLogger




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.01.2015, 22:55   #5
schrauber
/// the machine
/// TB-Ausbilder
 

Verdacht auf KeyLogger - Standard

Verdacht auf KeyLogger




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.01.2015, 19:09   #6
anderesding
 
Verdacht auf KeyLogger - Standard

Verdacht auf KeyLogger



War das ein Doppelpost von dir oder sollte ich das wirklich alles zweimal machen?


ESET:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=946812e65a75a246ba8f076307020e81
# engine=21887
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-09 12:36:03
# local_time=2015-01-09 01:36:03 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 78901 27485699 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 4074890 29165683 0 0
# scanned=3410
# found=0
# cleaned=0
# scan_time=420
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=946812e65a75a246ba8f076307020e81
# engine=21887
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-09 05:28:19
# local_time=2015-01-09 06:28:19 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 92837 27503235 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 4088826 29183219 0 0
# scanned=1130918
# found=18
# cleaned=0
# scan_time=17454
sh=A70FE1C824BBAC6185E6363C14E69DC29A393DB9 ft=1 fh=3a98fdf94ca92ad5 

vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Utq\AppData

\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GGW0MM9N\setup

[1].exe"
sh=A70FE1C824BBAC6185E6363C14E69DC29A393DB9 ft=1 fh=3a98fdf94ca92ad5 

vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Utq\AppData

\Local\Temp\nscC2EA.tmp"
sh=B94CD263BB2482BA9ECD08AB61776F56F78B47F0 ft=0 fh=0000000000000000 

vn="Variante von Android/AdDisplay.AirPush.M evtl. unerwünschte Anwendung" ac=I 

fn="C:\Users\Utq\Desktop\sdcard\Android\data\com.dropbox.android\files

\u46930097\scratch\com.novagecko.memedroid.apk"
sh=001F7A8A1FF840BC332C9061091AE36E324E1D53 ft=0 fh=0000000000000000 

vn="Variante von Android/AdDisplay.AirPush.M evtl. unerwünschte Anwendung" ac=I 

fn="C:\Users\Utq\Desktop\sdcard\Android\data\com.dropbox.android\files

\u46930097\scratch\meme.rar"
sh=2293A11A8B95F687DC96F340F632D78D955EC19B ft=0 fh=0000000000000000 

vn="Variante von Android/AdDisplay.AirPush.M evtl. unerwünschte Anwendung" ac=I 

fn="C:\Users\Utq\Desktop\sdcard\cleanmaster\backup

\com.novagecko.memedroid.apk"
sh=E8B865E556D2C37D015ABE02162B5FC722714B8D ft=0 fh=0000000000000000 

vn="Variante von Android/AdDisplay.AirPush.M evtl. unerwünschte Anwendung" ac=I 

fn="C:\Users\Utq\Desktop\sdcard\meme\memedroid_3.55_109140355.apk"
sh=0B5456998107221B7BD4D909F2BBBED524C245FC ft=0 fh=0000000000000000 

vn="Variante von Android/Leadbolt.F evtl. unerwünschte Anwendung" ac=I fn="C:

\Users\Utq\Desktop\sdcard\Toolbox\backup\com.Lukas.Fast64-1.4.3-12.apk.backup"
sh=887837EF98F416D96FA525721AC5B88B6EE179D8 ft=1 fh=a37f5c05b7c3e434 

vn="Win32/DownloadAdmin.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Utq

\Downloads\Hotspot-Shield-649.exe"
sh=57B56CF9B3DEB617806B196B9D28CD1B7185D021 ft=1 fh=b5500d731a1f3dce 

vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I 

fn="C:\Users\Utq\Downloads\Firefox\Rename Master - CHIP-Installer.exe"
sh=B94CD263BB2482BA9ECD08AB61776F56F78B47F0 ft=0 fh=0000000000000000 

vn="Variante von Android/AdDisplay.AirPush.M evtl. unerwünschte Anwendung" ac=I 

fn="C:\Users\Utq\Dropbox\com.novagecko.memedroid.apk"
sh=001F7A8A1FF840BC332C9061091AE36E324E1D53 ft=0 fh=0000000000000000 

vn="Variante von Android/AdDisplay.AirPush.M evtl. unerwünschte Anwendung" ac=I 

fn="C:\Users\Utq\Dropbox\meme.rar"
sh=37A34BD08C2A77C27A8003368B8AB87961D936AD ft=0 fh=0000000000000000 

vn="Variante von Android/AdDisplay.AirPush.M evtl. unerwünschte Anwendung" ac=I 

fn="C:\Users\Utq\HTC SD\AndroidAssistant_appbackup\Memedroid 

3.03_108140303.apk"
sh=71377027AE6FAF3CF9BF3DE7CF6175EEE7991FD1 ft=0 fh=0000000000000000 

