Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Es öffnet sich immer ein P****fenster im Browser

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.02.2015, 09:41   #1
Karakal15
 
Es öffnet sich immer ein P****fenster im Browser - Standard

Es öffnet sich immer ein P****fenster im Browser



Hallo!
In meiner Verzweiflung bin ich nun auf dieses Forum gestoßen.

Ich schildere mal mein Problem:
Bei mir öffnet sich, immer wenn ich auf Links klicke (egal welche Webseite) ein extra Fenster was auf eine P****seite weiterleitet. Ich bin definitiv auf keiner gewesen! Ich habe dann Malwarebytes laufen lassen und zwei Einträge in der Registry gefunden, die beide den DhcpNameServer ändern, auf irgendeine merkwürdige IP-Adresse. Ich dachte es liegt daran und habe dann diese gelöscht, und bin auch mit AdwCleaner drüber gegangen. Die Einträge existieren jetzt nicht mehr. Auch laut den beiden Programmen ist jetzt keine Gefahr mehr vorhanden. Trotzdem öffnet sich weiterhin öfters dieses Fenster.

Ich habe von meiner Mutter das gleiche Problem beschrieben bekommen (alle über einen Router im Heimnetzwerk) und habe deshalb auch dort nachgeschaut, dort sind solche Registry-Einträge aber nicht vorhanden. Ich habe außerdem den PC meines Bruders (gerade einmal 13) überprüft und dort waren die Werte auch angegeben.

Ich ging deshalb davon aus, dass es am Router liegen muss. Ich habe diesen zurückgesetzt und alle Einstellungen überprüft. Jetzt wird zwar nicht mehr der Dhcp-Eintrag geändert, trotzdem öffnet sich hin und wieder das Fenster. Mit keinem Programm lässt sich aber das Schadprogramm finden.

Ich hoffe, dass ich das wegbekomme, das Forum ist sozusagen meine letzte Rettung vor dem Neuaufsetzen (was katastrophal wäre weil ich keine BackUps habe )

Ich hoffe Ihr könnt mir helfen,

Karakal

Alt 02.02.2015, 10:29   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Es öffnet sich immer ein P****fenster im Browser - Standard

Es öffnet sich immer ein P****fenster im Browser



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 02.02.2015, 10:35   #3
Karakal15
 
Es öffnet sich immer ein P****fenster im Browser - Standard

Es öffnet sich immer ein P****fenster im Browser



Danke für die schnelle Antwort!

Hier die FRST. txt:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by *** (administrator) on ***-PC_HP on 02-02-2015 11:32:53
Running from C:\Users\***\Desktop
Loaded Profiles: ***************
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Olof Lagerkvist) C:\Windows\System32\imdsksvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(ProdEx Technologies) C:\Windows\SysWOW64\slpservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Windows\System32\valWBFPolicyService.exe
(Xerox Corporation) C:\Program Files\Xerox\XeroxPrintExperience\CommonFiles\XeroxPrintJobEventManagerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2014-02-03] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [TrayServer] => C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Premium_Sonderedition\TrayServer_de.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2707992 2014-09-03] (Sony Corporation)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [Kies3PDLR.exe] => C:\Program Files (x86)\Samsung\Kies3\FirmwareUpdate\Kies3PDLR.exe [845120 2015-01-14] (Samsung)
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [EPLTarget\P0000000000000002] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILRE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [Amazon Cloud Player] => C:\Users\Wyn\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2014-05-08] ()
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2014-12-29] (SlySoft, Inc.)
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [GoogleChromeAutoLaunch_18C8ADFAF96BD2AADE491DE6AD910887] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-25] (Google Inc.)
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1718536 2014-07-24] (CyberLink Corp.)
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\MountPoints2: F - "F:\Autorun.exe" 
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\MountPoints2: H - "H:\Autorun.exe" 
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\MountPoints2: {d1d19ffd-62d5-11e4-bebf-3423873bf9ca} - "F:\AutoRun.exe" 
HKU\S-1-5-18\...\CurrentVersion\Windows: [Load] ,slpmonx.exe <===== ATTENTION
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Behringer X-UF USB Control Panel.lnk
ShortcutTarget: Behringer X-UF USB Control Panel.lnk -> C:\Program Files\behringer\UsbAudioDriver_XUF\X-UF USB Control Panel.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nach Updates suchen.lnk
ShortcutTarget: Nach Updates suchen.lnk -> C:\Program Files (x86)\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe (PCTV Systems)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartCapture.lnk
ShortcutTarget: SmartCapture.lnk -> C:\Program Files (x86)\Seiko Instruments Inc\Smart Label Printer 7.1.1\slpcap.exe (Seiko Instruments USA Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
Startup: C:\Users\Wyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Wyn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Wyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk
ShortcutTarget: Telegram.lnk -> C:\Users\Wyn\AppData\Roaming\Telegram Win (Unofficial)\Telegram.exe (Telegram Messenger LLP)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4
SearchScopes: HKLM -> {3F9AB413-213D-47E2-9067-C5033A64AA06} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {3F9AB413-213D-47E2-9067-C5033A64AA06} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002 -> {3F9AB413-213D-47E2-9067-C5033A64AA06} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Wyn\AppData\Roaming\Mozilla\Firefox\Profiles\auim9r1r.default
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4126525249-1915814395-1466209751-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Wyn\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll No File
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2014-12-18]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-08-21]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-21]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-08-21]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-08-21]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-08-21]
FF HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-10-31]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "https://www.google.de/"
CHR Profile: C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-03]
CHR Extension: (Google Drive) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-03]
CHR Extension: (Google-Suche) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-03]
CHR Extension: (Kaspersky Protection) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-08-28]
CHR Extension: (Google Kalender) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-02-03]
CHR Extension: (Website Logon) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof [2014-02-03]
CHR Extension: (Premiumize.me) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojbjecfjcnaledoelddkcjlifhhfebm [2014-05-08]
CHR Extension: (Google Wallet) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-03]
CHR Extension: (Google Mail) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-03]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4920104 2014-12-31] (Emsisoft GmbH)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 Apache2.4; C:\xampp\xampp\apache\bin\httpd.exe [22016 2013-11-21] (Apache Software Foundation) [File not signed]
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 ImDskSvc; C:\Windows\system32\imdsksvc.exe [11776 2012-11-02] (Olof Lagerkvist) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129848 2013-02-22] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [180200 2013-02-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-02-22] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 mysql; C:\xampp\xampp\mysql\bin\mysqld.exe [10966528 2014-01-14] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [484888 2014-09-03] (Sony Corporation)
R2 SLPMONX; C:\WINDOWS\SysWOW64\slpservice.exe [32256 2001-10-09] (ProdEx Technologies) [File not signed]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2013-03-19] () [File not signed]
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-02-03] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 XeroxPrintJobEventManagerService; C:\Program Files\Xerox\XeroxPrintExperience\CommonFiles\XeroxPrintJobEventManagerService.exe [238920 2013-12-02] (Xerox Corporation)
S2 FileZillaServer; "C:\xampp\filezillaftp\filezillaserver.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2014-03-08] () [File not signed]
S3 AWEAlloc; C:\Windows\system32\DRIVERS\awealloc.sys [18456 2012-11-02] (Olof Lagerkvist)
R3 azvusb; C:\Windows\System32\drivers\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)
S3 behringer_xuf_usb; C:\Windows\System32\Drivers\behringer_xuf_usb_x64.sys [116416 2013-06-13] (Archwave AG)
S3 behringer_xuf_usb_avs; C:\Windows\System32\Drivers\behringer_xuf_usb_avs_x64.sys [72384 2013-06-13] (Archwave AG)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S2 DLPortIO; C:\Windows\SysWow64\Drivers\DLPortIO.sys [3584 1999-01-10] ()
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows (R) Win 7 DDK provider)
S3 FWLANUSB; C:\Windows\system32\DRIVERS\fwlanusb.sys [459776 2006-07-31] (AVM GmbH)
S1 hwinterfacex64; C:\Windows\System32\Drivers\hwinterfacex64.sys [5632 2014-05-17] (Logix4u) [File not signed]
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-02-13] ()
R2 ImDisk; C:\Windows\system32\DRIVERS\imdisk.sys [39464 2012-11-02] (Olof Lagerkvist)
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-02-13] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-02-13] ()
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [178944 2013-01-28] (ITE                      )
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [142344 2014-10-10] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [771272 2014-10-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2014-03-08] () [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
S3 mod7700; C:\Windows\system32\DRIVERS\mod7700.sys [1159696 2009-07-22] (DiBcom SA)
S3 MODRC; C:\Windows\system32\DRIVERS\modrc.sys [24208 2009-07-22] (DiBcom S.A.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 okdmx31; C:\Windows\System32\Drivers\okdmx31.sys [3712 2014-05-17] () [File not signed]
S3 okdmx31; C:\Windows\SysWOW64\Drivers\okdmx31.sys [3712 2014-05-17] () [File not signed]
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1205872 2014-11-28] (Ralink Technology, Corp.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2014-02-03] (Realsil Semiconductor Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-02-03] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-02-02] ()
S3 BlueletAudio; \SystemRoot\system32\DRIVERS\blueletaudio.sys [X]
S3 BtAudioBusSrv; \SystemRoot\System32\Drivers\BtAudioBus.sys [X]
S3 BthL2caScoIfSrv; \SystemRoot\System32\Drivers\BtL2caScoIf.sys [X]
S3 btUrbFilterDrv; \SystemRoot\System32\Drivers\IvtUrbBtFlt.sys [X]
S3 zlportio; \??\C:\Program Files (x86)\PHOENIXstudios\PC_DIMMER\zlportio.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 11:32 - 2015-02-02 11:33 - 00035892 _____ () C:\Users\Wyn\Desktop\FRST.txt
2015-02-02 11:32 - 2015-02-02 11:32 - 00000000 ____D () C:\FRST
2015-02-02 11:31 - 2015-02-02 11:32 - 02131456 _____ (Farbar) C:\Users\Wyn\Desktop\FRST64.exe
2015-02-02 00:07 - 2015-02-02 00:07 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2015-02-01 23:02 - 2015-02-02 00:05 - 00000000 ____D () C:\AdwCleaner
2015-02-01 22:57 - 2015-02-01 22:57 - 02194432 _____ () C:\Users\Wyn\Desktop\AdwCleaner_4.109.exe
2015-02-01 18:34 - 2015-02-02 00:22 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-01 18:34 - 2015-02-01 18:34 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-01 18:34 - 2015-02-01 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-01 18:34 - 2015-02-01 18:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-01 18:34 - 2015-02-01 18:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-01 18:34 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-01 18:34 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-01 18:34 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-31 23:53 - 2015-01-31 23:53 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-01-31 19:30 - 2015-02-02 10:37 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-01-31 19:21 - 2015-01-31 19:21 - 00009589 _____ () C:\Users\Wyn\AppData\Local\recently-used.xbel
2015-01-24 21:02 - 2015-01-24 21:03 - 11658240 _____ () C:\Users\Wyn\Desktop\SetupAnyDVD7570.exe
2015-01-22 11:35 - 2015-01-22 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2015-01-20 02:52 - 2015-02-02 00:06 - 00003336 _____ () C:\WINDOWS\PFRO.log
2015-01-20 00:43 - 2015-01-20 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
2015-01-20 00:39 - 2015-01-20 00:39 - 06381120 _____ (Tim Kosse) C:\Users\Wyn\Downloads\FileZilla_3.10.0.2_win32-setup.exe
2015-01-18 19:21 - 2015-01-18 22:50 - 17792878 _____ () C:\Users\Wyn\Desktop\Hyper günstig einkaufen.mp4
2015-01-17 15:07 - 2015-01-20 01:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-15 21:29 - 2013-11-12 14:25 - 00091912 _____ (CyberLink) C:\WINDOWS\system32\Drivers\CLVirtualDrive.sys
2015-01-15 16:28 - 2015-01-22 12:24 - 00028089 _____ () C:\WINDOWS\DirectX.log
2015-01-15 16:27 - 2015-01-15 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
2015-01-14 19:10 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 19:10 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 19:10 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 19:10 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 19:10 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 19:10 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 19:10 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 19:10 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 19:10 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 19:10 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 19:10 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 19:10 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 19:10 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 19:10 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 19:10 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 19:10 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 19:10 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 19:10 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 19:10 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 19:10 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 19:10 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 19:10 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 19:10 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 19:10 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 19:10 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 19:10 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 19:10 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 19:10 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 19:10 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 19:10 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 19:10 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-13 16:25 - 2015-01-13 16:25 - 00000000 __SHD () C:\Users\Wyn\AppData\Local\EmieUserList
2015-01-13 16:25 - 2015-01-13 16:25 - 00000000 __SHD () C:\Users\Wyn\AppData\Local\EmieSiteList
2015-01-13 16:25 - 2015-01-13 16:25 - 00000000 __SHD () C:\Users\Wyn\AppData\Local\EmieBrowserModeList
2015-01-10 12:45 - 2015-01-10 12:45 - 00000000 ____D () C:\Users\Wyn\.thumbnails
2015-01-10 12:44 - 2015-01-10 13:03 - 00020480 ___SH () C:\Users\Wyn\Documents\Thumbs.db
2015-01-10 12:28 - 2015-01-31 19:21 - 00000000 ____D () C:\Users\Wyn\.gimp-2.8
2015-01-09 23:51 - 2014-10-13 06:57 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2015-01-09 23:51 - 2014-10-13 06:57 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2015-01-09 23:47 - 2015-01-09 23:47 - 00000000 ____D () C:\Users\Wyn\Documents\SelfMV
2015-01-09 16:03 - 2015-01-09 16:03 - 06388344 _____ (Tim Kosse) C:\Users\Wyn\Downloads\FileZilla_3.10.0_win32-setup.exe
2015-01-09 15:45 - 2015-01-09 22:51 - 00000000 ____D () C:\Users\Wyn\AppData\Roaming\Rechnungsverwalter
2015-01-09 15:45 - 2015-01-09 15:45 - 38940488 _____ () C:\Users\Wyn\Downloads\rv_install_V2.10.31_CB-DL-Manager [1].exe
2015-01-09 15:45 - 2015-01-09 15:45 - 00000000 ____D () C:\Users\Wyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rechnungsverwalter
2015-01-09 15:45 - 2015-01-09 15:45 - 00000000 ____D () C:\Program Files (x86)\Rechnungsverwalter
2015-01-09 15:24 - 2015-01-09 15:24 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-09 15:24 - 2015-01-09 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-07 22:10 - 2015-01-07 22:10 - 00000000 ____D () C:\Users\Wyn\AppData\Roaming\IsolatedStorage
2015-01-07 22:10 - 2015-01-07 22:10 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2015-01-07 22:09 - 2015-01-07 22:09 - 00000000 ____D () C:\Spacekace

