Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 8: Zwei Trojaner im selben Ordner, alles sicher?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 23.03.2015, 22:37   #1
Massenmensch
 
Windows 8: Zwei Trojaner im selben Ordner, alles sicher? - Standard

Windows 8: Zwei Trojaner im selben Ordner, alles sicher?



Guten Abend, Nacht, wie auch immer!

Also mein Problem: Ich bin mir nicht sicher, ob Panda meine Trojaner richtig entfernt hat. Es werden mir 2 Generic.gen und ein C.IA Trojaner angezeigt, beide mit der Meldung "gelöscht" (seltsamerweise alle im selben Ordner). Jetzt bin ich mir eben nicht sicher, ob alles entfernt wurde, oder ob das nur so aussieht, ich hatte nämlich (soweit ich weiß) vorher noch keine Bekanntschaft mit Trojanern gemacht und kenne mich mit Spyware und Co. auch nicht wirklich aus... Einfach formulieren müsst ihr eure Antworten deshalb nicht, ich denke so weit bin ich schon in Sachen Computer bewandert.

Danke aber schon mal jetzt für eure Antwort(en)...


~~~Hier die Logs~~~
-DeFogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:00 on 23/03/2015 (******)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
-
Der warnte mich nicht zum Neustart, was ich ein bisschen seltsam fand...
-----
FRST:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by ****** (administrator) on ******S-PC on 23-03-2015 22:02:27
Running from C:\Users\******\Desktop
Loaded Profiles: ****** (Available profiles: ****** & Administrator & Gast)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Leap Motion, Inc.) C:\Program Files (x86)\Leap Motion\Core Services\LeapSvc64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
() C:\Program Files (x86)\Skiller Pro\Monitor.EXE
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Remote Control Server] => C:\Program Files (x86)\Remote Control Server\Remote Control Server.exe [5159424 2015-01-19] (Steppschuh)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-02] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-11-01] (Microsoft Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ContentTransferWMDetector.exe] => C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe [583016 2009-11-19] (Sony Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-06-23] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2020704 2014-08-05] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1960336 2014-09-02] ()
HKLM-x32\...\Run: [FileZilla Server Interface] => C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe [2448896 2014-09-19] (FileZilla Project)
HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Skiller Pro] => C:\Program Files (x86)\Skiller Pro\Monitor.exe [475136 2014-02-26] ()
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-02-17] (LogMeIn Inc.)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [Speech Recognition] => C:\WINDOWS\Speech\Common\sapisvr.exe [44032 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [RssReader] => C:\Program Files (x86)\RssReader\RssReader.exe [1077248 2004-04-04] (Ykoon)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [Leap Control Panel] => C:\Program Files (x86)\Leap Motion\Core Services\LeapControlPanel.exe [3625808 2015-02-20] (Leap Motion, Inc.)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [Spotify Web Helper] => C:\Users\******\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-11] (Spotify Ltd)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [Spotify] => C:\Users\******\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-11] (Spotify Ltd)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [Google Update] => C:\Users\******\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-05-09] (Google Inc.)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [Clownfish] => C:\Program Files (x86)\Clownfish\Clownfish.exe [1313536 2014-04-01] (Bogdan Sharkov)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-07] (Samsung)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [Remote Mouse] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [2042880 2014-08-25] (RemoteMouse.net)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [spotimote] => C:\Program Files (x86)\spotimote\spotimote.exe [2830248 2014-10-08] ()
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31346784 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [GoogleChromeAutoLaunch_D781C9BFB3A3BA37CC3EB8921F5CCF82] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-14] (Google Inc.)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [DellSystemDetect] => C:\Users\******\AppData\Local\Apps\2.0\LLG9VHQ8.GH9\KO4XLBTX.AGH\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe [276776 2015-01-11] (Dell)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-14] (Google Inc.)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\devolo Cockpit.lnk
ShortcutTarget: devolo Cockpit.lnk -> C:\Program Files (x86)\devolo\dlan\frontend\plcnetui.exe ( )
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Identitaetsabfrage.bat ()
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MAGIX Video deluxe 2014.lnk
ShortcutTarget: MAGIX Video deluxe 2014.lnk -> C:\Program Files (x86)\MAGIX\Video deluxe 2014\Videodeluxe.exe (MAGIX Software GmbH)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0ujSI71XNij6XDeVTlMzu3v1nTicPInFt8MMITDhEmuaulDXmT3GdVLsok__v0Xui2S9xghVYrToeEJNY46DtWQAXfvHO-wj9TlcLakOdU8n0vOrtf2_yGPF7pZaoJsw,,&q={searchTerms}
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.amaizingsearches.info/?l=1&q={searchTerms}&pid=377&r=2014/04/07&hid=5936879317086436134&lg=EN&cc=DE&unqvl=51
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.amaizingsearches.info/?l=1&q={searchTerms}&pid=377&r=2014/04/07&hid=5936879317086436134&lg=EN&cc=DE&unqvl=51