vn="Variante von Android/AdDisplay.AirPush.J evtl. unerwünschte Anwendung" ac=I 

fn="C:\Users\Utq\HTC SD\AndroidAssistant_appbackup\Memedroid 

3.06_108140306.apk"
sh=061B4EA148E179B27443914D0E3FD08BDA413BED ft=0 fh=0000000000000000 

vn="Variante von Android/AdDisplay.AirPush.M evtl. unerwünschte Anwendung" ac=I 

fn="C:\Users\Utq\HTC SD\Download

\Memedroid_Apk_3.03_Android.zip"
sh=7BCBCDBDEFF0D67E6E5166698E5915856BC41618 ft=0 fh=0000000000000000 

vn="JS/Agent.NEJ Trojaner" ac=I fn="J:\$RECYCLE.BIN\S-1-5-21-2298985783-

1865795394-1006676287-1000\$RYRFIRD\Backup Set 2013-02-06 120322\Backup Files 

2013-02-06 120322\Backup files 1.zip"
sh=5EBD55BD07B7CEEDB79794558561CE739B82AEFE ft=0 fh=0000000000000000 

vn="Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung" ac=I fn="J:\

$RECYCLE.BIN\S-1-5-21-2298985783-1865795394-1006676287-1000\$RYRFIRD\Backup Set 

2013-02-06 120322\Backup Files 2013-02-06 120322\Backup files 2.zip"
sh=194A5AA7E490C3694ACE06B15D41E75A4E41A30D ft=0 fh=0000000000000000 

vn="Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung" ac=I fn="J:\

$RECYCLE.BIN\S-1-5-21-2953368026-3961189116-421620007-1000\$RHOTAT9\Backup Set 

2013-02-13 114204\Backup Files 2013-02-13 114558\Backup files 3.zip"
sh=63916E5E63C24E6BDA8DEFF2AB24B650A25DE0C8 ft=1 fh=807c1aa117348148 

vn="Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung" ac=I fn="J:

\Backups\Programme\coretemp_1236.exe"
         
SecurityCheck:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.93  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop      
Windows Defender   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 71  
 Adobe Flash Player 	16.0.0.235  
 Mozilla Firefox (34.0.5) 
 Google Chrome (39.0.2171.71) 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
FRST:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Utq (administrator) on Z5PLUS on 09-01-2015 18:44:23
Running from C:\Users\Utq\Downloads\Firefox
Loaded Profile: Utq (Available profiles: Utq & Utq2_000)
Platform: Windows 8 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Softwareentwicklung Remus - ArchiCrypt) C:\Program Files (x86)\ArchiCrypt\ArchiCrypt Shredder 6\ArchiCryptInjector64.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Dropbox, Inc.) C:\Users\Utq\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.2.8516.0_x64__8wekyb3d8bbwe\glcnd.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3921089224-1379259845-2437648751-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3921089224-1379259845-2437648751-1001\...\Run: [ArchiCrypt Shredder 6] => [X]
HKU\S-1-5-21-3921089224-1379259845-2437648751-1001\...\Run: [ArchiCrypt Scheduler 6] => [X]
HKU\S-1-5-21-3921089224-1379259845-2437648751-1001\...\Run: [ArchiCrypt SecureDZone] => [X]
HKU\S-1-5-21-3921089224-1379259845-2437648751-1001\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
Startup: C:\Users\Utq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Utq\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Utq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-3921089224-1379259845-2437648751-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3921089224-1379259845-2437648751-1001 -> {37A80672-91A9-4362-9BF4-8D3EFB792F4E} URL = hxxp://search.strtpoint.com/results.html?v=insMac&t=1411&ap=578080078&q={searchTerms}&r=320
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-3921089224-1379259845-2437648751-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Utq\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\searchplugins\startpointkms.xml
FF Extension: Avira Browser Safety - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\abs@avira.com [2014-12-11]
FF Extension: Image Picker - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\ImagePicker@topolog.org [2014-08-07]
FF Extension: DownloadHelper - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-07]
FF Extension: Blank Your Monitor + Easy Reading - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\bym@savetheworld.org.xpi [2014-07-27]
FF Extension: Firebug - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\firebug@software.joehewitt.com.xpi [2014-10-29]
FF Extension: Dolphin Connect - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\jid1-79nQAfjhUybb3A@jetpack.xpi [2014-11-18]
FF Extension: Google Similar Images - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\nishan.naseer.googimagesearch@gmail.com.xpi [2014-06-11]
FF Extension: NoSquint - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\nosquint@urandom.ca.xpi [2014-10-19]
FF Extension: UAControl - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\uacontrol@qz.tsugumi.org.xpi [2014-10-19]
FF Extension: Quick Translator - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2015-01-02]
FF Extension: NoScript - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-11]
FF Extension: Adblock Plus - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-28]
FF Extension: Tab Mix Plus - C:\Users\Utq\AppData\Roaming\Mozilla\Firefox\Profiles\3qjca1yq.default-1402511594936\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-10-29]