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 11:28 - 2014-02-26 16:28 - 00000939 _____ () C:\WINDOWS\Tasks\EPSON XP-510 Series Update {EFBB9A74-580C-4AFB-AE13-713218B4702E}.job
2015-02-02 11:28 - 2014-02-26 16:28 - 00000753 _____ () C:\WINDOWS\Tasks\EPSON XP-510 Series Invitation {EFBB9A74-580C-4AFB-AE13-713218B4702E}.job
2015-02-02 11:27 - 2014-02-03 17:16 - 00001138 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-02 11:08 - 2014-05-27 10:30 - 01943449 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-02 11:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-02 10:20 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-02 09:45 - 2015-01-01 20:36 - 00000285 _____ () C:\WINDOWS\avmcowlan.log
2015-02-02 09:34 - 2015-01-01 20:36 - 00013365 _____ () C:\WINDOWS\setupact.log
2015-02-02 00:14 - 2014-10-29 11:29 - 00000000 ____D () C:\Users\Wyn\Documents\Youcam
2015-02-02 00:07 - 2014-08-21 23:16 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-02 00:07 - 2014-02-03 17:15 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-02 00:07 - 2013-11-24 16:25 - 00034752 _____ () C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
2015-02-02 00:06 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-01 23:50 - 2014-02-03 17:15 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D926EEEF-D5BD-443A-9301-A49C67598B48}
2015-02-01 23:16 - 2014-02-03 12:02 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4126525249-1915814395-1466209751-1002
2015-02-01 20:04 - 2014-11-01 21:23 - 00000000 ____D () C:\Users\Wyn\AppData\Roaming\.minecraft
2015-02-01 19:55 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-01 18:03 - 2012-08-04 01:02 - 00000000 ____D () C:\SWSetup
2015-02-01 17:58 - 2014-02-03 15:27 - 00000000 ____D () C:\Users\Wyn
2015-02-01 17:56 - 2014-02-03 16:04 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-02-01 17:56 - 2014-02-03 16:04 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-02-01 17:46 - 2014-02-27 11:30 - 01697280 ___SH () C:\Users\Wyn\Desktop\Thumbs.db
2015-02-01 00:13 - 2014-04-10 20:22 - 00000000 ____D () C:\Program Files (x86)\Rise of Nations
2015-01-31 19:22 - 2014-04-30 17:03 - 00000000 ____D () C:\Users\Wyn\AppData\Roaming\FileZilla
2015-01-31 19:22 - 2014-04-30 17:02 - 00002016 _____ () C:\Users\Wyn\Desktop\FileZilla Client.lnk
2015-01-31 19:22 - 2014-04-30 17:02 - 00000000 ____D () C:\Users\Wyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-01-31 19:22 - 2014-04-30 17:02 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2015-01-31 19:21 - 2014-02-23 14:54 - 00000000 ____D () C:\Users\Wyn\AppData\Local\gtk-2.0
2015-01-31 11:40 - 2014-05-10 11:43 - 00000000 ____D () C:\Users\Wyn\Desktop\Premiumize.me
2015-01-30 20:42 - 2014-02-03 17:04 - 00003154 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForWyn
2015-01-30 20:42 - 2014-02-03 17:04 - 00000344 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForWyn.job
2015-01-30 15:16 - 2014-10-19 09:34 - 00000000 ____D () C:\Users\Wyn\Desktop\Findlingshof
2015-01-30 15:09 - 2013-11-14 08:27 - 01984420 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-30 15:09 - 2013-11-14 08:11 - 00843606 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-30 15:09 - 2013-11-14 08:11 - 00192300 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-29 20:42 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-29 19:31 - 2014-02-03 18:03 - 00000000 ____D () C:\Users\Wyn\AppData\Roaming\Skype
2015-01-28 21:27 - 2014-03-21 22:23 - 00000000 ____D () C:\Users\Wyn\AppData\Roaming\vlc
2015-01-27 15:28 - 2014-02-03 17:16 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-26 19:00 - 2014-08-23 10:40 - 00000000 ____D () C:\Users\Wyn\Desktop\Bewerbung(en)
2015-01-24 21:58 - 2014-02-03 18:13 - 00000020 ____H () C:\ProgramData\PKP_DLet.DAT
2015-01-24 21:20 - 2014-12-18 19:42 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2014-12-18 19:42 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 21:08 - 2014-02-03 18:13 - 00000020 ____H () C:\ProgramData\PKP_DLev.DAT
2015-01-22 13:41 - 2014-02-03 19:06 - 00000000 ____D () C:\Users\Wyn\Documents\Battlefield 2
2015-01-22 13:37 - 2014-02-03 20:10 - 00000000 ____D () C:\Users\Wyn\Desktop\Abbilder DVD
2015-01-22 12:45 - 2014-02-03 17:59 - 00000000 ____D () C:\Users\Wyn\Desktop\Spiele
2015-01-22 12:31 - 2013-09-27 12:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-20 12:44 - 2013-11-24 16:28 - 00000000 ____D () C:\ProgramData\Temp
2015-01-20 02:52 - 2014-02-03 17:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-20 00:43 - 2014-02-03 18:20 - 00000000 ____D () C:\Program Files (x86)\XMedia Recode
2015-01-20 00:43 - 2014-02-03 17:41 - 00000000 ____D () C:\Users\Wyn\Desktop\Programme
2015-01-15 21:29 - 2013-09-27 11:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-01-15 21:28 - 2014-02-03 13:39 - 00000000 ____D () C:\Users\Wyn\AppData\Roaming\CyberLink
2015-01-15 21:28 - 2013-11-24 16:29 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2015-01-15 16:33 - 2014-06-08 14:55 - 00000000 ____D () C:\Users\Wyn\Documents\Ubisoft
2015-01-15 15:51 - 2014-02-04 00:02 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2015-01-15 15:49 - 2014-09-04 12:30 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-15 14:40 - 2014-02-03 12:32 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-15 14:33 - 2014-02-03 12:32 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-13 16:24 - 2014-03-23 12:09 - 00000000 ____D () C:\Program Files (x86)\JavaEditor
2015-01-12 15:42 - 2014-03-10 15:32 - 00000000 ____D () C:\Users\Wyn\Desktop\Auto
2015-01-10 13:39 - 2014-10-28 21:50 - 00000000 ____D () C:\Users\Wyn\Desktop\VT
2015-01-10 00:04 - 2014-05-18 21:20 - 00000000 ____D () C:\Users\Wyn\AppData\Roaming\dvdcss
2015-01-09 23:51 - 2014-02-24 15:10 - 00000000 ____D () C:\Program Files\SAMSUNG
2015-01-09 23:51 - 2014-02-03 17:46 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-01-09 23:51 - 2014-02-03 16:29 - 00000000 ____D () C:\Users\Wyn\AppData\Local\Downloaded Installations
2015-01-09 15:24 - 2014-02-03 18:03 - 00000000 ____D () C:\ProgramData\Skype
2015-01-09 02:27 - 2014-12-25 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java-Editor
2015-01-05 18:16 - 2014-02-03 20:12 - 00000000 ____D () C:\Users\Wyn\Desktop\Diverses

==================== Files in the root of some directories =======

2014-02-03 18:13 - 2014-02-03 18:13 - 0000268 ___RH () C:\Users\Wyn\AppData\Roaming\Pianos and Keyboards
2014-02-03 18:16 - 2014-02-03 18:16 - 0000268 ___RH () C:\Users\Wyn\AppData\Roaming\Pick Bass
2014-02-03 18:13 - 2014-02-03 18:13 - 0000268 ___RH () C:\Users\Wyn\AppData\Roaming\Pipe Organ
2014-05-17 20:07 - 2014-06-09 19:46 - 0009216 _____ () C:\Users\Wyn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-31 19:21 - 2015-01-31 19:21 - 0009589 _____ () C:\Users\Wyn\AppData\Local\recently-used.xbel
2014-04-03 09:32 - 2014-07-28 15:23 - 0007629 _____ () C:\Users\Wyn\AppData\Local\Resmon.ResmonCfg
2014-05-18 21:36 - 2015-01-01 18:00 - 0000164 ___SH () C:\ProgramData\.zreglib
2014-02-03 18:16 - 2014-02-03 18:16 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2014-02-03 18:13 - 2015-01-24 21:58 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-02-03 18:13 - 2015-01-24 21:08 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2014-02-03 18:13 - 2014-02-03 18:13 - 0000268 ___RH () C:\ProgramData\Plants
2014-02-03 18:16 - 2014-02-03 18:16 - 0000268 ___RH () C:\ProgramData\Plug-In Settings
2014-02-03 18:13 - 2014-02-03 18:13 - 0000268 ___RH () C:\ProgramData\Plug-Ins

Some content of TEMP:
====================
C:\Users\Wyn\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6apvyj.dll
C:\Users\Wyn\AppData\Local\Temp\Execute2App.exe
C:\Users\Wyn\AppData\Local\Temp\Extract.exe
C:\Users\Wyn\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Wyn\AppData\Local\Temp\msvcp90.dll
C:\Users\Wyn\AppData\Local\Temp\msvcr90.dll
C:\Users\Wyn\AppData\Local\Temp\Quarantine.exe
C:\Users\Wyn\AppData\Local\Temp\SP69393.exe
C:\Users\Wyn\AppData\Local\Temp\sqlite3.dll
C:\Users\Wyn\AppData\Local\Temp\_is657.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-30 15:52