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0ujSI71XNij6XDeVTlMzu3v1nTicPInFt8MMITDhEmuaulDXmT3GdVLsok__v0Xui2S9xghVYrToeEJNY46DtWQAXfvHO-wj9TlcLakOdU8n0vOrtf2_yGPF7pZaoJsw,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1481936226-3761452550-2346937436-1002 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3324427&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPAF1B23EF-781D-48EC-96E7-10E4407318A0&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1481936226-3761452550-2346937436-1002 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-1481936226-3761452550-2346937436-1002 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://pandasecurity.mystart.com/results.php?pr=vmn&gen=ms&id=pandasecuritytb&v=4_2&idate=2015-02-08&ent=ch_664&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1481936226-3761452550-2346937436-1002 -> {B4364FC7-BB80-4056-A87B-DBC5A26B5C36} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2014-10-17] ()
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-12-16] (Adblock Plus)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2014-09-02] (Wondershare)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-01-13] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll [2014-10-17] ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-13] (Oracle Corporation)
BHO-x32: FlowSurf -> {E3F1CA13-EA0E-4617-8D03-3EAA6A94A7E0} -> C:\Program Files (x86)\Flowsurf\FlowSurf.dll [2013-10-16] (FlowSurf Inc.)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-12-16] (Adblock Plus)
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2014-10-17] ()
Toolbar: HKLM-x32 - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll [2014-10-17] ()
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ynwd5408.default
FF SearchEngineOrder.1: Google.at
FF Homepage: https://www.google.de/
FF Keyword.URL: https://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-08] ()
FF Plugin: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-01] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-13] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-02-20] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-01] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1481936226-3761452550-2346937436-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\******\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-1481936226-3761452550-2346937436-1002: @talk.google.com/O1DPlugin -> C:\Users\******\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-1481936226-3761452550-2346937436-1002: @tools.google.com/Google Update;version=3 -> C:\Users\******\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin HKU\S-1-5-21-1481936226-3761452550-2346937436-1002: @tools.google.com/Google Update;version=9 -> C:\Users\******\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin HKU\S-1-5-21-1481936226-3761452550-2346937436-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\******\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-06] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\******\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\******\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF SearchPlugin: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ynwd5408.default\searchplugins\youtube-videosuche.xml [2014-08-30]
FF Extension: Avira Browser Safety - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ynwd5408.default\Extensions\abs@avira.com [2015-03-02]
FF Extension: FireFTP - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ynwd5408.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-01-16]
FF Extension: Deutsch (DE) Language Pack - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ynwd5408.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2015-01-16]
FF Extension: Deutsch (DE) Language Pack - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ynwd5408.default\Extensions\langpack-de@Waterfox.mozilla.org.xpi [2014-08-30]
FF Extension: Session Manager - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ynwd5408.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-10-31]
FF Extension: Adblock Plus - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ynwd5408.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-16]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2014-09-11]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "https://www.google.de/", "hxxp://websearch.amaizingsearches.info/?pid=377&r=2014/04/07&hid=5936879317086436134&lg=EN&cc=DE&unqvl=51", "hxxp://google.com/", "hxxp://google.de/", "https://de.search.yahoo.com/?type=937811&fr=yo-yhp-ch"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\******\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-04-07]
CHR Extension: (YouTube) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-07]
CHR Extension: (Berlin Events) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopbgcbccpbkbficacifdijmlpdnddkf [2014-04-07]
CHR Extension: (Adblock Plus) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-17]
CHR Extension: (Google Search) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-07]
CHR Extension: (Session Buddy) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2014-04-07]
CHR Extension: (Floating YouTube Extension) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\egncdnniomonjgpjbapalkckojhkfddk [2014-11-12]
CHR Extension: (Yahoo!) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdhbkaahephniejapepaiggngjnedpci [2015-02-09]
CHR Extension: (Show Frame) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmgcfdnagjkihmgjhbiombjdcgckgnb [2015-01-18]
CHR Extension: (Google Keep - notes and lists) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-04-07]
CHR Extension: (ProxMate) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifalmiidchkjjmkkbkoaibpmoeichmki [2014-05-13]