Chrome: 
=======
CHR Profile: C:\Users\Utq\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Utq\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-26]
CHR Extension: (Google Docs) - C:\Users\Utq\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-26]
CHR Extension: (Google Drive) - C:\Users\Utq\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Utq\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-26]
CHR Extension: (YouTube) - C:\Users\Utq\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-26]
CHR Extension: (Google-Suche) - C:\Users\Utq\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-26]
CHR Extension: (Google Tabellen) - C:\Users\Utq\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-26]
CHR Extension: (Google Wallet) - C:\Users\Utq\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-26]
CHR Extension: (Google Mail) - C:\Users\Utq\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 ArchiCrypt Sichere Loeschzonen; C:\Program Files (x86)\ArchiCrypt\ArchiCrypt Shredder 6\ArchiCryptInjector64.exe [320600 2013-10-21] (Softwareentwicklung Remus - ArchiCrypt)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-18] (Nero AG)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-08-13] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [34640 2012-08-09] (ASRock Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-04-23] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
S3 HPMo4DE3; C:\Windows\System32\drivers\HPMo4DE3.sys [25088 2011-03-09] (TPMX Electronics Ltd.) [File not signed]
S3 HPub4DE3; C:\Windows\System32\Drivers\HPub4DE3.sys [18432 2011-04-12] (TPMX Electronics Ltd.) [File not signed]
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [31136 2013-07-03] (REALiX(tm))
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 sthid; C:\Windows\System32\drivers\sthid.sys [21216 2014-08-06] (Splashtop Inc.)
S3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 vjoy; C:\Windows\System32\drivers\vjoy.sys [44656 2014-09-15] (Shaul Eizikovich)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 14:18 - 2015-01-09 14:18 - 00000493 _____ () C:\Users\Utq\Desktop\Energieoptionen - Verknüpfung.lnk
2015-01-09 13:30 - 2015-01-09 13:30 - 00001725 _____ () C:\Users\Utq\Desktop\aaa.txt
2015-01-08 21:05 - 2015-01-08 21:05 - 00001509 _____ () C:\Users\Utq\Desktop\JRT.txt
2015-01-08 21:02 - 2015-01-08 21:02 - 00000000 ____D () C:\Windows\ERUNT
2015-01-08 21:00 - 2015-01-08 21:00 - 01707939 _____ (Thisisu) C:\Users\Utq\Desktop\JRT.exe
2015-01-08 20:47 - 2015-01-08 20:52 - 00000000 ____D () C:\AdwCleaner
2015-01-08 20:12 - 2015-01-08 20:12 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-08 19:49 - 2015-01-08 19:49 - 00001271 _____ () C:\Users\Utq\Desktop\Revo Uninstaller.lnk
2015-01-08 19:49 - 2015-01-08 19:49 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-08 18:45 - 2015-01-09 18:44 - 00000000 ____D () C:\Users\Utq\Desktop\troj
2015-01-08 18:37 - 2015-01-09 18:44 - 00000000 ____D () C:\FRST
2015-01-08 18:36 - 2015-01-08 18:36 - 00000000 _____ () C:\Users\Utq\defogger_reenable
2015-01-07 18:55 - 2015-01-07 18:55 - 01317328 _____ () C:\Users\Utq\Desktop\Screenshot_2015-01-07-16-56-02.pdn
2015-01-06 09:59 - 2015-01-06 09:59 - 00000806 _____ () C:\Users\Utq2_000\Desktop\Steam.exe - Verknüpfung.lnk
2015-01-06 09:58 - 2015-01-06 09:58 - 00000000 ____D () C:\Users\Utq2_000\AppData\Roaming\WinRAR
2015-01-06 09:53 - 2015-01-06 09:54 - 00000000 ___DC () C:\Users\Utq2_000\AppData\Local\MigWiz
2015-01-06 09:49 - 2015-01-06 09:49 - 00000000 ____D () C:\Users\Utq2_000\AppData\Roaming\Highresolution Enterprises
2015-01-04 18:23 - 2015-01-04 18:23 - 00000000 ____D () C:\Users\Utq\Documents\Fax
2015-01-02 01:09 - 2015-01-02 01:12 - 00000000 ____D () C:\Users\Utq\AppData\Local\next car game technology sneak peek
2015-01-02 00:25 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-01-02 00:25 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-01-02 00:25 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-01-02 00:25 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-01-02 00:25 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-01-02 00:25 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-01-02 00:25 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-01-02 00:25 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-01-02 00:25 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-01-02 00:25 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-01-02 00:25 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-01-02 00:25 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-01-02 00:25 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-01-02 00:25 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-01-02 00:25 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-01-02 00:25 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-01-02 00:25 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-01-02 00:25 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2015-01-02 00:25 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2015-01-02 00:25 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-01-02 00:25 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-01-02 00:25 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2015-01-02 00:25 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-01-02 00:25 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-01-02 00:25 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-01-02 00:25 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2015-01-02 00:25 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2015-01-02 00:25 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-01-02 00:25 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-01-02 00:25 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-01-02 00:25 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-01-02 00:25 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2015-01-02 00:25 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-01-02 00:25 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-01-02 00:25 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-01-02 00:25 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-01-02 00:25 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-01-02 00:25 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2015-01-02 00:25 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-01-02 00:25 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2015-01-02 00:25 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-01-02 00:25 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2015-01-02 00:25 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2015-01-02 00:25 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-01-02 