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


und hier die Addition.txt:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by *** at 2015-02-02 11:33:27
Running from C:\Users\***\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ADAC - Die Simulation (HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\ADAC - Die Simulation) (Version: 1.00.00.00 - rondomedia GmbH)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Amazon Cloud Player (HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Amazon Amazon Cloud Player) (Version: 2.4.0.33 - Amazon Services LLC)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.6.0 - SlySoft)
ArcSoft TotalMedia 3.5 (HKLM-x32\...\{74292F90-895A-4FC6-A692-9641532B1B63}) (Version: 3.5.28.388 - ArcSoft)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Battlefield 2(TM) (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version:  - )
Battlefield 2: Special Forces (HKLM-x32\...\{50D4CB89-AF34-4978-96DC-C3034062E901}) (Version:  - )
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts)
BEHRINGER X-UF USB2.0 Driver v6.13.0.0 (HKLM-x32\...\BEHRINGER X-UF USB2.0 Driver v6.13.0.0) (Version: 6.13.0.0 - BEHRINGER)
Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Buildtools-Sprachressourcen - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Buildtools-Sprachressourcen - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Bus-Simulator 2012 (HKLM-x32\...\Bus-Simulator 2012_is1) (Version:  - astragon)
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000 - Activision) Hidden
Camping Manager 2012 (HKLM-x32\...\Camping Manager 2012_is1) (Version:  - astragon)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5000 - CDBurnerXP)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.6.7225 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.8.4420 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.8.4316 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2606 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3603 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die Polizei 2013 (HKLM-x32\...\Die Polizei 2013) (Version:  - Quadriga Games)
DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.6.1 - DivX, Inc.)
Dropbox (HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
DVBViewer TE2 (HKLM-x32\...\DVBViewer TE2_is1) (Version:  - CM&V)
Easy CD-DA Extractor Free 2010 (HKLM-x32\...\Easy CD-DA Extractor Free 2010) (Version: 2010.6 - Poikosoft)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{2970697F-2A11-4588-8B7F-97322D1CCF3C}) (Version: 3.10.0017 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-510 Series Printer Uninstall (HKLM\...\EPSON XP-510 Series) (Version:  - SEIKO EPSON Corporation)
EPSON-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Erforderliche Komponenten für SSDT  (HKLM-x32\...\{3FF082A7-A5DE-4BDA-B56A-1D2BEFD617A3}) (Version: 11.1.3000.0 - Microsoft Corporation)
EZ CD Audio Converter (64-bit) (HKLM\...\EZ CD Audio Converter (64-bit)) (Version: 2.0.4 - Poikosoft)
FileZilla Client 3.10.0.2 (HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\FileZilla Client) (Version: 3.10.0.2 - Tim Kosse)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.10.1213 - Foxit Corporation)
Free DVD Video Converter version 2.0.19.514 (HKLM-x32\...\Free DVD Video Converter_is1) (Version: 2.0.19.514 - DVDVideoSoft Ltd.)
Free Studio version 6.4.0.1122 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.0.1122 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.49.1022 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1022 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.44.908 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.44.908 - DVDVideoSoft Ltd.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\HPConnectedMusic) (Version: 1.1 (build 96) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{394B14EA-B072-4440-9510-87797CB12371}) (Version: 2.20.21 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{7F265322-43A2-4C06-925B-F32F938B102C}) (Version: 1.3.0.0 - Hewlett-Packard)
HP Quick Start (HKLM-x32\...\{BB27C290-AB30-4D9E-A5D1-88745AAE42E9}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.272 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
ImDisk Virtual Disk Driver (HKLM\...\ImDisk) (Version:  - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel(R) Smart Connect Technology 4.0 x64 (HKLM\...\{B0CA78DB-745A-4857-A73F-9ACD95E62BD0}) (Version: 4.0.41.2072 - Intel)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 72 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417072FF}) (Version: 7.0.720 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 7 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle)
Java SE Development Kit 8 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180000}) (Version: 8.0.0 - Oracle Corporation)
Java-Editor 12.44, 2015.01.08 (HKLM-x32\...\{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1) (Version:  - Gerhard Röhner)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Kayako Desktop (HKLM-x32\...\KayakoDesktop) (Version:  - )
Lexware Info Service (HKLM-x32\...\{8AE7E507-BC49-4DF0-A236-26878691AB53}) (Version: 2.90.00.0009 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (HKLM-x32\...\{A64DF516-9CDC-4299-BD34-2B2C80CD453B}) (Version: 19.00.00.0059 - Haufe-Lexware GmbH & Co.KG)
LibreOffice 4.2.4.2 (HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version: 4.2.4.2 - The Document Foundation)
MAGIX Screenshare (HKLM-x32\...\MAGIX_{BA816CCA-0FEA-4A68-9AD0-4CF3D2DF40CC}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare (x32 Version: 4.3.6.1987 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{4F9A18DC-6E29-4C2C-86B3-2C8815E2F794}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deluxe MX Premium Sonderedition (HKLM-x32\...\MAGIX_{9ADAE3A4-87DD-4091-B5E0-24F4B6F08F3A}) (Version: 11.0.5.0 - MAGIX AG)
MAGIX Video deluxe MX Premium Sonderedition (x32 Version: 11.0.5.0 - MAGIX AG) Hidden
MAGIX Video Pro X5 (HKLM-x32\...\MAGIX_{9624820E-108F-4854-B5A9-24EDCC24CC93}) (Version: 12.0.12.4 - MAGIX AG)
MAGIX Video Pro X5 (Version: 12.0.12.4 - MAGIX AG) Hidden
MainConcept DTV Decoder Pro (HKLM-x32\...\{793FCE60-DE5E-4977-A942-A7B69A45B17D}) (Version: 1.5.0.2 - MainConcept GmbH)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mediatek Bluetooth (HKLM\...\{904C579C-9366-D3B7-7F31-4879401DBD4A}) (Version: 11.0.756.0 - Mediatek)
MergeModule_x64 (Version: 9.0.00 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.0.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Rise Of Nations (HKLM-x32\...\RiseOfNations 1.0) (Version:  - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{F09DEB00-9F41-4BC9-BA81-9F131B12B3D5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{D4E30517-FE6F-491E-942F-AE10E1B18F38}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{B4EDAE03-DB34-4DD0-BA7E-2ED80DEA50B1}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{269A8DF6-BBDA-441F-932B-233F9B746D72}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{EC75BD20-F9CA-4E77-825F-ABD77E95BE91}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{0BF65908-D137-4A9E-B7C9-78F32F74F6FD}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{93945D16-4C3D-433E-B7E4-3D0D86B284C8}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{6F173435-3F19-4043-BA3D-A46AA8472859}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL-Sprachdienst  (HKLM-x32\...\{1D812D86-D8EF-41AC-A518-BA12E1913747}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU  (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (12.0.30919.1) (HKLM-x32\...\{7CC03C58-3471-43D2-A251-EC9AE225E772}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (12.0.30919.1) (HKLM-x32\...\{BCB8A870-2B3D-4CC0-87D6-F931E065AC0C}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{cb41fc68-4442-4f7f-b22f-8f31c74897ac}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 für Windows Desktop - DEU (HKLM-x32\...\{31e4d2a5-b246-4c2d-a7fb-aee157c26b02}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{43341417-7882-4F34-8390-53DFD00F6C0F}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{24440413-490E-41CA-BD33-0B30FD3EBE3A}) (Version: 11.1.3366.16 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.9.0 - Nikon)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OnlineFotoservice (HKLM-x32\...\OnlineFotoservice) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation)
PDF24 Creator 6.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.5.0 - Nikon)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - )
pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA)
PlayMemories Home (HKLM-x32\...\{93AA5B49-0994-4EF6-80F3-868C9CEA88ED}) (Version: 4.0.00.09031 - Sony Corporation)
PMB_ModeEditor (x32 Version: 9.0.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 9.0.00 - Sony Corporation) Hidden
ProTrain Perfect 2 (HKLM-x32\...\AuranTS2009_ptp2_is1) (Version:  - Auran)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.45.0 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Rechnungsverwalter (HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Rechnungsverwalter) (Version: 2.10.31 - Temia Consulting)
RECYCLE (HKLM-x32\...\Steam App 294830) (Version:  - rondomedia GmbH)
Rise of Nations Thrones and Patriots (HKLM-x32\...\RiseofNationsExpansion 1.0) (Version:  - )
RollerCoaster Tycoon 3 (HKLM-x32\...\RollerCoaster Tycoon 3_is1) (Version:  - Atari)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15013.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15013.17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Scribus 1.4.3 (64bit) (HKLM\...\Scribus 1.4.3) (Version: 1.4.3 - The Scribus Team)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
SiudiDriver Version 2.3 (HKLM\...\SiudiDriver_is1) (Version: 2.3 - LightingSoft AG)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Label Printer 7.1.1 R2 (HKLM-x32\...\{A9C7B9CE-229D-40DF-8152-20DC2971AB30}) (Version: 7.1.0437 - Seiko Instruments Inc.)
SmartSoft (HKLM-x32\...\{502B9298-3AA1-44F5-85B6-87B22FDC25E1}) (Version: 3.0.43 - ETC)
Software Updater (HKLM-x32\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION)
SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) Hidden
Sounds (remove only) (HKLM-x32\...\Sounds) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SWI-Prolog (remove only) (HKLM-x32\...\SWI-Prolog) (Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.0 - Synaptics Incorporated)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TechniSat DVB-PC TV Star (HKLM-x32\...\{CE9F9FBC-5253-46D2-9883-09E55003D794}) (Version: 1.0.0 - TechniSat)
Telegram Desktop version 0.6.7 (HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.6.7 - Telegram Messenger LLP)
Tom Clancy's Rainbow Six Vegas (HKLM-x32\...\{5731C0A8-B266-451A-8D3F-8066AA21836F}) (Version: 1.06.000 - Ubisoft)
Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.03 - Ubisoft)
Train Fever (HKLM-x32\...\Steam App 304730) (Version:  - Urban Games)
TVCenter (HKLM\...\{DD0A0C72-A7C3-4722-86C9-2399F9FC0DE7}) (Version: 6.4.5.933 - PCTV Systems)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
Validity WBF DDK (HKLM\...\{B80C52A3-7666-4068-A371-7867F51E68EB}) (Version: 4.5.122.0 - Validity Sensors, Inc.)
Vegas Pro 12.0 (64-bit) (HKLM\...\{BE94768F-5232-11E3-BD78-F04DA23A5C58}) (Version: 12.0.770 - Sony)
ViewNX 2 (HKLM-x32\...\{E64C137C-D0B7-467A-B47F-460AAB30F0A3}) (Version: 2.9.0 - Nikon)
Visitenkarten in 2 Minuten (HKLM-x32\...\Visitenkarten in 2 Minuten) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WORLD IN CONFLICT (HKLM-x32\...\{F11ADC64-C89E-47F4-A0B3-3665FF859397}) (Version: 1.0.1.0 - Massive Entertainment)
Xerox WC73xx Print Experience 2.0 (HKLM\...\{E6993C0F-894A-A469-65DE-5780497BC784}) (Version: 6.71.9.5 - Xerox)
XMedia Recode Version 3.2.1.2 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.1.2 - XMedia Recode)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Wyn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wyn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wyn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wyn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wyn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wyn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wyn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wyn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wyn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

15-01-2015 21:15:12 HPSF Applying updates
22-01-2015 11:30:47 Entfernt Battlefield 2(TM)
29-01-2015 20:40:03 Windows Update
01-02-2015 18:03:16 Installed HP CoolSense

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {004CCF78-AF97-44F5-BC5F-0F7178B7F7ED} - System32\Tasks\EPSON XP-510 Series Update {EFBB9A74-580C-4AFB-AE13-713218B4702E} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLRE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {04BA682F-F484-43BC-897F-12FF4DD97D93} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {0734F92A-243B-49A6-B1CF-AF3410959BD5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
Task: {12BDEB51-1E0F-4AF4-BF21-7AC713468D3E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {14FA53B7-EF51-4720-A820-467E5D9B5E2A} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation)
Task: {214B3A2E-0671-44D5-9797-9D16A71B719C} - System32\Tasks\EPSON XP-510 Series Invitation {EFBB9A74-580C-4AFB-AE13-713218B4702E} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLRE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {286C8333-6057-4AE8-84F6-E60D60140114} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {2AD6CA71-8B0C-485E-B0EB-D8258FAEF665} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-15] (Microsoft Corporation)
Task: {3A38C00A-E49C-44AE-86DD-E4402E510327} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {40D69630-3751-4048-9E2A-BA065C6B43FF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
Task: {532F6465-4937-40C6-A940-65A976AE73BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-03] (Google Inc.)
Task: {5EDBC442-1EAB-4176-ACC8-6F7A63CA7896} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-03] (Google Inc.)
Task: {65E06EFA-5A0B-4D33-98E0-A6AE394A25B3} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2013-12-03] (CyberLink Corp.)
Task: {76829B37-5459-4191-8A97-84E6C6B914CB} - System32\Tasks\{AB1BE9CE-7839-445B-B23A-72CB1323B717} => pcalua.exe -a "C:\Program Files (x86)\RTL\Cobra 11 - Nitro Demo\C11_PC.exe" -d "C:\Program Files (x86)\RTL\Cobra 11 - Nitro Demo\"
Task: {7912253C-7D3B-4DB6-A9FB-E9EC28F13D8F} - System32\Tasks\{52055EA3-B191-4C21-9779-638FF85951CA} => pcalua.exe -a "C:\Program Files (x86)\RTL\Cobra 11 - Nitro Demo\C11_PC.exe" -d "C:\Program Files (x86)\RTL\Cobra 11 - Nitro Demo\"
Task: {7B1A8055-977B-48B1-83A5-2131A4E3DD9A} - System32\Tasks\Xerox WC73xx Printer Configuration - Periodic Refresh => c:\program files\xerox\xeroxprintexperience\wc73xx\XeroxPrinterConfiguration.exe [2013-12-02] (Xerox Corporation)
Task: {7EDD5BA2-550E-45BD-B2E0-5E3DD9653C5C} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {80F1CD03-074E-42D8-8ABF-A18ADDE2B3CD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {92E965A0-1A27-4F49-8394-C1818B88C526} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {A3C03853-F286-42E0-9BFE-BC3DAE7E23DA} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-09-10] (Hewlett-Packard Development Company, L.P.)
Task: {A624BB8C-198C-4B34-AC53-F9DDDDCFF5CB} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {B4EB2765-75FC-4A71-BAEC-5E7C45BD5372} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {BD09DC6F-87D1-479C-8473-633BE113DCBD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {C4FABA0C-4C4E-4413-9B89-B6BAD43E6D85} - System32\Tasks\HPCeeScheduleForWyn => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {C8E526AE-7298-4ED9-8F46-ED9C1A8128A7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {D0C98667-2646-4102-A2DE-A25150CD4731} - System32\Tasks\Xerox WC73xx Printer Configuration - New or Changed => c:\program files\xerox\xeroxprintexperience\wc73xx\XeroxPrinterConfiguration.exe [2013-12-02] (Xerox Corporation)
Task: {E03582CD-A6A7-4D14-BAB9-E39A8E3E1443} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2013-11-04] (Hewlett-Packard Company)
Task: C:\WINDOWS\Tasks\EPSON XP-510 Series Invitation {EFBB9A74-580C-4AFB-AE13-713218B4702E}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLRE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-510 Series Update {EFBB9A74-580C-4AFB-AE13-713218B4702E}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLRE.EXE
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForWyn.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2013-10-27 09:03 - 2014-12-13 11:08 - 00012104 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-02-03 15:22 - 2014-12-13 09:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-02-13 10:35 - 2013-02-13 10:35 - 00180200 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-02-13 10:35 - 2013-02-13 10:35 - 00060392 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2014-12-08 11:10 - 2014-12-08 11:10 - 00102176 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-03-19 14:21 - 2013-03-19 14:21 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
2013-02-07 09:19 - 2013-02-07 09:19 - 04073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2014-09-30 01:51 - 2014-09-30 01:51 - 00074664 _____ () C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
2014-03-06 14:00 - 2014-03-06 14:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2013-10-27 09:03 - 2014-12-13 11:08 - 00012104 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-01-16 16:34 - 2015-01-16 16:34 - 00039200 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2015-01-27 15:28 - 2015-01-25 07:08 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libglesv2.dll
2015-01-27 15:28 - 2015-01-25 07:08 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libegl.dll
2015-01-27 15:28 - 2015-01-25 07:08 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll
2013-11-24 16:11 - 2013-02-16 01:17 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-01-27 15:28 - 2015-01-25 07:08 - 14913864 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:7BEAD6C2
AlternateDataStreams: C:\ProgramData\Temp:98353363