CHR Extension: (Floating YouTube™) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjphmlaoffndcnecccgemfdaaoighkel [2014-11-12]
CHR Extension: (FullStream) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkchcbdilffpbpkknniliidiflhbagkl [2015-01-23]
CHR Extension: (Open Frame) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdhjgkkaacdhdioocfbpmhjidbinfajj [2015-01-18]
CHR Extension: (Wetter Berlin) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\klefihnmmfkcaoeebemdmeebbfdhlknm [2014-04-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-20]
CHR Extension: (Twitch Now) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk [2015-01-23]
CHR Extension: (Google Wallet) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-29]
CHR Extension: (Gmail) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-07]
CHR HKLM-x32\...\Chrome\Extension: [fdhbkaahephniejapepaiggngjnedpci] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iijmpjamifmplbakhgikofogdfackici] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com.crx [2014-09-11]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\******\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-01-25]
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-11-01] (Microsoft Corp.)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [406288 2014-06-23] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-06-23] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-06-23] (BlueStack Systems, Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2014-03-01] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2552528 2015-01-30] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201424 2015-01-30] (Dell Inc.)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3736520 2015-01-29] (devolo AG)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [772608 2014-09-19] (FileZilla Project) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
S3 GSService; C:\WINDOWS\SysWOW64\GSService.exe [444640 2014-07-28] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
R2 LeapService; C:\Program Files (x86)\Leap Motion\Core Services\LeapSvc64.exe [10083840 2015-02-20] (Leap Motion, Inc.) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-02-16] (LogMeIn, Inc.)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-31] (Electronic Arts)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 panda_url_filtering; C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe [296760 2014-09-19] (Panda Security)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1924328 2014-09-18] (SoftThinks SAS)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-02-19] (Dell Inc.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87736 2014-04-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]
S3 McAWFwk; C:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [X]
S2 McOobeSv2; "C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-06-23] (BlueStack Systems)
S3 CCUSBMIDI; C:\Windows\System32\Drivers\ccusbmid.sys [26624 2012-02-24] (CASIO COMPUTER CO., LTD.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-02-17] (LogMeIn Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
S3 MP4ConverterAudio; C:\Windows\system32\drivers\MP4ConverterAudio.sys [36064 2014-07-28] (Windows (R) Win 7 DDK provider)
S3 NdisImPlatformMp; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [126464 2014-10-29] (Microsoft Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [47360 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2015-01-29] (CACE Technologies)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 panda_url_filteringd; C:\ProgramData\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-19] (Visicom Media Inc.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-23 22:02 - 2015-03-23 22:03 - 00042414 _____ () C:\Users\******\Desktop\FRST.txt
2015-03-23 22:00 - 2015-03-23 22:02 - 00000476 _____ () C:\Users\******\Desktop\defogger_disable.log
2015-03-23 21:58 - 2015-03-23 22:02 - 00000000 ____D () C:\FRST
2015-03-23 21:58 - 2015-03-23 21:58 - 00000000 _____ () C:\Users\******\defogger_reenable
2015-03-23 21:57 - 2015-03-23 21:57 - 00050477 _____ () C:\Users\******\Desktop\Defogger.exe
2015-03-23 21:55 - 2015-03-23 21:55 - 02095616 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2015-03-23 21:54 - 2015-03-23 21:54 - 00380416 _____ () C:\Users\******\Desktop\k501derz.exe
2015-03-23 21:39 - 2015-03-23 21:40 - 01203488 _____ () C:\Users\******\Downloads\Regin Scanner - CHIP-Installer.exe
2015-03-23 18:14 - 2015-03-23 18:14 - 00001325 _____ () C:\Users\Public\Desktop\River-Simulator 2012 - Demo.lnk
2015-03-23 18:14 - 2015-03-23 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\River-Simulator 2012 - Demo
2015-03-23 18:13 - 2015-03-23 18:13 - 00000000 ____D () C:\Program Files (x86)\River-Simulator 2012 - Demo
2015-03-23 18:06 - 2015-03-23 18:06 - 00000000 ____D () C:\Users\******\Tracing
2015-03-23 17:47 - 2014-03-25 14:15 - 00060400 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2015-03-22 14:08 - 2015-03-04 22:24 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-22 14:08 - 2015-03-04 22:24 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-22 10:31 - 2015-03-22 10:55 - 00000000 ____D () C:\Users\******\AppData\Roaming\Rettungswagen Simulator 2014 Demo
2015-03-22 10:31 - 2015-03-22 10:32 - 00000000 ____D () C:\Users\******\Documents\Rettungswagen Simulator 2014 Demo
2015-03-22 10:31 - 2015-03-22 10:31 - 00000000 ____D () C:\ProgramData\RTWS2014DEMO
2015-03-22 10:28 - 2015-03-22 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rettungswagen Simulator 2014 Demo
2015-03-22 10:22 - 2015-03-22 10:28 - 00000000 ____D () C:\Program Files (x86)\Rettungswagen Simulator 2014 Demo