00:25 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-01-02 00:25 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2015-01-02 00:25 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-01-02 00:25 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2015-01-02 00:25 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-01-02 00:25 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2015-01-02 00:25 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-01-02 00:25 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2015-01-02 00:25 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-01-02 00:25 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2015-01-02 00:25 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2015-01-02 00:25 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-01-02 00:25 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-01-02 00:25 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2015-01-02 00:25 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-01-02 00:25 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2015-01-02 00:25 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-01-02 00:25 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-01-02 00:25 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-01-02 00:25 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-01-02 00:25 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-01-02 00:25 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-01-02 00:25 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2015-01-02 00:25 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-01-02 00:25 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-01-02 00:25 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-01-02 00:25 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-01-02 00:25 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2015-01-02 00:25 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-01-02 00:25 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-01-02 00:25 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-01-02 00:25 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-01-02 00:25 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-01-02 00:25 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-01-02 00:25 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-01-02 00:25 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2015-01-02 00:25 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2015-01-02 00:25 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-01-02 00:25 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-01-02 00:25 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2015-01-02 00:25 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2015-01-02 00:25 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-01-02 00:25 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-01-02 00:25 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2015-01-02 00:25 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-01-02 00:25 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2015-01-02 00:25 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-01-02 00:25 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2015-01-02 00:25 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-01-02 00:25 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2015-01-02 00:25 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2015-01-02 00:25 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-01-02 00:25 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-01-02 00:25 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2015-01-02 00:25 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-01-02 00:25 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-01-02 00:25 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-01-02 00:25 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2015-01-02 00:25 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-01-02 00:25 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2015-01-02 00:25 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-01-02 00:25 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2015-01-02 00:25 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-01-02 00:25 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2015-01-02 00:25 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-01-02 00:25 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2015-01-02 00:25 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-01-02 00:25 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2015-01-02 00:25 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-01-02 00:25 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2015-01-02 00:25 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-01-02 00:25 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2015-01-02 00:25 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-01-02 00:25 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2015-01-02 00:25 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-01-02 00:25 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2015-01-02 00:24 - 2015-01-02 00:25 - 00016845 _____ () C:\Windows\DirectX.log
2015-01-02 00:24 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-01-02 00:24 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2015-01-02 00:24 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-01-02 00:24 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2015-01-02 00:24 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-01-02 00:24 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2015-01-02 00:24 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-01-02 00:24 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-01-02 00:24 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-01-02 00:24 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2015-01-02 00:24 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-01-02 00:24 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2015-01-02 00:24 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-01-02 00:24 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-01-02 00:24 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-01-02 00:24 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2015-01-02 00:24 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-01-02 00:24 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2015-01-02 00:24 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-01-02 00:24 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-01-02 00:24 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-01-02 00:24 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-01-02 00:24 