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "TMMonitor.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Behringer X-UF USB Control Panel.lnk"
HKLM\...\StartupApproved\StartupFolder: => "SmartCapture.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Nach Updates suchen.lnk"
HKLM\...\StartupApproved\Run32: => "ArcSoft Connection Service"
HKLM\...\StartupApproved\Run32: => "Nikon Message Center 2"
HKLM\...\StartupApproved\Run32: => "TrayServer"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "Aimersoft Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LexwareInfoService"
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\StartupApproved\StartupFolder: => "Telegram.lnk"
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\StartupApproved\StartupFolder: => "LibreOffice 4.2.lnk"
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\StartupApproved\Run: => "EPLTarget\P0000000000000002"
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\StartupApproved\Run: => "Kies3PDLR.exe"
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\StartupApproved\Run: => "Amazon Cloud Player"
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\StartupApproved\Run: => "AmazonMP3DownloaderHelper"
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_18C8ADFAF96BD2AADE491DE6AD910887"
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\StartupApproved\Run: => "Power2GoExpress8"

========================= Accounts: ==========================

Administrator (S-1-5-21-4126525249-1915814395-1466209751-500 - Administrator - Disabled)
Gast (S-1-5-21-4126525249-1915814395-1466209751-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-4126525249-1915814395-1466209751-1010 - Limited - Enabled)
Papa (S-1-5-21-4126525249-1915814395-1466209751-1008 - Limited - Enabled) => C:\Users\Papa
Wyn (S-1-5-21-4126525249-1915814395-1466209751-1002 - Administrator - Enabled) => C:\Users\Wyn

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/02/2015 11:05:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "eacdll.sxs,type="win32",version="2.1.8.0"1".
Die abhängige Assemblierung "eacdll.sxs,type="win32",version="2.1.8.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/02/2015 09:45:36 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Wyn-PC_HP)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/02/2015 09:45:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Wyn-PC_HP)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/02/2015 00:07:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: slpmonx.exe, Version: 0.2.0.220, Zeitstempel: 0x39904489
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.9600.16384, Zeitstempel: 0x52158ff5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000e1ef
ID des fehlerhaften Prozesses: 0x8e4
Startzeit der fehlerhaften Anwendung: 0xslpmonx.exe0
Pfad der fehlerhaften Anwendung: slpmonx.exe1
Pfad des fehlerhaften Moduls: slpmonx.exe2
Berichtskennung: slpmonx.exe3
Vollständiger Name des fehlerhaften Pakets: slpmonx.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: slpmonx.exe5

Error: (02/02/2015 00:07:05 AM) (Source: MySQL) (EventID: 100) (User: )
Description: Aborting


For more information, see Help and Support Center at hxxp://www.mysql.com.

Error: (02/02/2015 00:07:05 AM) (Source: MySQL) (EventID: 100) (User: )
Description: Can't find messagefile 'C:\xampp\mysql\share\errmsg.sys'

For more information, see Help and Support Center at hxxp://www.mysql.com.

Error: (02/02/2015 00:06:59 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Syntax error on line 37 of C:/xampp/xampp/apache/conf/httpd.conf: ServerRoot must be a valid directory     .

Error: (02/01/2015 11:41:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: slpmonx.exe, Version: 0.2.0.220, Zeitstempel: 0x39904489
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.9600.16384, Zeitstempel: 0x52158ff5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000e1ef
ID des fehlerhaften Prozesses: 0xb64
Startzeit der fehlerhaften Anwendung: 0xslpmonx.exe0
Pfad der fehlerhaften Anwendung: slpmonx.exe1
Pfad des fehlerhaften Moduls: slpmonx.exe2
Berichtskennung: slpmonx.exe3
Vollständiger Name des fehlerhaften Pakets: slpmonx.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: slpmonx.exe5

Error: (02/01/2015 11:41:21 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Aborting


For more information, see Help and Support Center at hxxp://www.mysql.com.

Error: (02/01/2015 11:41:21 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Can't find messagefile 'C:\xampp\mysql\share\errmsg.sys'

For more information, see Help and Support Center at hxxp://www.mysql.com.


System errors:
=============
Error: (02/02/2015 09:46:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070490 fehlgeschlagen: Microsoft.ZuneMusic

Error: (02/02/2015 09:46:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070490 fehlgeschlagen: SymantecCorporation.NortonStudio

Error: (02/02/2015 09:46:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070490 fehlgeschlagen: Microsoft.XboxLIVEGames

Error: (02/02/2015 09:46:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070490 fehlgeschlagen: Microsoft.BingWeather

Error: (02/02/2015 09:46:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070490 fehlgeschlagen: Microsoft.BingFinance

Error: (02/02/2015 09:46:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070490 fehlgeschlagen: Microsoft.WindowsReadingList

Error: (02/02/2015 09:46:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070490 fehlgeschlagen: Microsoft.BingSports

Error: (02/02/2015 09:46:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070490 fehlgeschlagen: Microsoft.WindowsScan

Error: (02/02/2015 09:46:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070490 fehlgeschlagen: Microsoft.WindowsAlarms

Error: (02/02/2015 09:46:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070490 fehlgeschlagen: Microsoft.HelpAndTips


Microsoft Office Sessions:
=========================
Error: (02/02/2015 11:05:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: eacdll.sxs,type="win32",version="2.1.8.0"c:\Users\Wyn\AppData\Local\hpconnectedmusic\application\100100096\HPConnectedMusic.exe

Error: (02/02/2015 09:45:36 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Wyn-PC_HP)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (02/02/2015 09:45:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Wyn-PC_HP)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (02/02/2015 00:07:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: slpmonx.exe0.2.0.22039904489msvcrt.dll7.0.9600.1638452158ff5c00000050000e1ef8e401d03e73cb5bf697C:\WINDOWS\SysWOW64\slpmonx.exeC:\WINDOWS\SYSTEM32\msvcrt.dll0f9fe619-aa67-11e4-bed0-3423873bf9ca

Error: (02/02/2015 00:07:05 AM) (Source: MySQL) (EventID: 100) (User: )
Description: Aborting

Error: (02/02/2015 00:07:05 AM) (Source: MySQL) (EventID: 100) (User: )
Description: Can't find messagefile 'C:\xampp\mysql\share\errmsg.sys'

Error: (02/02/2015 00:06:59 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service namedreported the following error:
>>>httpd.exe: Syntax error on line 37 of C:/xampp/xampp/apache/conf/httpd.conf: ServerRoot must be a valid directory

Error: (02/01/2015 11:41:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: slpmonx.exe0.2.0.22039904489msvcrt.dll7.0.9600.1638452158ff5c00000050000e1efb6401d03e7034871ff8C:\WINDOWS\SysWOW64\slpmonx.exeC:\WINDOWS\SYSTEM32\msvcrt.dll7c86dca0-aa63-11e4-becf-3423873bf9ca

Error: (02/01/2015 11:41:21 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Aborting

Error: (02/01/2015 11:41:21 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Can't find messagefile 'C:\xampp\mysql\share\errmsg.sys'


CodeIntegrity Errors:
===================================
  Date: 2015-02-02 00:06:59.770
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-02 00:06:59.598
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-02 00:06:32.884
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\hwinterfacex64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-01 23:41:02.477
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-01 23:41:00.742
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-01 23:40:08.924
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\hwinterfacex64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-01 19:56:18.656
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-01 19:56:18.374
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-01 19:55:48.434
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\hwinterfacex64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-01 18:07:46.337
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 22%
Total physical RAM: 12220.02 MB
Available physical RAM: 9446.55 MB
Total Pagefile: 14076.02 MB
Available Pagefile: 10315.04 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:909.97 GB) (Free:451.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:20.08 GB) (Free:1.98 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1E1F4777)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
__________________

Alt 02.02.2015, 16:41   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Es öffnet sich immer ein P****fenster im Browser - Standard

Es öffnet sich immer ein P****fenster im Browser



hi,

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.02.2015, 18:42   #5
Karakal15
 
Es öffnet sich immer ein P****fenster im Browser - Standard

Es öffnet sich immer ein P****fenster im Browser



Hallo,

hier der Scan von Malwarebytes:
mbam.txt:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 02.02.2015
Suchlauf-Zeit: 17:47:40
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.02.03
Rootkit Datenbank: v2015.01.14.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: *****

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 508186
Verstrichene Zeit: 40 Min, 34 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
hier der Scan von AdwCleaner:

AdwCleaner.txt:

Code:
ATTFilter
# AdwCleaner v4.109 - Bericht erstellt am 02/02/2015 um 18:47:14
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : ********
# Gestartet von : C:\Users\*****\Desktop\AdwCleaner_4.109.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v34.0.5 (x86 de)


-\\ Google Chrome v40.0.2214.93


*************************

AdwCleaner[R0].txt - [3293 octets] - [01/02/2015 23:02:43]
AdwCleaner[R1].txt - [966 octets] - [02/02/2015 00:01:56]
AdwCleaner[R2].txt - [1027 octets] - [02/02/2015 18:44:27]
AdwCleaner[S0].txt - [3203 octets] - [01/02/2015 23:05:56]
AdwCleaner[S1].txt - [1026 octets] - [02/02/2015 00:05:36]
AdwCleaner[S2].txt - [950 octets] - [02/02/2015 18:47:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1009 octets] ##########
         

und hier der Scan mit JRT:

JRT.txt:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by ******** on 02.02.2015 at 18:54:29,57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\WINDOWS\wininit.ini"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.02.2015 at 19:08:15,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Danke!