2015-03-22 10:21 - 2015-03-22 10:27 - 218461259 _____ () C:\Users\******\Downloads\Schiff-Simulator2012-Demo_Setup.zip
2015-03-22 10:01 - 2015-03-22 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Schwebebahn-Simulator 2013 Demo
2015-03-22 10:00 - 2015-03-22 10:00 - 00000000 ____D () C:\Program Files (x86)\rondomedia
2015-03-22 09:52 - 2015-03-22 09:55 - 179712052 _____ () C:\Users\******\Downloads\Schwebebahn-Simulator2013_simuwelt_Demo Setup.zip
2015-03-22 09:51 - 2015-03-22 10:11 - 1682428100 _____ () C:\Users\******\Downloads\rtws2014-demo-1.0a.zip
2015-03-22 09:19 - 2015-03-22 09:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Airport Simulator 2013 Demo
2015-03-22 09:19 - 2015-03-22 09:19 - 00000000 ____D () C:\Program Files (x86)\Airport Simulator 2013 Demo
2015-03-22 09:18 - 2015-03-22 09:18 - 50171380 _____ () C:\Users\******\Downloads\Airport-Simulator2013_simuwelt_Demo.zip
2015-03-21 21:19 - 2015-03-21 21:19 - 00000000 ____D () C:\Users\******\AppData\Roaming\Open Rails
2015-03-21 20:42 - 2015-03-21 20:42 - 00001082 _____ () C:\Users\Public\Desktop\Open Rails.lnk
2015-03-21 20:42 - 2015-03-21 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open Rails
2015-03-21 20:42 - 2015-03-21 20:42 - 00000000 ____D () C:\Program Files (x86)\Open Rails
2015-03-21 20:41 - 2015-03-21 20:41 - 23850158 _____ (Open Rails ) C:\Users\******\Downloads\setup_OR_pre-v1.0_from_download.exe
2015-03-21 20:20 - 2015-03-21 20:39 - 00000000 ____D () C:\Users\******\AppData\Local\Loksim3D
2015-03-21 20:20 - 2015-03-21 20:34 - 00000000 ____D () C:\Program Files (x86)\Loksim3D
2015-03-21 20:20 - 2015-03-21 20:25 - 00000000 ____D () C:\Users\Public\Documents\Loksim3D
2015-03-21 20:20 - 2015-03-21 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Loksim3D
2015-03-21 20:15 - 2015-03-21 20:17 - 120920998 _____ () C:\Users\******\Downloads\Setup-Loksim3D-2-9-1.zip
2015-03-21 20:14 - 2015-03-21 20:14 - 00373824 _____ () C:\Users\******\Downloads\Setup-Loksim3D-2-9-1_CB-DL-Manager.exe
2015-03-21 15:12 - 2015-03-21 15:24 - 436138144 _____ (MAGIX Software GmbH) C:\Users\******\Downloads\music_maker_2015_dlv_chip_de_20140827_13-38.exe
2015-03-20 20:25 - 2015-03-13 16:38 - 00622224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-03-20 20:22 - 2015-03-13 20:41 - 32114888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 25460880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 24775368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 20466376 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 18580512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 17258024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 16022016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 14121624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 13297144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 13210080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 10775080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 10715864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 10262160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-03-20 20:22 - 2015-03-13 20:41 - 03611792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 03303448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 03249352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 02906928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 01896136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434788.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434788.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 00997856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 00970384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 00944784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 00930448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 00909512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 00878328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 00354112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 00306208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 00178512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 00164568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 00032456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2015-03-20 20:22 - 2015-03-13 20:41 - 00027441 _____ () C:\WINDOWS\system32\nvinfo.pb
2015-03-11 07:39 - 2015-03-06 03:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-11 07:39 - 2015-03-06 03:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-03-11 07:39 - 2015-02-26 00:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-11 07:39 - 2015-02-04 00:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-11 07:39 - 2015-02-04 00:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-11 07:39 - 2015-02-04 00:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-11 07:39 - 2015-02-03 00:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-11 07:39 - 2015-02-03 00:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-03-11 07:39 - 2015-01-31 00:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-03-11 07:39 - 2015-01-31 00:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-03-11 07:39 - 2015-01-29 02:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-03-11 07:39 - 2015-01-29 02:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-03-11 07:39 - 2015-01-27 04:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-03-11 07:39 - 2015-01-24 02:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-03-11 07:39 - 2015-01-23 08:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-03-11 07:39 - 2015-01-23 06:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-03-11 07:38 - 2015-02-20 04:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-03-11 07:38 - 2015-02-20 03:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-03-11 