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-01-02 00:24 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2015-01-02 00:24 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2015-01-02 00:24 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-01-02 00:24 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-01-02 00:24 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2015-01-02 00:24 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-01-02 00:24 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2015-01-02 00:24 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-01-02 00:24 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-01-02 00:24 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-01-02 00:24 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-01-02 00:24 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-01-02 00:24 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-01-02 00:24 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-01-02 00:24 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-01-02 00:24 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-01-02 00:24 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-01-02 00:24 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-01-02 00:24 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-01-02 00:24 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-01-02 00:24 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-01-02 00:24 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-01-02 00:24 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-01-02 00:24 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-01-02 00:24 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-01-02 00:24 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-01-02 00:24 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-01-02 00:24 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-01-02 00:24 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-01-02 00:24 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-01-02 00:24 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-01-02 00:24 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-01-02 00:24 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-01-02 00:24 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-01-02 00:24 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-01-02 00:24 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-01-02 00:24 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-01-02 00:24 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-01-02 00:24 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-01-01 21:25 - 2015-01-01 21:25 - 00002186 _____ () C:\Users\Utq\Desktop\Avira Free Antivirus starten.lnk
2014-12-29 23:08 - 2014-12-29 23:08 - 00001073 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-12-28 17:49 - 2014-12-28 17:49 - 00081408 ___SH () C:\Users\Utq2_000\Desktop\Thumbs.db
2014-12-28 11:46 - 2014-12-28 11:50 - 00000000 ____D () C:\Users\Utq\Desktop\GAME OF THE YEAR 420BLAZEIT
2014-12-26 10:49 - 2014-12-26 10:49 - 00000000 ____D () C:\Users\Utq\Documents\HTC
2014-12-25 17:58 - 2014-10-08 23:39 - 01603584 _____ (BahraniApps) C:\Users\Utq\Desktop\GifCam.exe
2014-12-25 17:48 - 2014-12-25 17:48 - 00000853 _____ () C:\Users\Utq\AppData\Local\recently-used.xbel
2014-12-25 11:26 - 2015-01-08 20:10 - 00000000 ____D () C:\Users\Utq\AppData\Local\StartPoint
2014-12-25 11:26 - 2014-12-25 11:26 - 00001205 _____ () C:\Users\Utq\Desktop\Format Factory.lnk
2014-12-25 11:26 - 2014-12-25 11:26 - 00000000 ____D () C:\Users\Utq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-12-25 11:26 - 2014-12-25 11:26 - 00000000 ____D () C:\Program Files (x86)\FreeTime
2014-12-25 09:59 - 2014-12-25 09:59 - 00230840 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2014-12-21 21:35 - 2014-10-09 05:00 - 01519104 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2014-12-21 21:35 - 2014-10-09 05:00 - 01484288 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2014-12-21 21:35 - 2014-10-09 05:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll
2014-12-21 21:35 - 2014-10-09 04:59 - 01195520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2014-12-21 21:35 - 2014-10-09 04:59 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll
2014-12-21 21:32 - 2014-12-09 08:12 - 00590816 _____ (Microsoft Corporation) C:\Windows\system32\AutoUpdate.exe
2014-12-21 21:32 - 2014-12-09 08:12 - 00467408 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-12-21 21:32 - 2014-10-30 08:20 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-21 21:32 - 2014-10-30 06:22 - 01569792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-21 19:27 - 2014-12-21 19:27 - 00000304 _____ () C:\Users\Utq\Desktop\Windows 8.1 - Nach Update auf Windows 8.1 hohe CPU-Last - Hope This Helps.URL
2014-12-21 17:20 - 2014-12-21 17:20 - 00001818 _____ () C:\Users\Utq\Desktop\Recuva.lnk
2014-12-21 17:18 - 2014-12-21 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2014-12-21 16:44 - 2014-12-25 19:09 - 00045568 ___SH () C:\Users\Utq\Documents\Thumbs.db
2014-12-21 09:42 - 2015-01-02 00:40 - 00000197 _____ () C:\Users\Utq\Desktop\gifoptzr.ini
2014-12-21 08:42 - 2002-06-18 13:06 - 00728576 _____ (Chemware Ltd) C:\Users\Utq\Desktop\GIFOptzr.exe
2014-12-21 08:42 - 2002-06-17 17:07 - 00001354 _____ () C:\Users\Utq\Desktop\ReadMe.txt
2014-12-19 12:25 - 2014-12-19 12:25 - 00000000 ____D () C:\Users\Utq\AppData\Roaming\EurekaLab s.a.s
2014-12-17 21:36 - 2015-01-08 20:39 - 00975360 ___SH () C:\Users\Utq\Desktop\Thumbs.db
2014-12-17 15:40 - 2014-05-25 14:33 - 03888736 _____ () C:\Users\Utq\Desktop\GTA - Vice City v1.03.apk
2014-12-16 13:08 - 2014-12-16 13:08 - 00000000 ____D () C:\Users\Utq\AppData\Local\TGE
2014-12-16 13:07 - 2014-12-19 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\o2
2014-12-15 14:55 - 2014-12-15 14:55 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-15 14:53 - 2014-12-15 15:12 - 00017404 _____ () C:\Windows\setupact.log
2014-12-15 14:53 - 2014-12-15 14:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-12-15 14:53 - 2014-12-15 14:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-14 14:04 - 2014-12-14 14:04 - 00000000 ____D () C:\Users\Utq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Animake
2014-12-14 14:04 - 2014-12-14 14:04 - 00000000 ____D () C:\Program Files (x86)\Animake
2014-12-13 13:01 - 2014-12-13 13:01 - 00000000 ____D () C:\usr
2014-12-12 20:05 - 2014-12-19 12:33 - 00000000 __HDC () C:\ProgramData\{CD3330DC-8B86-4AE3-B2E4-09E56CB3E702}
2014-12-12 13:26 - 2014-12-12 14:07 - 00000000 ____D () C:\Users\Utq\Desktop\vcmod_coderhire
2014-12-12 12:53 - 2014-07-28 23:22 - 00000000 ____D () C:\Users\Utq\Desktop\httrack