Hab noch die FRST vergessen:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by ******* (administrator) on ****** on 02-02-2015 19:36:30
Running from C:\Users\*****\Desktop
Loaded Profiles: ***********
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Olof Lagerkvist) C:\Windows\System32\imdsksvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(ProdEx Technologies) C:\Windows\SysWOW64\slpservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Windows\System32\valWBFPolicyService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Xerox Corporation) C:\Program Files\Xerox\XeroxPrintExperience\CommonFiles\XeroxPrintJobEventManagerService.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2014-02-03] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [TrayServer] => C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Premium_Sonderedition\TrayServer_de.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2707992 2014-09-03] (Sony Corporation)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [Kies3PDLR.exe] => C:\Program Files (x86)\Samsung\Kies3\FirmwareUpdate\Kies3PDLR.exe [845120 2015-01-14] (Samsung)
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [EPLTarget\P0000000000000002] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILRE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [Amazon Cloud Player] => C:\Users\Wyn\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2014-05-08] ()
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2014-12-29] (SlySoft, Inc.)
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [GoogleChromeAutoLaunch_18C8ADFAF96BD2AADE491DE6AD910887] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-25] (Google Inc.)
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1718536 2014-07-24] (CyberLink Corp.)
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\MountPoints2: F - "F:\Autorun.exe" 
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\MountPoints2: H - "H:\Autorun.exe" 
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\MountPoints2: {d1d19ffd-62d5-11e4-bebf-3423873bf9ca} - "F:\AutoRun.exe" 
HKU\S-1-5-18\...\CurrentVersion\Windows: [Load] ,slpmonx.exe <===== ATTENTION
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Behringer X-UF USB Control Panel.lnk
ShortcutTarget: Behringer X-UF USB Control Panel.lnk -> C:\Program Files\behringer\UsbAudioDriver_XUF\X-UF USB Control Panel.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nach Updates suchen.lnk
ShortcutTarget: Nach Updates suchen.lnk -> C:\Program Files (x86)\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe (PCTV Systems)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartCapture.lnk
ShortcutTarget: SmartCapture.lnk -> C:\Program Files (x86)\Seiko Instruments Inc\Smart Label Printer 7.1.1\slpcap.exe (Seiko Instruments USA Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
Startup: C:\Users\Wyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Wyn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Wyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk
ShortcutTarget: Telegram.lnk -> C:\Users\Wyn\AppData\Roaming\Telegram Win (Unofficial)\Telegram.exe (Telegram Messenger LLP)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4
SearchScopes: HKLM -> {3F9AB413-213D-47E2-9067-C5033A64AA06} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {3F9AB413-213D-47E2-9067-C5033A64AA06} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002 -> {3F9AB413-213D-47E2-9067-C5033A64AA06} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Wyn\AppData\Roaming\Mozilla\Firefox\Profiles\auim9r1r.default
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4126525249-1915814395-1466209751-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Wyn\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll No File
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2014-12-18]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-08-21]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-21]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-08-21]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-08-21]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-08-21]
FF HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-10-31]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "https://www.google.de/"
CHR Profile: C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-03]
CHR Extension: (Google Drive) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-03]
CHR Extension: (Google-Suche) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-03]
CHR Extension: (Kaspersky Protection) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-08-28]
CHR Extension: (Google Kalender) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-02-03]
CHR Extension: (Website Logon) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof [2014-02-03]
CHR Extension: (Premiumize.me) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojbjecfjcnaledoelddkcjlifhhfebm [2014-05-08]
CHR Extension: (Google Wallet) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-03]
CHR Extension: (Google Mail) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-03]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4920104 2014-12-31] (Emsisoft GmbH)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 Apache2.4; C:\xampp\xampp\apache\bin\httpd.exe [22016 2013-11-21] (Apache Software Foundation) [File not signed]
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 ImDskSvc; C:\Windows\system32\imdsksvc.exe [11776 2012-11-02] (Olof Lagerkvist) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129848 2013-02-22] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [180200 2013-02-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-02-22] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 mysql; C:\xampp\xampp\mysql\bin\mysqld.exe [10966528 2014-01-14] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [484888 2014-09-03] (Sony Corporation)
R2 SLPMONX; C:\WINDOWS\SysWOW64\slpservice.exe [32256 2001-10-09] (ProdEx Technologies) [File not signed]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2013-03-19] () [File not signed]
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-02-03] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 XeroxPrintJobEventManagerService; C:\Program Files\Xerox\XeroxPrintExperience\CommonFiles\XeroxPrintJobEventManagerService.exe [238920 2013-12-02] (Xerox Corporation)
S2 FileZillaServer; "C:\xampp\filezillaftp\filezillaserver.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2014-03-08] () [File not signed]
S3 AWEAlloc; C:\Windows\system32\DRIVERS\awealloc.sys [18456 2012-11-02] (Olof Lagerkvist)
R3 azvusb; C:\Windows\System32\drivers\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)
S3 behringer_xuf_usb; C:\Windows\System32\Drivers\behringer_xuf_usb_x64.sys [116416 2013-06-13] (Archwave AG)
S3 behringer_xuf_usb_avs; C:\Windows\System32\Drivers\behringer_xuf_usb_avs_x64.sys [72384 2013-06-13] (Archwave AG)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S2 DLPortIO; C:\Windows\SysWow64\Drivers\DLPortIO.sys [3584 1999-01-10] ()
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows (R) Win 7 DDK provider)
S3 FWLANUSB; C:\Windows\system32\DRIVERS\fwlanusb.sys [459776 2006-07-31] (AVM GmbH)
S1 hwinterfacex64; C:\Windows\System32\Drivers\hwinterfacex64.sys [5632 2014-05-17] (Logix4u) [File not signed]
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-02-13] ()
R2 ImDisk; C:\Windows\system32\DRIVERS\imdisk.sys [39464 2012-11-02] (Olof Lagerkvist)
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-02-13] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-02-13] ()
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [178944 2013-01-28] (ITE                      )
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [142344 2014-10-10] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [771272 2014-10-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2014-03-08] () [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
S3 mod7700; C:\Windows\system32\DRIVERS\mod7700.sys [1159696 2009-07-22] (DiBcom SA)
S3 MODRC; C:\Windows\system32\DRIVERS\modrc.sys [24208 2009-07-22] (DiBcom S.A.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 okdmx31; C:\Windows\System32\Drivers\okdmx31.sys [3712 2014-05-17] () [File not signed]
S3 okdmx31; C:\Windows\SysWOW64\Drivers\okdmx31.sys [3712 2014-05-17] () [File not signed]
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1205872 2014-11-28] (Ralink Technology, Corp.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2014-02-03] (Realsil Semiconductor Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-02-03] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-02-02] ()
S3 BlueletAudio; \SystemRoot\system32\DRIVERS\blueletaudio.sys [X]
S3 BtAudioBusSrv; \SystemRoot\System32\Drivers\BtAudioBus.sys [X]
S3 BthL2caScoIfSrv; \SystemRoot\System32\Drivers\BtL2caScoIf.sys [X]
S3 btUrbFilterDrv; \SystemRoot\System32\Drivers\IvtUrbBtFlt.sys [X]
S3 zlportio; \??\C:\Program Files (x86)\PHOENIXstudios\PC_DIMMER\zlportio.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 19:36 - 2015-02-02 19:36 - 00035743 _____ () C:\Users\***\Desktop\FRST.txt
2015-02-02 19:08 - 2015-02-02 19:23 - 00000674 _____ () C:\Users\***\Desktop\JRT.txt
2015-02-02 18:52 - 2015-02-02 18:52 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-02-02 18:51 - 2015-02-02 18:51 - 00001084 _____ () C:\Users\***\Desktop\AdwCleaner.txt
2015-02-02 18:49 - 2015-02-02 18:49 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2015-02-02 18:43 - 2015-02-02 18:43 - 01707939 _____ (Thisisu) C:\Users\Wyn\Desktop\JRT.exe
2015-02-02 18:41 - 2015-02-02 18:42 - 00001186 _____ () C:\Users\***\Desktop\mbam.txt
2015-02-02 15:14 - 2015-02-02 15:19 - 315521024 _____ () C:\Users\***\Desktop\kav_rescue_10.iso
2015-02-02 11:32 - 2015-02-02 19:36 - 00000000 ____D () C:\FRST
2015-02-02 11:31 - 2015-02-02 11:32 - 02131456 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2015-02-01 23:02 - 2015-02-02 18:47 - 00000000 ____D () C:\AdwCleaner
2015-02-01 22:57 - 2015-02-01 22:57 - 02194432 _____ () C:\Users\***\Desktop\AdwCleaner_4.109.exe
2015-02-01 18:34 - 2015-02-02 18:57 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-01 18:34 - 2015-02-01 18:34 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-01 18:34 - 2015-02-01 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-01 18:34 - 2015-02-01 18:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-01 18:34 - 2015-02-01 18:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-01 18:34 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-01 18:34 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-01 18:34 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-31 23:53 - 2015-01-31 23:53 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-01-31 19:30 - 2015-02-02 18:50 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-01-31 19:21 - 2015-01-31 19:21 - 00009589 _____ () C:\Users\***\AppData\Local\recently-used.xbel
2015-01-24 21:02 - 2015-01-24 21:03 - 11658240 _____ () C:\Users\***\Desktop\SetupAnyDVD7570.exe
2015-01-22 11:35 - 2015-01-22 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2015-01-20 02:52 - 2015-02-02 18:48 - 00003872 _____ () C:\WINDOWS\PFRO.log
2015-01-20 00:43 - 2015-01-20 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
2015-01-20 00:39 - 2015-01-20 00:39 - 06381120 _____ (Tim Kosse) C:\Users\Wyn\Downloads\FileZilla_3.10.0.2_win32-setup.exe
2015-01-18 19:21 - 2015-01-18 22:50 - 17792878 _____ () C:\Users\***\Desktop\Hyper günstig einkaufen.mp4
2015-01-17 15:07 - 2015-01-20 01:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-15 21:29 - 2013-11-12 14:25 - 00091912 _____ (CyberLink) C:\WINDOWS\system32\Drivers\CLVirtualDrive.sys
2015-01-15 16:28 - 2015-01-22 12:24 - 00028089 _____ () C:\WINDOWS\DirectX.log
2015-01-15 16:27 - 2015-01-15 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
2015-01-14 19:10 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 19:10 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 19:10 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 19:10 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 19:10 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 19:10 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 19:10 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 19:10 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 19:10 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 19:10 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 19:10 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 19:10 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 19:10 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 19:10 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 19:10 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 19:10 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 19:10 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 19:10 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 19:10 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 19:10 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 19:10 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 19:10 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 19:10 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 19:10 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 19:10 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 19:10 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 19:10 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 19:10 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 19:10 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 19:10 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 19:10 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-13 16:25 - 2015-01-13 16:25 - 00000000 __SHD () C:\Users\***\AppData\Local\EmieUserList
2015-01-13 16:25 - 2015-01-13 16:25 - 00000000 __SHD () C:\Users\***\AppData\Local\EmieSiteList
2015-01-13 16:25 - 2015-01-13 16:25 - 00000000 __SHD () C:\Users\***\AppData\Local\EmieBrowserModeList
2015-01-10 12:45 - 2015-01-10 12:45 - 00000000 ____D () C:\Users\***\.thumbnails
2015-01-10 12:44 - 2015-01-10 13:03 - 00020480 ___SH () C:\Users\***\Documents\Thumbs.db
2015-01-10 12:28 - 2015-01-31 19:21 - 00000000 ____D () C:\Users\***\.gimp-2.8
2015-01-09 23:51 - 2014-10-13 06:57 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2015-01-09 23:51 - 2014-10-13 06:57 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2015-01-09 23:47 - 2015-01-09 23:47 - 00000000 ____D () C:\Users\***\Documents\SelfMV
2015-01-09 16:03 - 2015-01-09 16:03 - 06388344 _____ (Tim Kosse) C:\Users\Wyn\Downloads\FileZilla_3.10.0_win32-setup.exe
2015-01-09 15:45 - 2015-01-09 22:51 - 00000000 ____D () C:\Users\***\AppData\Roaming\Rechnungsverwalter
2015-01-09 15:45 - 2015-01-09 15:45 - 38940488 _____ () C:\Users\***\Downloads\rv_install_V2.10.31_CB-DL-Manager [1].exe
2015-01-09 15:45 - 2015-01-09 15:45 - 00000000 ____D () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rechnungsverwalter
2015-01-09 15:45 - 2015-01-09 15:45 - 00000000 ____D () C:\Program Files (x86)\Rechnungsverwalter
2015-01-09 15:24 - 2015-01-09 15:24 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-09 15:24 - 2015-01-09 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-07 22:10 - 2015-01-07 22:10 - 00000000 ____D () C:\Users\Wyn\AppData\Roaming\IsolatedStorage
2015-01-07 22:10 - 2015-01-07 22:10 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2015-01-07 22:09 - 2015-01-07 22:09 - 00000000 ____D () C:\Spacekace