07:38 - 2015-02-20 03:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-03-11 07:38 - 2015-02-20 03:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-03-11 07:38 - 2015-02-07 00:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-11 07:38 - 2015-02-06 02:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-03-11 07:38 - 2015-02-06 02:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-03-11 07:38 - 2015-02-05 21:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-03-11 07:38 - 2015-02-03 01:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-03-11 07:38 - 2015-02-03 01:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-03-11 07:38 - 2015-01-31 00:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-03-11 07:38 - 2015-01-30 04:01 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-03-11 07:38 - 2015-01-30 03:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-03-11 07:38 - 2015-01-30 03:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-03-11 07:38 - 2015-01-30 03:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-03-11 07:38 - 2015-01-30 02:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-03-11 07:38 - 2015-01-30 02:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-03-11 07:38 - 2015-01-30 02:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-03-11 07:38 - 2015-01-30 02:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-03-11 07:38 - 2015-01-30 02:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-03-11 07:38 - 2015-01-30 02:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-03-11 07:38 - 2015-01-30 02:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-03-11 07:38 - 2015-01-30 02:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-03-11 07:38 - 2015-01-30 02:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-03-11 07:38 - 2015-01-30 02:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-03-11 07:38 - 2015-01-29 02:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-11 07:38 - 2015-01-29 02:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-03-11 07:38 - 2015-01-29 02:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-03-11 07:38 - 2015-01-29 02:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-11 07:38 - 2015-01-29 01:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-03-11 07:38 - 2015-01-29 01:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-03-11 07:38 - 2015-01-29 01:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-03-11 07:38 - 2015-01-29 01:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-03-11 07:38 - 2015-01-28 16:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-11 07:38 - 2015-01-28 16:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-11 07:38 - 2015-01-28 16:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-03-11 07:38 - 2015-01-28 03:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-03-11 07:38 - 2015-01-28 02:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-03-11 07:38 - 2015-01-27 05:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-11 07:38 - 2015-01-27 03:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-11 07:37 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-11 07:37 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-11 07:37 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-11 07:37 - 2015-02-21 01:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-03-11 07:37 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-11 07:37 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-11 07:37 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-11 07:37 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-11 07:37 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-11 07:37 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-11 07:37 - 2015-02-20 03:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-11 07:37 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-11 07:37 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-11 07:37 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-11 07:37 - 2015-02-20 03:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-11 07:37 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-03-11 07:37 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-11 07:37 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-11 07:37 - 2015-02-20 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-11 07:37 - 2015-02-20 02:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-03-11 07:37 - 2015-02-20 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-11 07:37 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-11 07:37 - 2015-02-20 02:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-11 07:37 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-11 07:37 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-11 07:37 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-11 07:37 - 2015-02-20 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-03-11 07:37 - 2015-02-20 02:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-11 07:37 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-11 07:37 - 2015-02-20 02:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-03-11 07:37 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-11 07:37 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-11 07:37 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-11 07:37 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-11 07:37 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-03-11 07:37 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-11 07:37 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-03-11 07:37 - 2015-02-12 18:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-11 07:37 - 2015-02-12 18:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-11 