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 18:44 - 2014-09-11 18:10 - 00000000 ____D () C:\Users\Utq\Downloads\Firefox
2015-01-09 18:37 - 2013-06-28 18:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-09 18:35 - 2013-10-26 16:58 - 00000000 ____D () C:\Users\Utq\AppData\Roaming\ClassicShell
2015-01-09 18:20 - 2014-10-26 15:09 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-09 18:06 - 2014-10-04 05:41 - 00000000 ____D () C:\Users\Utq\Desktop\XnView
2015-01-09 18:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2015-01-09 16:47 - 2013-06-20 19:48 - 01102357 _____ () C:\Windows\WindowsUpdate.log
2015-01-09 13:23 - 2012-07-26 11:27 - 00751892 _____ () C:\Windows\system32\perfh007.dat
2015-01-09 13:23 - 2012-07-26 11:27 - 00155620 _____ () C:\Windows\system32\perfc007.dat
2015-01-09 13:23 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-09 13:20 - 2013-06-20 19:54 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3921089224-1379259845-2437648751-1001
2015-01-09 13:17 - 2013-07-09 18:13 - 00000000 ___RD () C:\Users\Utq\Dropbox
2015-01-09 13:17 - 2013-07-09 18:07 - 00000000 ____D () C:\Users\Utq\AppData\Roaming\Dropbox
2015-01-09 13:15 - 2014-10-26 15:09 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-09 13:15 - 2013-11-29 13:37 - 00000000 ____D () C:\Users\Utq\AppData\Local\TSVNCache
2015-01-08 21:25 - 2014-04-07 19:49 - 00000000 ____D () C:\Users\Utq\AppData\Local\HTC MediaHub
2015-01-08 21:11 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-08 20:53 - 2014-11-29 10:21 - 00006002 _____ () C:\Windows\PFRO.log
2015-01-08 20:52 - 2012-07-26 06:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-01-08 20:45 - 2014-05-06 18:09 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-08 20:12 - 2014-05-06 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-08 20:12 - 2014-05-06 18:09 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-08 18:36 - 2013-06-20 19:48 - 00000000 ____D () C:\Users\Utq
2015-01-06 20:25 - 2014-10-27 12:48 - 00000000 ____D () C:\Users\Utq2_000\AppData\Local\TSVNCache
2015-01-06 10:45 - 2014-10-27 12:48 - 00000000 ____D () C:\Users\Utq2_000\AppData\Roaming\ClassicShell
2015-01-06 09:53 - 2014-10-27 12:53 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3921089224-1379259845-2437648751-1004
2015-01-05 23:06 - 2014-05-12 15:03 - 00000000 ____D () C:\Users\Utq\AppData\Roaming\Audacity
2015-01-03 19:56 - 2014-11-08 17:20 - 00000772 _____ () C:\Users\Utq\Desktop\key.txt
2015-01-03 12:45 - 2014-01-11 12:19 - 00004524 _____ () C:\Windows\Sandboxie.ini
2015-01-01 23:44 - 2013-08-22 16:06 - 00000000 ____D () C:\Users\Utq\dwhelper
2015-01-01 23:06 - 2013-06-28 17:23 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-01 21:12 - 2013-11-05 19:45 - 00000000 ____D () C:\Users\Utq\AppData\Roaming\vlc
2014-12-30 19:37 - 2014-09-14 09:21 - 00000000 ____D () C:\Users\Utq\AppData\Roaming\eve Updater
2014-12-30 15:20 - 2014-07-15 15:37 - 00000000 ____D () C:\Users\Utq\Downloads\cmic
2014-12-30 11:27 - 2014-10-19 16:15 - 00000308 _____ () C:\Users\Utq\Desktop\ClientRegistry.blob
2014-12-29 23:08 - 2013-11-05 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-12-26 18:31 - 2014-12-01 18:37 - 00001291 _____ () C:\Users\Public\Desktop\paint.net.lnk
2014-12-26 18:31 - 2013-07-14 12:11 - 00000000 ___RD () C:\Users\Utq\Desktop\Unterschlupf Ordner
2014-12-26 18:31 - 2013-07-05 12:37 - 00001303 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2014-12-26 18:31 - 2013-07-05 12:37 - 00000000 ____D () C:\Program Files\Paint.NET
2014-12-25 19:11 - 2014-01-10 16:54 - 00000000 ____D () C:\Users\Utq\Documents\Praktikum2014
2014-12-25 19:08 - 2013-07-29 15:24 - 00000000 ____D () C:\Users\Utq\Downloads\Old
2014-12-25 18:12 - 2013-08-07 15:04 - 00000000 ____D () C:\Users\Utq\.gimp-2.8
2014-12-25 17:48 - 2013-08-07 15:06 - 00000000 ____D () C:\Users\Utq\AppData\Local\gtk-2.0
2014-12-25 11:36 - 2014-05-16 18:30 - 61882687 _____ () C:\Users\Utq\Downloads\OBB_CarXDrift.rar
2014-12-22 18:29 - 2014-11-02 17:36 - 00000000 ____D () C:\Users\Utq\Documents\freigabe
2014-12-21 21:35 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-21 17:21 - 2014-01-17 14:35 - 00000000 ____D () C:\Program Files\Recuva
2014-12-18 16:15 - 2014-11-30 20:17 - 831323316 _____ () C:\Users\Utq\Downloads\NeuroTec Vehicles Addon Pack (300914).rar.part
2014-12-17 16:29 - 2014-10-29 20:14 - 00000578 _____ () C:\Users\Utq\Desktop\gm+.txt
2014-12-17 16:21 - 2014-09-09 13:37 - 00000558 _____ () C:\SSUUpdater.log
2014-12-17 16:13 - 2013-07-09 18:08 - 00000000 ____D () C:\Users\Utq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-16 20:07 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-15 15:03 - 2014-10-18 18:07 - 00000000 ____D () C:\Users\Utq\AppData\Local\Adobe
2014-12-15 14:55 - 2013-06-28 18:02 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-14 10:19 - 2014-09-15 08:07 - 00454296 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-14 10:18 - 2013-06-20 22:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-11 17:57 - 2014-11-11 14:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-10 15:49 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent