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 19:36 - 2014-05-27 10:30 - 01151060 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-02 19:28 - 2014-02-26 16:28 - 00000939 _____ () C:\WINDOWS\Tasks\EPSON XP-510 Series Update {EFBB9A74-580C-4AFB-AE13-713218B4702E}.job
2015-02-02 19:28 - 2014-02-26 16:28 - 00000753 _____ () C:\WINDOWS\Tasks\EPSON XP-510 Series Invitation {EFBB9A74-580C-4AFB-AE13-713218B4702E}.job
2015-02-02 19:27 - 2014-02-03 17:16 - 00001138 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-02 19:17 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-02 19:04 - 2014-08-21 23:16 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-02 19:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-02 18:56 - 2014-10-29 11:29 - 00000000 ____D () C:\Users\***\Documents\Youcam
2015-02-02 18:55 - 2015-01-01 20:36 - 00000285 _____ () C:\WINDOWS\avmcowlan.log
2015-02-02 18:49 - 2015-01-01 20:36 - 00013673 _____ () C:\WINDOWS\setupact.log
2015-02-02 18:49 - 2014-02-03 17:15 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-02 18:49 - 2013-11-24 16:25 - 00034752 _____ () C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
2015-02-02 18:49 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-02 17:13 - 2014-03-21 22:23 - 00000000 ____D () C:\Users\***\AppData\Roaming\vlc
2015-02-02 16:11 - 2014-11-01 21:23 - 00000000 ____D () C:\Users\***\AppData\Roaming\.minecraft
2015-02-01 23:50 - 2014-02-03 17:15 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D926EEEF-D5BD-443A-9301-A49C67598B48}
2015-02-01 23:16 - 2014-02-03 12:02 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4126525249-1915814395-1466209751-1002
2015-02-01 19:55 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-01 18:03 - 2012-08-04 01:02 - 00000000 ____D () C:\SWSetup
2015-02-01 17:58 - 2014-02-03 15:27 - 00000000 ____D () C:\Users\***
2015-02-01 17:56 - 2014-02-03 16:04 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-02-01 17:56 - 2014-02-03 16:04 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-02-01 17:46 - 2014-02-27 11:30 - 01697280 ___SH () C:\Users\***\Desktop\Thumbs.db
2015-02-01 00:13 - 2014-04-10 20:22 - 00000000 ____D () C:\Program Files (x86)\Rise of Nations
2015-01-31 19:22 - 2014-04-30 17:03 - 00000000 ____D () C:\Users\***\AppData\Roaming\FileZilla
2015-01-31 19:22 - 2014-04-30 17:02 - 00002016 _____ () C:\Users\***\Desktop\FileZilla Client.lnk
2015-01-31 19:22 - 2014-04-30 17:02 - 00000000 ____D () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-01-31 19:22 - 2014-04-30 17:02 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2015-01-31 19:21 - 2014-02-23 14:54 - 00000000 ____D () C:\Users\***\AppData\Local\gtk-2.0
2015-01-31 11:40 - 2014-05-10 11:43 - 00000000 ____D () C:\Users\***\Desktop\Premiumize.me
2015-01-30 20:42 - 2014-02-03 17:04 - 00003154 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForWyn
2015-01-30 20:42 - 2014-02-03 17:04 - 00000344 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForWyn.job
2015-01-30 15:16 - 2014-10-19 09:34 - 00000000 ____D () C:\Users\***\Desktop\Findlingshof
2015-01-30 15:09 - 2013-11-14 08:27 - 01984420 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-30 15:09 - 2013-11-14 08:11 - 00843606 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-30 15:09 - 2013-11-14 08:11 - 00192300 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-29 20:42 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-29 19:31 - 2014-02-03 18:03 - 00000000 ____D () C:\Users\***\AppData\Roaming\Skype
2015-01-27 15:28 - 2014-02-03 17:16 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-26 19:00 - 2014-08-23 10:40 - 00000000 ____D () C:\Users\***\Desktop\Bewerbung(en)
2015-01-24 21:58 - 2014-02-03 18:13 - 00000020 ____H () C:\ProgramData\PKP_DLet.DAT
2015-01-24 21:20 - 2014-12-18 19:42 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2014-12-18 19:42 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 21:08 - 2014-02-03 18:13 - 00000020 ____H () C:\ProgramData\PKP_DLev.DAT
2015-01-22 13:41 - 2014-02-03 19:06 - 00000000 ____D () C:\Users\***\Documents\Battlefield 2
2015-01-22 13:37 - 2014-02-03 20:10 - 00000000 ____D () C:\Users\***\Desktop\Abbilder DVD
2015-01-22 12:45 - 2014-02-03 17:59 - 00000000 ____D () C:\Users\***\Desktop\Spiele
2015-01-22 12:31 - 2013-09-27 12:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-20 12:44 - 2013-11-24 16:28 - 00000000 ____D () C:\ProgramData\Temp
2015-01-20 02:52 - 2014-02-03 17:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-20 00:43 - 2014-02-03 18:20 - 00000000 ____D () C:\Program Files (x86)\XMedia Recode
2015-01-20 00:43 - 2014-02-03 17:41 - 00000000 ____D () C:\Users\***\Desktop\Programme
2015-01-15 21:29 - 2013-09-27 11:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-01-15 21:28 - 2014-02-03 13:39 - 00000000 ____D () C:\Users\***\AppData\Roaming\CyberLink
2015-01-15 21:28 - 2013-11-24 16:29 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2015-01-15 16:33 - 2014-06-08 14:55 - 00000000 ____D () C:\Users\***\Documents\Ubisoft
2015-01-15 15:51 - 2014-02-04 00:02 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2015-01-15 15:49 - 2014-09-04 12:30 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-15 14:40 - 2014-02-03 12:32 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-15 14:33 - 2014-02-03 12:32 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-13 16:24 - 2014-03-23 12:09 - 00000000 ____D () C:\Program Files (x86)\JavaEditor
2015-01-12 15:42 - 2014-03-10 15:32 - 00000000 ____D () C:\Users\***\Desktop\Auto
2015-01-10 13:39 - 2014-10-28 21:50 - 00000000 ____D () C:\Users\***\Desktop\VT
2015-01-10 00:04 - 2014-05-18 21:20 - 00000000 ____D () C:\Users\***\AppData\Roaming\dvdcss
2015-01-09 23:51 - 2014-02-24 15:10 - 00000000 ____D () C:\Program Files\SAMSUNG
2015-01-09 23:51 - 2014-02-03 17:46 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-01-09 23:51 - 2014-02-03 16:29 - 00000000 ____D () C:\Users\***\AppData\Local\Downloaded Installations
2015-01-09 15:24 - 2014-02-03 18:03 - 00000000 ____D () C:\ProgramData\Skype
2015-01-09 02:27 - 2014-12-25 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java-Editor
2015-01-05 18:16 - 2014-02-03 20:12 - 00000000 ____D () C:\Users\***\Desktop\Diverses

==================== Files in the root of some directories =======

2014-02-03 18:13 - 2014-02-03 18:13 - 0000268 ___RH () C:\Users\***\AppData\Roaming\Pianos and Keyboards
2014-02-03 18:16 - 2014-02-03 18:16 - 0000268 ___RH () C:\Users\***\AppData\Roaming\Pick Bass
2014-02-03 18:13 - 2014-02-03 18:13 - 0000268 ___RH () C:\Users\***\AppData\Roaming\Pipe Organ
2014-05-17 20:07 - 2014-06-09 19:46 - 0009216 _____ () C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-31 19:21 - 2015-01-31 19:21 - 0009589 _____ () C:\Users\***\AppData\Local\recently-used.xbel
2014-04-03 09:32 - 2014-07-28 15:23 - 0007629 _____ () C:\Users\***\AppData\Local\Resmon.ResmonCfg
2014-05-18 21:36 - 2015-01-01 18:00 - 0000164 ___SH () C:\ProgramData\.zreglib
2014-02-03 18:16 - 2014-02-03 18:16 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2014-02-03 18:13 - 2015-01-24 21:58 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-02-03 18:13 - 2015-01-24 21:08 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2014-02-03 18:13 - 2014-02-03 18:13 - 0000268 ___RH () C:\ProgramData\Plants
2014-02-03 18:16 - 2014-02-03 18:16 - 0000268 ___RH () C:\ProgramData\Plug-In Settings
2014-02-03 18:13 - 2014-02-03 18:13 - 0000268 ___RH () C:\ProgramData\Plug-Ins

Some content of TEMP:
====================
C:\Users\***\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6apvyj.dll
C:\Users\***\AppData\Local\Temp\Execute2App.exe
C:\Users\***\AppData\Local\Temp\Extract.exe
C:\Users\***\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\***\AppData\Local\Temp\msvcp90.dll
C:\Users\***\AppData\Local\Temp\msvcr90.dll
C:\Users\***\AppData\Local\Temp\Quarantine.exe
C:\Users\***\AppData\Local\Temp\SP69393.exe
C:\Users\***\AppData\Local\Temp\sqlite3.dll
C:\Users\***\AppData\Local\Temp\_is657.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-30 15:52

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Alt 03.02.2015, 06:54   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Es öffnet sich immer ein P****fenster im Browser - Standard

Es öffnet sich immer ein P****fenster im Browser



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\S-1-5-18\...\CurrentVersion\Windows: [Load] ,slpmonx.exe <===== ATTENTION
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> Es öffnet sich immer ein P****fenster im Browser

Alt 03.02.2015, 13:48   #7
Karakal15
 
Es öffnet sich immer ein P****fenster im Browser - Standard

Es öffnet sich immer ein P****fenster im Browser



Hi,
ich führe alles durch, der Eset-Scan hat auch was gefunden, aber der löscht das ja nicht, da in den Einstellungen das Häkchen deaktiviert ist, ist das so richtig?

Gruß!

Alt 03.02.2015, 18:18   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Es öffnet sich immer ein P****fenster im Browser - Standard

Es öffnet sich immer ein P****fenster im Browser



Korrekt, einfach das Log mit den Funden posten, ich lösche das dann nachdem ich es gesehen habe
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.02.2015, 19:33   #9
Karakal15
 
Es öffnet sich immer ein P****fenster im Browser - Standard

Es öffnet sich immer ein P****fenster im Browser



Hi,
hier also die Fixlog.txt:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
Ran by ****** at 2015-02-03 10:01:57 Run:1
Running from C:\Users\******\Desktop
Loaded Profiles: ***********
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-18\...\CurrentVersion\Windows: [Load] ,slpmonx.exe <===== ATTENTION
Emptytemp:
*****************

HKU\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully.
EmptyTemp: => Removed 1 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 10:02:57 ====
         
hier die EsetScan-Datei:
Code:
ATTFilter
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=2a5408bfbb3c02469e65436532850c7f
# engine=22281
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-03 01:43:08
# local_time=2015-02-03 02:43:08 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1296 16777213 100 100 20285 27047270 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 6540068 47852281 0 0
# scanned=508887
# found=6
# cleaned=0
# scan_time=15103
sh=23176923CFD6D8414AADECEFF74E3B78EB157C7B ft=1 fh=10ba037dd19f9af6 vn="Win32/Hoax.ArchSMS.ABZ Anwendung" ac=I fn="C:\Users\***\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0 (1).exe"
sh=23176923CFD6D8414AADECEFF74E3B78EB157C7B ft=1 fh=10ba037dd19f9af6 vn="Win32/Hoax.ArchSMS.ABZ Anwendung" ac=I fn="C:\Users\***\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0 (2).exe"
sh=23176923CFD6D8414AADECEFF74E3B78EB157C7B ft=1 fh=10ba037dd19f9af6 vn="Win32/Hoax.ArchSMS.ABZ Anwendung" ac=I fn="C:\Users\***\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0 (3).exe"
sh=23176923CFD6D8414AADECEFF74E3B78EB157C7B ft=1 fh=10ba037dd19f9af6 vn="Win32/Hoax.ArchSMS.ABZ Anwendung" ac=I fn="C:\Users\***\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0 (4).exe"
sh=23176923CFD6D8414AADECEFF74E3B78EB157C7B ft=1 fh=10ba037dd19f9af6 vn="Win32/Hoax.ArchSMS.ABZ Anwendung" ac=I fn="C:\Users\***\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0.exe"
sh=E0C81E71653693E22D517A08C1F85E0A70E2EF06 ft=1 fh=a88c0ff6a9b10e9b vn="Win32/SmartFileAdvisor.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\***\Downloads\Alcohol120_FE_2.0.2.5830_d4fe6cf50585eedace7c0f1d25ce4826.exe"
         