07:37 - 2015-02-08 00:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-03-11 07:37 - 2015-02-08 00:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-03-11 07:37 - 2015-01-29 19:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-11 07:37 - 2015-01-29 19:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-11 07:37 - 2015-01-28 02:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-11 07:37 - 2015-01-28 02:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-11 07:37 - 2015-01-28 00:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-03-11 07:37 - 2015-01-28 00:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-03-11 07:37 - 2015-01-21 06:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-11 07:37 - 2015-01-21 06:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-03-11 07:37 - 2014-12-11 06:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-03-11 07:02 - 2015-03-11 07:02 - 01142192 _____ () C:\WINDOWS\Minidump\031115-35765-01.dmp
2015-03-10 18:31 - 2015-03-10 18:32 - 00166935 _____ () C:\Users\******\Downloads\xape.rar
2015-03-08 19:31 - 2015-03-08 19:38 - 00000000 ____D () C:\Users\******\Desktop\Chips
2015-03-07 12:04 - 2015-03-07 21:17 - 00000000 ____D () C:\Users\******\AppData\Local\LogMeIn Hamachi
2015-03-07 12:02 - 2015-03-07 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-03-07 12:02 - 2015-03-07 12:02 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-03-06 19:06 - 2015-03-23 18:19 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1481936226-3761452550-2346937436-1002
2015-03-06 18:55 - 2015-03-06 18:55 - 00000000 ___HD () C:\WINDOWS\AxInstSV
2015-03-06 16:00 - 2015-03-06 16:31 - 4225595392 _____ () C:\Users\******\Downloads\Windows10_TechnicalPreview_x64_DE-DE_9926 (1).iso
2015-03-05 20:04 - 2015-03-05 20:04 - 00001134 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2015-03-05 20:04 - 2015-03-05 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-03-05 20:04 - 2015-03-05 20:04 - 00000000 ____D () C:\Program Files\Oracle
2015-03-05 20:04 - 2015-03-02 15:20 - 00922168 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2015-03-05 20:04 - 2015-03-02 15:18 - 00128592 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2015-03-05 20:01 - 2015-03-05 20:01 - 01203488 _____ () C:\Users\******\Downloads\VirtualBox - CHIP-Installer.exe
2015-03-02 15:18 - 2015-03-02 15:18 - 00204264 _____ (Oracle Corporation) C:\WINDOWS\system32\VBoxNetFltNobj.dll
2015-03-02 15:18 - 2015-03-02 15:18 - 00156360 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetFlt.sys
2015-03-02 15:18 - 2015-03-02 15:18 - 00141440 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetAdp.sys
2015-03-01 19:12 - 2015-03-01 19:12 - 00063769 _____ () C:\Users\******\Desktop\Bigband Konzert.odt
2015-02-28 15:13 - 2015-02-28 20:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sigel
2015-02-28 15:11 - 2015-02-28 15:11 - 01203488 _____ () C:\Users\******\Downloads\Visitenkarten in 2 Minuten - CHIP-Installer.exe
2015-02-28 08:56 - 2015-02-28 08:56 - 00001312 _____ () C:\Users\Public\Desktop\Leap Motion App Home.lnk
2015-02-28 08:56 - 2015-02-28 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leap Motion
2015-02-25 15:28 - 2013-09-30 16:26 - 00019152 ____N () C:\WINDOWS\system32\pwdrvio.sys
2015-02-25 15:28 - 2013-09-30 16:26 - 00012504 ____N () C:\WINDOWS\system32\pwdspio.sys
2015-02-25 15:14 - 2015-01-14 11:28 - 03066880 _____ () C:\WINDOWS\system32\pwNative.exe
2015-02-25 15:12 - 2015-02-25 15:14 - 00000000 ____D () C:\Program Files (x86)\MiniTool Partition Wizard Free 9.0
2015-02-25 15:12 - 2015-02-25 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Free 9.0
2015-02-25 15:10 - 2015-02-25 15:10 - 01203488 _____ () C:\Users\******\Downloads\Partition Wizard Home Edition - CHIP-Installer.exe
2015-02-25 14:49 - 2015-02-25 15:08 - 00000000 ____D () C:\Backup
2015-02-25 06:58 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-25 06:58 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-24 18:00 - 2015-02-24 18:05 - 239433883 _____ () C:\Users\******\Downloads\cm12.0_golden.nova.20150214.ODIN_TWRP.zip
2015-02-24 17:32 - 2015-02-24 17:32 - 11029139 _____ () C:\Users\******\Downloads\CWM_6.0.4.5_Spec-Assert_fixed.zip
2015-02-23 16:48 - 2015-02-23 16:48 - 01192075 _____ () C:\Users\******\Desktop\UPDATE-SuperSU-v1.51.zip
2015-02-23 16:39 - 2010-08-27 05:32 - 00069120 _____ (Nokia) C:\WINDOWS\system32\nmwcdclsx64.dll
2015-02-23 16:38 - 2015-02-23 16:38 - 00000000 ____D () C:\Program Files\SAMSUNG
2015-02-23 16:19 - 2015-02-23 16:20 - 01203488 _____ () C:\Users\******\Downloads\Odin3 - CHIP-Installer.exe
2015-02-23 16:15 - 2015-02-23 16:16 - 01203488 _____ () C:\Users\******\Downloads\I8190XXAMA1_I8190OXAAMA1_4.1.2_rooted_by_infected_V2 - CHIP-Installer.exe
2015-02-21 11:38 - 2015-02-21 11:38 - 00000000 ____D () C:\Users\******\Documents\BeamNG.drive
2015-02-21 11:37 - 2015-02-21 11:38 - 00000000 ____D () C:\Users\******\Desktop\BeamNG-Techdemo-v2
2015-02-21 11:35 - 2015-02-21 11:36 - 181003643 _____ () C:\Users\******\Downloads\BeamNG-Techdemo-v2.1.zip
2015-02-21 10:56 - 2015-02-23 16:14 - 00002248 _____ () C:\Users\******\Desktop\lückenbestücken.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-23 22:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-23 21:58 - 2014-01-17 23:09 - 00000000 ____D () C:\Users\******
2015-03-23 21:57 - 2015-02-08 21:52 - 00001148 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1481936226-3761452550-2346937436-1002UA.job
2015-03-23 21:57 - 2015-02-08 21:52 - 00001096 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1481936226-3761452550-2346937436-1002Core.job
2015-03-23 21:50 - 2014-10-12 15:15 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-23 21:32 - 2013-12-29 09:07 - 00000000 ____D () C:\Users\******\AppData\Roaming\Skype