Some content of TEMP:
====================
C:\Users\Utq\AppData\Local\Temp\avgnt.exe
C:\Users\Utq\AppData\Local\Temp\AviraSetup183415258.exe
C:\Users\Utq\AppData\Local\Temp\bitool.dll
C:\Users\Utq\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Utq\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\Utq\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpq6c8il.dll
C:\Users\Utq\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Utq\AppData\Local\Temp\Quarantine.exe
C:\Users\Utq\AppData\Local\Temp\sqlite3.dll
C:\Users\Utq\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Utq2_000\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-08 18:08

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 09.01.2015, 20:45   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Verdacht auf KeyLogger - Standard

Verdacht auf KeyLogger



Doppelpost, sorry

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\Utq\Desktop\sdcard\meme\memedroid_3.55_109140355.apk

C:\Users\Utq\Downloads\Firefox\Rename Master - CHIP-Installer.exe

C:\Users\Utq\Dropbox\com.novagecko.memedroid.apk

C:\Users\Utq\Dropbox\meme.rar
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.01.2015, 22:49   #8
anderesding
 
Verdacht auf KeyLogger - Frage

Verdacht auf KeyLogger



Die App "memedroid" ist von seriöser Quelle und ich benutze sie schon sehr lange auf meinem Android Gerät. Ist's ok, wenn ich diese apk Dateien behalte?

Zitat:
DelFix entfernt u. a. alle verwendeten programme
Das macht mir Angst, was genau ist damit gemeint? Die Bereinigungsprogramme werden entfernt?
Darf ich die nicht manuell deinstallieren & entfernen?

Zitat:
Setze vor jede Funktion ein Häkchen.
  • Wiederherstellung der Systemeinstellungen?
    • Muss das sein? Ich würde gerne mein vertrautes System behalten.
  • Löschung der Wiederherstellungspunkte?
    • Möchte ich bitte auch behalten.

Alt 10.01.2015, 11:44   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Verdacht auf KeyLogger - Standard

Verdacht auf KeyLogger



Ja die kannste behalten.

Delfix entfernt nur die Bereinigungsprogramme. Die kann man nicht von Hand deinstallieren.
Zitat:
Löschung der Wiederherstellungspunkte?

Möchte ich bitte auch behalten.
Möchtest dich also gerne nochmal infizieren? Von mir aus
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.01.2015, 14:28   #10
anderesding
 
Verdacht auf KeyLogger - Standard

Verdacht auf KeyLogger



Ok gefixt
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Utq at 2015-01-10 14:11:49 Run:1
Running from C:\Users\Utq\Desktop\troj
Loaded Profile: Utq (Available profiles: Utq & Utq2_000)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Utq\Downloads\Firefox\Rename Master - CHIP-Installer.exe
Emptytemp:

*****************

C:\Users\Utq\Downloads\Firefox\Rename Master - CHIP-Installer.exe => Moved successfully.
EmptyTemp: => Removed 980.4 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 14:14:24 ====
         
Defogger hatte ich benutzt... werde ich wieder re-enablen.

Und was genau ist jetzt bei delfix mit
Zitat:
Wiederherstellung der Systemeinstellungen
gemeint?