Hier die Security-Check-Datei:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.95  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Emsisoft Anti-Malware         
Kaspersky Internet Security   
Windows Defender              
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java SE Development Kit 8 
 Java-Editor 12.44, 2015.01.08   
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Mozilla Firefox 34.0.5 Firefox out of Date!  
 Mozilla Thunderbird (31.4.0) 
 Google Chrome (40.0.2214.91) 
 Google Chrome (40.0.2214.93) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Emsisoft Anti-Malware a2service.exe   
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Kaspersky Lab Kaspersky Internet Security 15.0.0 plugin-nm-server.exe  
 Kaspersky Lab Kaspersky Internet Security 15.0.0 klwtblfs.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
und dann die frische FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by ***** (administrator) on***** on 03-02-2015 20:22:12
Running from C:\Users\******\Desktop
Loaded Profiles: **********
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Olof Lagerkvist) C:\Windows\System32\imdsksvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(ProdEx Technologies) C:\Windows\SysWOW64\slpservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Windows\System32\valWBFPolicyService.exe
(Xerox Corporation) C:\Program Files\Xerox\XeroxPrintExperience\CommonFiles\XeroxPrintJobEventManagerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IARNLRE.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
() C:\Users\***\Desktop\SecurityCheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_25\bin\javaw.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2014-02-03] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [TrayServer] => C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Premium_Sonderedition\TrayServer_de.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2707992 2014-09-03] (Sony Corporation)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [Kies3PDLR.exe] => C:\Program Files (x86)\Samsung\Kies3\FirmwareUpdate\Kies3PDLR.exe [845120 2015-01-14] (Samsung)
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [EPLTarget\P0000000000000002] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILRE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [Amazon Cloud Player] => C:\Users\***\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2014-05-08] ()
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2014-12-29] (SlySoft, Inc.)
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [GoogleChromeAutoLaunch_18C8ADFAF96BD2AADE491DE6AD910887] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-25] (Google Inc.)
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1718536 2014-07-24] (CyberLink Corp.)
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\MountPoints2: F - "F:\Autorun.exe" 
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\MountPoints2: H - "H:\Autorun.exe" 
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\MountPoints2: {d1d19ffd-62d5-11e4-bebf-3423873bf9ca} - "F:\AutoRun.exe" 
HKU\S-1-5-18\...\CurrentVersion\Windows: [Load] ,slpmonx.exe <===== ATTENTION
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Behringer X-UF USB Control Panel.lnk
ShortcutTarget: Behringer X-UF USB Control Panel.lnk -> C:\Program Files\behringer\UsbAudioDriver_XUF\X-UF USB Control Panel.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nach Updates suchen.lnk
ShortcutTarget: Nach Updates suchen.lnk -> C:\Program Files (x86)\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe (PCTV Systems)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartCapture.lnk
ShortcutTarget: SmartCapture.lnk -> C:\Program Files (x86)\Seiko Instruments Inc\Smart Label Printer 7.1.1\slpcap.exe (Seiko Instruments USA Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk
ShortcutTarget: Telegram.lnk -> C:\Users\***\AppData\Roaming\Telegram Win (Unofficial)\Telegram.exe (Telegram Messenger LLP)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4
SearchScopes: HKLM -> {3F9AB413-213D-47E2-9067-C5033A64AA06} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {3F9AB413-213D-47E2-9067-C5033A64AA06} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002 -> {3F9AB413-213D-47E2-9067-C5033A64AA06} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\auim9r1r.default
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4126525249-1915814395-1466209751-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\***\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll No File
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2014-12-18]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-08-21]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-21]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-08-21]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-08-21]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-08-21]
FF HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-10-31]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "https://www.google.de/"
CHR Profile: C:\Users\***\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-03]
CHR Extension: (Google Drive) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-03]
CHR Extension: (Google-Suche) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-03]
CHR Extension: (Kaspersky Protection) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-08-28]
CHR Extension: (Google Kalender) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-02-03]
CHR Extension: (Website Logon) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof [2014-02-03]
CHR Extension: (Premiumize.me) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojbjecfjcnaledoelddkcjlifhhfebm [2014-05-08]
CHR Extension: (Google Wallet) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-03]
CHR Extension: (Google Mail) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-03]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4920104 2014-12-31] (Emsisoft GmbH)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 Apache2.4; C:\xampp\xampp\apache\bin\httpd.exe [22016 2013-11-21] (Apache Software Foundation) [File not signed]
S2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 ImDskSvc; C:\Windows\system32\imdsksvc.exe [11776 2012-11-02] (Olof Lagerkvist) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129848 2013-02-22] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [180200 2013-02-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-02-22] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 mysql; C:\xampp\xampp\mysql\bin\mysqld.exe [10966528 2014-01-14] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [484888 2014-09-03] (Sony Corporation)
R2 SLPMONX; C:\WINDOWS\SysWOW64\slpservice.exe [32256 2001-10-09] (ProdEx Technologies) [File not signed]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2013-03-19] () [File not signed]
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-02-03] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 XeroxPrintJobEventManagerService; C:\Program Files\Xerox\XeroxPrintExperience\CommonFiles\XeroxPrintJobEventManagerService.exe [238920 2013-12-02] (Xerox Corporation)
S2 FileZillaServer; "C:\xampp\filezillaftp\filezillaserver.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2014-03-08] () [File not signed]
S3 AWEAlloc; C:\Windows\system32\DRIVERS\awealloc.sys [18456 2012-11-02] (Olof Lagerkvist)
R3 azvusb; C:\Windows\System32\drivers\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)
S3 behringer_xuf_usb; C:\Windows\System32\Drivers\behringer_xuf_usb_x64.sys [116416 2013-06-13] (Archwave AG)
S3 behringer_xuf_usb_avs; C:\Windows\System32\Drivers\behringer_xuf_usb_avs_x64.sys [72384 2013-06-13] (Archwave AG)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S2 DLPortIO; C:\Windows\SysWow64\Drivers\DLPortIO.sys [3584 1999-01-10] ()
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows (R) Win 7 DDK provider)
S3 FWLANUSB; C:\Windows\system32\DRIVERS\fwlanusb.sys [459776 2006-07-31] (AVM GmbH)
S1 hwinterfacex64; C:\Windows\System32\Drivers\hwinterfacex64.sys [5632 2014-05-17] (Logix4u) [File not signed]
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-02-13] ()
R2 ImDisk; C:\Windows\system32\DRIVERS\imdisk.sys [39464 2012-11-02] (Olof Lagerkvist)
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-02-13] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-02-13] ()
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [178944 2013-01-28] (ITE                      )
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [142344 2014-10-10] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [771272 2014-10-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2014-03-08] () [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
S3 mod7700; C:\Windows\system32\DRIVERS\mod7700.sys [1159696 2009-07-22] (DiBcom SA)
S3 MODRC; C:\Windows\system32\DRIVERS\modrc.sys [24208 2009-07-22] (DiBcom S.A.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 okdmx31; C:\Windows\System32\Drivers\okdmx31.sys [3712 2014-05-17] () [File not signed]
S3 okdmx31; C:\Windows\SysWOW64\Drivers\okdmx31.sys [3712 2014-05-17] () [File not signed]
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1205872 2014-11-28] (Ralink Technology, Corp.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2014-02-03] (Realsil Semiconductor Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-02-03] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-02-03] ()
S3 BlueletAudio; \SystemRoot\system32\DRIVERS\blueletaudio.sys [X]
S3 BtAudioBusSrv; \SystemRoot\System32\Drivers\BtAudioBus.sys [X]
S3 BthL2caScoIfSrv; \SystemRoot\System32\Drivers\BtL2caScoIf.sys [X]
S3 btUrbFilterDrv; \SystemRoot\System32\Drivers\IvtUrbBtFlt.sys [X]
S3 zlportio; \??\C:\Program Files (x86)\PHOENIXstudios\PC_DIMMER\zlportio.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 20:22 - 2015-02-03 20:22 - 00036171 _____ () C:\Users\***\Desktop\FRST.txt
2015-02-03 18:41 - 2015-02-03 18:48 - 00000000 ____D () C:\Users\***\Desktop\minecrafti_3127
2015-02-03 18:21 - 2015-02-03 18:21 - 02307793 _____ () C:\Users\***\Desktop\Wald6.jpeg
2015-02-03 17:27 - 2015-02-03 17:27 - 00001326 _____ () C:\Users\***\Desktop\checkup.txt
2015-02-03 14:54 - 2015-02-03 14:54 - 00852573 _____ () C:\Users\***\Desktop\SecurityCheck.exe
2015-02-03 10:10 - 2015-02-03 10:10 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-03 10:09 - 2015-02-03 10:10 - 02347384 _____ (ESET) C:\Users\***\Desktop\esetsmartinstaller_deu.exe
2015-02-03 10:05 - 2015-02-03 10:05 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2015-02-02 18:52 - 2015-02-02 18:52 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-02-02 18:43 - 2015-02-02 18:43 - 01707939 _____ (Thisisu) C:\Users\***\Desktop\JRT.exe
2015-02-02 15:14 - 2015-02-02 15:19 - 315521024 _____ () C:\Users\***\Desktop\kav_rescue_10.iso
2015-02-02 11:32 - 2015-02-03 20:22 - 00000000 ____D () C:\FRST
2015-02-02 11:31 - 2015-02-02 11:32 - 02131456 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2015-02-01 23:02 - 2015-02-02 18:47 - 00000000 ____D () C:\AdwCleaner
2015-02-01 22:57 - 2015-02-01 22:57 - 02194432 _____ () C:\Users\***\Desktop\AdwCleaner_4.109.exe
2015-02-01 18:34 - 2015-02-03 19:01 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-01 18:34 - 2015-02-01 18:34 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-01 18:34 - 2015-02-01 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-01 18:34 - 2015-02-01 18:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-01 18:34 - 2015-02-01 18:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-01 18:34 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-01 18:34 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-01 18:34 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-31 23:53 - 2015-01-31 23:53 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-01-31 19:30 - 2015-02-03 19:34 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-01-31 19:21 - 2015-01-31 19:21 - 00009589 _____ () C:\Users\***\AppData\Local\recently-used.xbel
2015-01-24 21:02 - 2015-01-24 21:03 - 11658240 _____ () C:\Users\***\Desktop\SetupAnyDVD7570.exe
2015-01-22 11:35 - 2015-01-22 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2015-01-20 02:52 - 2015-02-03 10:04 - 00004200 _____ () C:\WINDOWS\PFRO.log
2015-01-20 00:43 - 2015-01-20 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
2015-01-20 00:39 - 2015-01-20 00:39 - 06381120 _____ (Tim Kosse) C:\Users\***\Downloads\FileZilla_3.10.0.2_win32-setup.exe
2015-01-18 19:21 - 2015-01-18 22:50 - 17792878 _____ () C:\Users\***\Desktop\Hyper günstig einkaufen.mp4
2015-01-17 15:07 - 2015-01-20 01:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-15 21:29 - 2013-11-12 14:25 - 00091912 _____ (CyberLink) C:\WINDOWS\system32\Drivers\CLVirtualDrive.sys
2015-01-15 16:28 - 2015-01-22 12:24 - 00028089 _____ () C:\WINDOWS\DirectX.log
2015-01-15 16:27 - 2015-01-15 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
2015-01-14 19:10 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 19:10 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 19:10 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 19:10 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 19:10 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 19:10 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 19:10 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 19:10 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 19:10 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 19:10 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 19:10 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 19:10 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 19:10 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 19:10 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 19:10 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 19:10 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 19:10 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 19:10 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 19:10 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 19:10 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 19:10 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 19:10 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 19:10 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 19:10 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 19:10 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 19:10 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 19:10 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 19:10 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 19:10 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 19:10 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 19:10 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-13 16:25 - 2015-01-13 16:25 - 00000000 __SHD () C:\Users\***\AppData\Local\EmieUserList
2015-01-13 16:25 - 2015-01-13 16:25 - 00000000 __SHD () C:\Users\***\AppData\Local\EmieSiteList
2015-01-13 16:25 - 2015-01-13 16:25 - 00000000 __SHD () C:\Users\***\AppData\Local\EmieBrowserModeList
2015-01-10 12:45 - 2015-01-10 12:45 - 00000000 ____D () C:\Users\***\.thumbnails
2015-01-10 12:44 - 2015-01-10 13:03 - 00020480 ___SH () C:\Users\***\Documents\Thumbs.db
2015-01-10 12:28 - 2015-01-31 19:21 - 00000000 ____D () C:\Users\***\.gimp-2.8
2015-01-09 23:51 - 2014-10-13 06:57 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2015-01-09 23:51 - 2014-10-13 06:57 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2015-01-09 23:47 - 2015-01-09 23:47 - 00000000 ____D () C:\Users\***\Documents\SelfMV
2015-01-09 16:03 - 2015-01-09 16:03 - 06388344 _____ (Tim Kosse) C:\Users\***\Downloads\FileZilla_3.10.0_win32-setup.exe
2015-01-09 15:45 - 2015-01-09 22:51 - 00000000 ____D () C:\Users\***\AppData\Roaming\Rechnungsverwalter
2015-01-09 15:45 - 2015-01-09 15:45 - 38940488 _____ () C:\Users\***\Downloads\rv_install_V2.10.31_CB-DL-Manager [1].exe
2015-01-09 15:45 - 2015-01-09 15:45 - 00000000 ____D () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rechnungsverwalter
2015-01-09 15:45 - 2015-01-09 15:45 - 00000000 ____D () C:\Program Files (x86)\Rechnungsverwalter
2015-01-09 15:24 - 2015-01-09 15:24 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-09 15:24 - 2015-01-09 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-07 22:10 - 2015-01-07 22:10 - 00000000 ____D () C:\Users\***\AppData\Roaming\IsolatedStorage
2015-01-07 22:10 - 2015-01-07 22:10 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2015-01-07 22:09 - 2015-01-07 22:09 - 00000000 ____D () C:\Spacekace