2015-03-23 21:23 - 2015-02-08 22:18 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-23 21:10 - 2014-09-13 18:10 - 00000308 _____ () C:\WINDOWS\Tasks\DLL-Files FixerASKUSER.job
2015-03-23 20:04 - 2014-01-17 23:05 - 01980046 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-23 18:06 - 2013-12-29 09:07 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-23 18:06 - 2013-12-29 09:07 - 00000000 ____D () C:\ProgramData\Skype
2015-03-23 18:02 - 2014-01-18 07:24 - 00000000 ___DO () C:\Users\******\SkyDrive
2015-03-23 17:56 - 2013-12-12 11:05 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-03-23 17:51 - 2014-03-06 20:28 - 00007650 _____ () C:\WINDOWS\system32\debug.log
2015-03-23 17:51 - 2013-11-14 08:27 - 00006882 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-23 17:51 - 2013-11-14 08:11 - 00897846 _____ () C:\WINDOWS\system32\perfh007.dat
2015-03-23 17:51 - 2013-11-14 08:11 - 00211324 _____ () C:\WINDOWS\system32\perfc007.dat
2015-03-23 17:48 - 2015-02-08 22:18 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-23 17:47 - 2014-05-01 14:02 - 00041459 _____ () C:\WINDOWS\setupact.log
2015-03-23 17:47 - 2014-01-17 23:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-23 17:47 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-23 14:00 - 2015-02-08 22:22 - 00000000 ____D () C:\ProgramData\panda_url_filtering
2015-03-22 19:34 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-22 14:07 - 2013-08-22 15:44 - 05363216 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-22 14:05 - 2014-04-29 20:40 - 00703610 _____ () C:\WINDOWS\PFRO.log
2015-03-22 14:04 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-22 14:01 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-22 14:01 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-22 14:01 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-22 14:01 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-22 14:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-22 14:01 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-22 14:01 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-22 10:27 - 2014-05-14 19:39 - 00134580 _____ () C:\WINDOWS\DirectX.log
2015-03-22 10:20 - 2013-12-25 19:29 - 00000000 ____D () C:\Users\******\Desktop\Spiele
2015-03-21 21:22 - 2014-09-13 20:22 - 00000330 _____ () C:\WINDOWS\Tasks\DLL-Files.Com Fixer_Updates.job
2015-03-21 20:20 - 2014-03-01 09:35 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-21 19:52 - 2014-03-18 15:09 - 00000000 ____D () C:\Users\Public\Documents\MAGIX
2015-03-21 19:51 - 2014-03-18 15:08 - 00000000 ____D () C:\ProgramData\MAGIX
2015-03-21 19:51 - 2014-03-17 19:39 - 00000000 ____D () C:\Users\******\AppData\Roaming\MAGIX
2015-03-21 19:50 - 2014-03-18 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2015-03-21 19:43 - 2014-03-18 15:08 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2015-03-21 19:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Help
2015-03-20 20:26 - 2014-03-18 20:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-20 20:26 - 2013-12-12 11:06 - 00000000 ____D () C:\Temp
2015-03-20 20:24 - 2014-01-17 23:05 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-20 20:12 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-20 20:03 - 2013-12-29 13:51 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-20 19:54 - 2014-02-20 16:01 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-20 19:46 - 2013-12-29 13:51 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-16 20:47 - 2014-02-20 17:21 - 00000000 ____D () C:\Users\******\Documents\Schule
2015-03-13 17:16 - 2015-01-23 16:27 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-03-13 17:16 - 2014-03-18 20:10 - 01099408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-03-13 17:16 - 2014-01-17 23:05 - 06861968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-03-13 17:16 - 2014-01-17 23:05 - 03526856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-03-13 17:16 - 2014-01-17 23:05 - 02559808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-03-13 17:16 - 2014-01-17 23:05 - 00935056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-03-13 17:16 - 2014-01-17 23:05 - 00386248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-03-13 17:16 - 2014-01-17 23:05 - 00075976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-03-11 14:10 - 2014-01-17 23:05 - 04246327 _____ () C:\WINDOWS\system32\nvcoproc.bin
2015-03-11 07:25 - 2015-01-31 22:57 - 00000000 ____D () C:\Users\******\Desktop\Musik Handy
2015-03-11 07:05 - 2014-04-03 19:49 - 00000000 ____D () C:\Users\******\AppData\Roaming\Spotify
2015-03-11 07:02 - 2014-02-06 23:08 - 00000000 ____D () C:\WINDOWS\Minidump
2015-03-11 07:01 - 2014-04-09 13:20 - 545536433 _____ () C:\WINDOWS\MEMORY.DMP
2015-03-08 19:44 - 2014-03-16 19:45 - 00000000 ____D () C:\Users\******\AppData\Roaming\Audacity
2015-03-08 19:44 - 2013-12-31 15:22 - 00000000 ____D () C:\Users\******\AppData\Roaming\vlc
2015-03-07 12:19 - 2014-02-14 18:08 - 00000000 ____D () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-03-07 12:15 - 2014-02-14 17:59 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-07 11:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-03-07 10:47 - 2014-02-12 15:26 - 00000000 ____D () C:\Users\******\AppData\Local\Airspace
2015-03-07 10:35 - 2014-07-04 21:41 - 00000000 ____D () C:\Users\******\.VirtualBox
2015-03-06 18:30 - 2015-02-09 22:01 - 00000424 ____H () C:\WINDOWS\Tasks\{E4175FC2-DAAC-4D63-8D2B-F2A64AA7BD2C}.job
2015-03-06 18:10 - 2014-07-04 21:41 - 00000000 ____D () C:\Users\******\VirtualBox VMs
2015-03-06 16:23 - 2014-04-03 19:51 - 00000000 ____D () C:\Users\******\AppData\Local\Spotify
2015-03-04 21:22 - 2014-09-13 20:22 - 00000314 _____ () C:\WINDOWS\Tasks\DLL-Files.Com Fixer_MONTHLY.job