Alt 10.01.2015, 14:56   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Verdacht auf KeyLogger - Standard

Verdacht auf KeyLogger



Wenn diese durch Malware verändert wurden macht Delfix das rückgängig.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.01.2015, 17:57   #12
anderesding
 
Verdacht auf KeyLogger - Blinzeln

Verdacht auf KeyLogger



Okay also sind wir jetzt fertig

Wenn ich das richtig verstanden habe soll ich mit dem CCleaner die Registry nicht säubern oder?

Andere Frage:
Ist Revo Uninstaller nur was für Malware oder darf ich das auch für andere Software benutzen, anstatt die über die Systemsteuerung zu deinstallieren?

Damit Unnötiges Zeug wirklich restlos verschwindet

Und noch was:
War das, was wir hier gemacht haben ein Komplett-System-Check oder wurde nur nach Keylogger/PUP gesucht?
Denn ich habe auch manchmal einen freezy Firefox Browser...

Geändert von anderesding (11.01.2015 um 18:04 Uhr) Grund: noch ne Frage

Alt 11.01.2015, 20:52   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Verdacht auf KeyLogger - Standard

Verdacht auf KeyLogger



Zitat:
Wenn ich das richtig verstanden habe soll ich mit dem CCleaner die Registry nicht säubern oder?
genau.
Zitat:
Ist Revo Uninstaller nur was für Malware oder darf ich das auch für andere Software benutzen, anstatt die über die Systemsteuerung zu deinstallieren?
kannste für alles nutzen.

Wir haben alles gecheckt. Für Firefox:

Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.01.2015, 20:28   #14
anderesding
 
Verdacht auf KeyLogger - Daumen hoch

Verdacht auf KeyLogger



Dann mal ein fettes an dich!
Soweit wäre dann alles erledigt und Fragen fallen mir auch keine mehr ein.

Ich wünsch dir auch weiterhin viel Geduld und Erfolg bei deinen guten Taten

Alt 12.01.2015, 20:46   #15
schrauber
/// the machine
/// TB-Ausbilder
 

Verdacht auf KeyLogger - Standard

Verdacht auf KeyLogger



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Verdacht auf KeyLogger
administrator, adobe, antivir, antivirus, avira, bluestacks, browser, cpu-last, defender, desktop, dvdvideosoft ltd., euro, explorer, flash player, format, helper, hohe cpu-last, keylogger, launch, minecraft, mozilla, opera, realtek, registry, remotecomputer, rundll, server, services.exe, svchost.exe, system, vice city, virtualbox, virus, windows, windowsapps, winlogon.exe



Ähnliche Themen: Verdacht auf KeyLogger


  1. Windows 7: Verdacht auf Keylogger
    Log-Analyse und Auswertung - 22.06.2014 (16)
  2. Verdacht auf Keylogger
    Log-Analyse und Auswertung - 28.05.2014 (5)
  3. Verdacht auf Keylogger
    Log-Analyse und Auswertung - 03.03.2014 (9)
  4. Verdacht auf keylogger
    Plagegeister aller Art und deren Bekämpfung - 06.10.2012 (17)
  5. Verdacht auf Keylogger
    Log-Analyse und Auswertung - 19.09.2011 (1)
  6. Verdacht auf Keylogger
    Log-Analyse und Auswertung - 07.05.2011 (16)
  7. Verdacht auf Keylogger
    Log-Analyse und Auswertung - 18.02.2011 (4)
  8. Verdacht auf KeyLogger
    Log-Analyse und Auswertung - 21.02.2010 (2)
  9. Verdacht auf Keylogger
    Log-Analyse und Auswertung - 02.01.2010 (4)
  10. Verdacht auf Keylogger
    Log-Analyse und Auswertung - 11.12.2009 (1)
  11. Keylogger Verdacht!
    Plagegeister aller Art und deren Bekämpfung - 15.09.2009 (6)
  12. Verdacht auf Trojaner/Keylogger
    Plagegeister aller Art und deren Bekämpfung - 26.05.2009 (0)
  13. Hab nen verdacht auf nen Keylogger
    Mülltonne - 04.09.2008 (0)
  14. Verdacht auf Keylogger
    Log-Analyse und Auswertung - 10.08.2008 (1)
  15. Verdacht auf keylogger!
    Log-Analyse und Auswertung - 01.11.2007 (11)
  16. verdacht auf keylogger!
    Log-Analyse und Auswertung - 23.10.2007 (7)
  17. Verdacht auf Spyware und Keylogger etc. ?!
    Mülltonne - 20.10.2007 (0)

Zum Thema Verdacht auf KeyLogger - Hallo TB! Nachdem ich eine ausführbare Datei (leider erst nach dem öffnen) auf virustotal.com gescannt habe hat mich AegisLab mit dem Fund: "Troj.Spy.MSIL.KeyLogger" misstrauisch gemacht, sodass ich überall Angst habe - Verdacht auf KeyLogger...
Archiv
Du betrachtest: Verdacht auf KeyLogger auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.