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 20:20 - 2014-11-01 21:23 - 00000000 ____D () C:\Users\***\AppData\Roaming\.minecraft
2015-02-03 20:18 - 2014-04-30 17:03 - 00000000 ____D () C:\Users\***\AppData\Roaming\FileZilla
2015-02-03 20:07 - 2014-05-27 10:30 - 01403129 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-03 20:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-03 19:28 - 2014-02-26 16:28 - 00000939 _____ () C:\WINDOWS\Tasks\EPSON XP-510 Series Update {EFBB9A74-580C-4AFB-AE13-713218B4702E}.job
2015-02-03 19:28 - 2014-02-26 16:28 - 00000753 _____ () C:\WINDOWS\Tasks\EPSON XP-510 Series Invitation {EFBB9A74-580C-4AFB-AE13-713218B4702E}.job
2015-02-03 19:27 - 2014-02-03 17:16 - 00001138 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 19:07 - 2014-02-03 17:15 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D926EEEF-D5BD-443A-9301-A49C67598B48}
2015-02-03 18:49 - 2014-02-03 12:02 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4126525249-1915814395-1466209751-1002
2015-02-03 18:21 - 2014-02-27 11:30 - 01847296 ___SH () C:\Users\***\Desktop\Thumbs.db
2015-02-03 17:43 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-03 17:37 - 2015-01-01 20:36 - 00000285 _____ () C:\WINDOWS\avmcowlan.log
2015-02-03 17:26 - 2015-01-01 20:36 - 00014597 _____ () C:\WINDOWS\setupact.log
2015-02-03 15:29 - 2014-02-03 17:16 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-03 10:20 - 2014-08-21 23:16 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-03 10:16 - 2013-11-14 08:27 - 01984420 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-03 10:16 - 2013-11-14 08:11 - 00843606 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-03 10:16 - 2013-11-14 08:11 - 00192300 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-03 10:13 - 2014-10-29 11:29 - 00000000 ____D () C:\Users\***\Documents\Youcam
2015-02-03 10:05 - 2014-02-03 17:15 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 10:05 - 2013-11-24 16:25 - 00034752 _____ () C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
2015-02-03 10:04 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-03 10:03 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-02 17:13 - 2014-03-21 22:23 - 00000000 ____D () C:\Users\***\AppData\Roaming\vlc
2015-02-01 18:03 - 2012-08-04 01:02 - 00000000 ____D () C:\SWSetup
2015-02-01 17:58 - 2014-02-03 15:27 - 00000000 ____D () C:\Users\***
2015-02-01 17:56 - 2014-02-03 16:04 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-02-01 17:56 - 2014-02-03 16:04 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-02-01 00:13 - 2014-04-10 20:22 - 00000000 ____D () C:\Program Files (x86)\Rise of Nations
2015-01-31 19:22 - 2014-04-30 17:02 - 00002016 _____ () C:\Users\***\Desktop\FileZilla Client.lnk
2015-01-31 19:22 - 2014-04-30 17:02 - 00000000 ____D () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-01-31 19:22 - 2014-04-30 17:02 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2015-01-31 19:21 - 2014-02-23 14:54 - 00000000 ____D () C:\Users\***\AppData\Local\gtk-2.0
2015-01-31 11:40 - 2014-05-10 11:43 - 00000000 ____D () C:\Users\***\Desktop\Premiumize.me
2015-01-30 20:42 - 2014-02-03 17:04 - 00003154 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleFor***
2015-01-30 20:42 - 2014-02-03 17:04 - 00000344 _____ () C:\WINDOWS\Tasks\HPCeeScheduleFor***.job
2015-01-30 15:16 - 2014-10-19 09:34 - 00000000 ____D () C:\Users\***\Desktop\Findlingshof
2015-01-29 20:42 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-29 19:31 - 2014-02-03 18:03 - 00000000 ____D () C:\Users\***\AppData\Roaming\Skype
2015-01-26 19:00 - 2014-08-23 10:40 - 00000000 ____D () C:\Users\***\Desktop\Bewerbung(en)
2015-01-24 21:58 - 2014-02-03 18:13 - 00000020 ____H () C:\ProgramData\PKP_DLet.DAT
2015-01-24 21:20 - 2014-12-18 19:42 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2014-12-18 19:42 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 21:08 - 2014-02-03 18:13 - 00000020 ____H () C:\ProgramData\PKP_DLev.DAT
2015-01-22 13:41 - 2014-02-03 19:06 - 00000000 ____D () C:\Users\***\Documents\Battlefield 2
2015-01-22 13:37 - 2014-02-03 20:10 - 00000000 ____D () C:\Users\***\Desktop\Abbilder DVD
2015-01-22 12:45 - 2014-02-03 17:59 - 00000000 ____D () C:\Users\***\Desktop\Spiele
2015-01-22 12:31 - 2013-09-27 12:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-20 12:44 - 2013-11-24 16:28 - 00000000 ____D () C:\ProgramData\Temp
2015-01-20 02:52 - 2014-02-03 17:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-20 00:43 - 2014-02-03 18:20 - 00000000 ____D () C:\Program Files (x86)\XMedia Recode
2015-01-20 00:43 - 2014-02-03 17:41 - 00000000 ____D () C:\Users\***\Desktop\Programme
2015-01-15 21:29 - 2013-09-27 11:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-01-15 21:28 - 2014-02-03 13:39 - 00000000 ____D () C:\Users\***\AppData\Roaming\CyberLink
2015-01-15 21:28 - 2013-11-24 16:29 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2015-01-15 16:33 - 2014-06-08 14:55 - 00000000 ____D () C:\Users\***\Documents\Ubisoft
2015-01-15 15:51 - 2014-02-04 00:02 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2015-01-15 15:49 - 2014-09-04 12:30 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-15 14:40 - 2014-02-03 12:32 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-15 14:33 - 2014-02-03 12:32 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-13 16:24 - 2014-03-23 12:09 - 00000000 ____D () C:\Program Files (x86)\JavaEditor
2015-01-12 15:42 - 2014-03-10 15:32 - 00000000 ____D () C:\Users\***\Desktop\Auto
2015-01-10 13:39 - 2014-10-28 21:50 - 00000000 ____D () C:\Users\***\Desktop\VT
2015-01-10 00:04 - 2014-05-18 21:20 - 00000000 ____D () C:\Users\***\AppData\Roaming\dvdcss
2015-01-09 23:51 - 2014-02-24 15:10 - 00000000 ____D () C:\Program Files\SAMSUNG
2015-01-09 23:51 - 2014-02-03 17:46 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-01-09 23:51 - 2014-02-03 16:29 - 00000000 ____D () C:\Users\***\AppData\Local\Downloaded Installations
2015-01-09 15:24 - 2014-02-03 18:03 - 00000000 ____D () C:\ProgramData\Skype
2015-01-09 02:27 - 2014-12-25 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java-Editor
2015-01-05 18:16 - 2014-02-03 20:12 - 00000000 ____D () C:\Users\***\Desktop\Diverses

==================== Files in the root of some directories =======

2014-02-03 18:13 - 2014-02-03 18:13 - 0000268 ___RH () C:\Users\***\AppData\Roaming\Pianos and Keyboards
2014-02-03 18:16 - 2014-02-03 18:16 - 0000268 ___RH () C:\Users\***\AppData\Roaming\Pick Bass
2014-02-03 18:13 - 2014-02-03 18:13 - 0000268 ___RH () C:\Users\***\AppData\Roaming\Pipe Organ
2014-05-17 20:07 - 2014-06-09 19:46 - 0009216 _____ () C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-31 19:21 - 2015-01-31 19:21 - 0009589 _____ () C:\Users\***\AppData\Local\recently-used.xbel
2014-04-03 09:32 - 2014-07-28 15:23 - 0007629 _____ () C:\Users\***\AppData\Local\Resmon.ResmonCfg
2014-05-18 21:36 - 2015-01-01 18:00 - 0000164 ___SH () C:\ProgramData\.zreglib
2014-02-03 18:16 - 2014-02-03 18:16 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2014-02-03 18:13 - 2015-01-24 21:58 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-02-03 18:13 - 2015-01-24 21:08 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2014-02-03 18:13 - 2014-02-03 18:13 - 0000268 ___RH () C:\ProgramData\Plants
2014-02-03 18:16 - 2014-02-03 18:16 - 0000268 ___RH () C:\ProgramData\Plug-In Settings
2014-02-03 18:13 - 2014-02-03 18:13 - 0000268 ___RH () C:\ProgramData\Plug-Ins

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-30 15:52

==================== End Of Log ============================
         
--- --- ---


Das Problem trat momentan nicht mehr auf, manchmal trat das aber nur selten auf, ich würde einfach mal ein bisschen abwarten...

Ansonsten schon einmal vielen Dank!
Falls es nicht zu viel ausmacht, würdest Du mir noch erklären was Du genau gemacht hast?
Ein bisschen kann ich Quelltext und Logs auch lesen, ich habe jetzt eigtl. nur verstanden, dass Du die temporären Dateien gelöscht hast und eine Windows-Datei überschrieben, ist das richtig?

Ich starte bald auch eine Ausbildung zum Fachinformatiker, deshalb interessiert mich sowas...

Danke nocheinmal und das Forum wird von mir auf jeden Fall empfohlen, egal wie das Ergebnis sein sollte!

P.S. meinen Benutzernamen habe ich so gründlich wie möglich entfernt, ist natürlich nur dafür, dass nicht jeder den sieht... Falls Du den für Pfadangaben brauchst, schicke ich ihn dir per PN...

Alt 04.02.2015, 17:45   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Es öffnet sich immer ein P****fenster im Browser - Standard

Es öffnet sich immer ein P****fenster im Browser



Java und Firefox updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\***\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0 (1).exe

C:\Users\***\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0 (2).exe

C:\Users\***\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0 (3).exe

C:\Users\***\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0 (4).exe

C:\Users\***\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0.exe

C:\Users\***\Downloads\Alcohol120_FE_2.0.2.5830_d4fe6cf50585eedace7c0f1d25ce4826.exe
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Wir haben im Großen und Ganzen nur Adware entfernt. TEste mal und berichte wieder
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.02.2015, 13:24   #11
Karakal15
 
Es öffnet sich immer ein P****fenster im Browser - Standard

Es öffnet sich immer ein P****fenster im Browser



Hi,
hab die Pfade ersetzt durch meinen Username, daher nun folgendes Ergebnis in der Fixlog:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2015
Ran by **** at 2015-02-04 18:55:37 Run:3
Running from C:\Users\****\Desktop
Loaded Profiles: **** (Available profiles: **** & Papa & Gast)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\****\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0 (1).exe

C:\Users\****\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0 (2).exe

C:\Users\****\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0 (3).exe

C:\Users\****\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0 (4).exe

C:\Users\****\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0.exe

C:\Users\****\Downloads\Alcohol120_FE_2.0.2.5830_d4fe6cf50585eedace7c0f1d25ce4826.exe
*****************

C:\Users\****\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0 (1).exe => Moved successfully.
C:\Users\****\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0 (2).exe => Moved successfully.
C:\Users\****\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0 (3).exe => Moved successfully.
C:\Users\****\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0 (4).exe => Moved successfully.
C:\Users\****\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0.exe => Moved successfully.
C:\Users\****\Downloads\Alcohol120_FE_2.0.2.5830_d4fe6cf50585eedace7c0f1d25ce4826.exe => Moved successfully.

==== End of Fixlog 18:55:38 ====
         

Bis jetzt ist das Problem übrigens nicht mehr aufgetaucht, ich hoffe das bleibt auch so, aber vielen Dank!

Gruß!

Alt 05.02.2015, 14:01   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Es öffnet sich immer ein P****fenster im Browser - Standard

Es öffnet sich immer ein P****fenster im Browser



Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Es öffnet sich immer ein P****fenster im Browser
backups, browser, einstellungen, einträge, fenster, forum, gefahr, gelöscht, geändert, hoffe, klicke, laufen, links, malwarebytes, merkwürdige, neuaufsetzen, problem, programme, programmen, registry, router, webseite, wegbekomme, werte, ändern, öffnet



Ähnliche Themen: Es öffnet sich immer ein P****fenster im Browser


  1. Windows 8 - schwarzes Fenster öffnet sich immer wieder kurz sobald ich im Internet bin
    Log-Analyse und Auswertung - 18.09.2015 (5)
  2. Chrome öffnet sich von alleine und öffnet dann Popup Fenster
    Log-Analyse und Auswertung - 08.03.2015 (11)
  3. Browser mit ADs verseucht + immer neue Fenster
    Log-Analyse und Auswertung - 22.01.2015 (7)
  4. Chrome Browser öffnet fenster
    Log-Analyse und Auswertung - 06.01.2015 (33)
  5. Browser öffnet ständig leere Fenster
    Plagegeister aller Art und deren Bekämpfung - 28.06.2014 (21)
  6. Beim surfen öffnet sich immer ein leeres Fenster! Hab ich ein Trojaner auf meinem PC?
    Plagegeister aller Art und deren Bekämpfung - 24.12.2013 (12)
  7. Windows 7, bei Firefox öffnet sich ab und an graues Fenster und bei geschlossenem browser kommt die website von Survey Monkey Powered Online
    Log-Analyse und Auswertung - 21.11.2013 (9)
  8. Browser öffnet Fenster im Hintergrund
    Log-Analyse und Auswertung - 27.06.2013 (17)
  9. Task Manager geht nicht mehr, Browser öffnet Internetseite, cmd-Fenster öffnet sich bei Start
    Log-Analyse und Auswertung - 19.06.2013 (8)
  10. Browser öffnet immer ebay, Neuer Tag immer Babylon
    Log-Analyse und Auswertung - 26.09.2012 (1)
  11. iexplore.exe Prozess öffnet sich immer wieder. (Kein Fenster)
    Plagegeister aller Art und deren Bekämpfung - 04.12.2011 (4)
  12. Beim Start öffnet sich immer kurz ein scwarzes fenster + Opera öffnet immer eine Seite
    Log-Analyse und Auswertung - 06.06.2011 (10)
  13. IE öffnet immer mal ein neues Fenster!
    Plagegeister aller Art und deren Bekämpfung - 22.11.2010 (6)
  14. Fenster öffnet sich immer wieder mit Werbung
    Plagegeister aller Art und deren Bekämpfung - 12.10.2010 (2)
  15. Internet-Explorer öffnet sich automatisch und dann immer mehr Fenster..
    Log-Analyse und Auswertung - 30.06.2008 (9)
  16. öffnet immer neue Fenster
    Log-Analyse und Auswertung - 06.04.2008 (11)
  17. IE öffnet immer mehrneue Fenster
    Log-Analyse und Auswertung - 20.01.2008 (1)

Zum Thema Es öffnet sich immer ein P****fenster im Browser - Hallo! In meiner Verzweiflung bin ich nun auf dieses Forum gestoßen. Ich schildere mal mein Problem: Bei mir öffnet sich, immer wenn ich auf Links klicke (egal welche Webseite) ein - Es öffnet sich immer ein P****fenster im Browser...
Archiv
Du betrachtest: Es öffnet sich immer ein P****fenster im Browser auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.