2015-02-28 10:01 - 2013-06-26 23:19 - 00000000 ____D () C:\dell
2015-02-28 08:56 - 2014-04-29 20:42 - 00108968 _____ () C:\WINDOWS\DPINST.LOG
2015-02-28 08:56 - 2014-02-12 15:24 - 00000000 ____D () C:\Program Files (x86)\Leap Motion
2015-02-25 18:29 - 2014-05-29 14:20 - 00000000 ____D () C:\ProgramData\Origin
2015-02-25 15:12 - 2014-05-29 14:20 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-24 17:31 - 2014-02-20 22:45 - 00000382 _____ () C:\Users\******\Desktop\MASSE STICK (D) - Verknüpfung.lnk
2015-02-23 16:39 - 2014-08-16 10:54 - 00000000 ____D () C:\Program Files (x86)\Samsung

==================== Files in the root of some directories =======

2014-05-16 17:14 - 2014-05-16 17:14 - 0000132 _____ () C:\Users\******\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen
2014-07-04 21:27 - 2014-07-04 22:43 - 1177208 _____ () C:\Users\******\AppData\Roaming\AndyCleanupTool.exe
2014-07-04 21:27 - 2014-07-04 22:43 - 1176696 _____ () C:\Users\******\AppData\Roaming\AndyCleanVM.exe
2014-09-13 18:19 - 2014-09-13 18:19 - 0000000 _____ () C:\Users\******\AppData\Roaming\gdfw.log
2014-09-13 18:19 - 2014-09-13 18:19 - 0000779 _____ () C:\Users\******\AppData\Roaming\gdscan.log
2014-01-07 20:56 - 2014-01-07 20:56 - 0000095 _____ () C:\Users\******\AppData\Local\fusioncache.dat
2014-05-04 12:47 - 2014-05-04 12:47 - 0001546 _____ () C:\Users\******\AppData\Local\RecConfig.xml
2014-09-02 15:37 - 2014-09-02 15:37 - 0000896 _____ () C:\Users\******\AppData\Local\recently-used.xbel
2014-04-06 06:20 - 2014-10-17 21:55 - 0007599 _____ () C:\Users\******\AppData\Local\resmon.resmoncfg
2013-12-12 11:05 - 2013-12-12 11:05 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-12-12 11:01 - 2013-12-12 11:02 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-12-12 11:03 - 2013-12-12 11:04 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-12-12 11:01 - 2013-12-12 11:01 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-12-12 11:04 - 2013-12-12 11:05 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Files to move or delete:
====================
C:\Windows\Tasks\{E4175FC2-DAAC-4D63-8D2B-F2A64AA7BD2C}.job


Some content of TEMP:
====================
C:\Users\******\AppData\Local\Temp\avgnt.exe
C:\Users\******\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\******\AppData\Local\Temp\CreativeCloudSet-Up.exe
C:\Users\******\AppData\Local\Temp\dateinj01.dll
C:\Users\******\AppData\Local\Temp\drm_dialogs.dll
C:\Users\******\AppData\Local\Temp\drm_dyndata_7400008.dll
C:\Users\******\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\******\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\******\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\******\AppData\Local\Temp\mgxoschk.dll
C:\Users\******\AppData\Local\Temp\MgxVistaTools.dll
C:\Users\******\AppData\Local\Temp\npp.6.7.4.Installer.exe
C:\Users\******\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\******\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\******\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\******\AppData\Local\Temp\nvStInst.exe
C:\Users\******\AppData\Local\Temp\sdanircmdc.exe
C:\Users\******\AppData\Local\Temp\sdapskill.exe
C:\Users\******\AppData\Local\Temp\sdaspwn.exe
C:\Users\******\AppData\Local\Temp\SkypeSetup.exe
C:\Users\******\AppData\Local\Temp\tmd_34015596.exe
C:\Users\******\AppData\Local\Temp\unwise.exe
C:\Users\******\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\******\AppData\Local\Temp\xmlUpdater.exe
C:\Users\******\AppData\Local\Temp\_is3400.exe
C:\Users\******\AppData\Local\Temp\{98FE302D-7ADF-468E-BD7F-C22045491D76}.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-30 14:19

==================== End Of Log ============================
         
...und die dazugehörige Addition ... dann im nächsten Beitrag...

Alt 23.03.2015, 22:40   #2
Massenmensch
 
Windows 8: Zwei Trojaner im selben Ordner, alles sicher? - Standard

Windows 8: Zwei Trojaner im selben Ordner, alles sicher?



~~~Fortsetzung~~~
Hier also die Additional von FRST:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by ****** at 2015-03-23 22:03:50
Running from C:\Users\******\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {5FD6C936-849B-5CE2-14BA-709E1D6FD1DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Antivirus Pro 2015 (Enabled - Up to date) {E4B728D2-A2A1-536C-2E0A-4BEC66E89B67}
FW: Panda Firewall (Enabled) {67ED4813-CEF4-5DBA-3FE5-D9ABE3BC96A1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Tools for .Net 3.5 - DEU Lang Pack (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
 Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adblock Plus für IE (32-Bit- und 64-Bit) (HKLM\...\{E407C8D7-09C6-4056-BFAD-68C5FD8340F0}) (Version: 1.3 - Eyeo GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.0.447 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Airport Simulator 2013 Demo Version 1.0 (HKLM-x32\...\{67F30877-CBBB-425C-9511-93181EFB8F08}_is1) (Version: 1.0 - rondomedia)
Andy 0.22 (HKLM\...\{8ACC085C-9691-470F-8552-7ACB64985DAA}_is1) (Version: 0.22 - GreatFruit)
ANDY OS (HKLM\...\ANDY OS) (Version: 1.1 - andyroid.net)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AutoHotkey 1.1.13.01 (HKLM\...\AutoHotkey) (Version: 1.1.13.01 - Lexikos)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
AzureTools.Notifications.VwdExpress (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Bandicam (HKLM-x32\...\Bandicam) (Version: 1.9.4.505 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Banished 1.0 (HKLM-x32\...\Banished 1.0) (Version: 1.0 - Cat-A-Cat)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.347.0 - Microsoft Corporation)
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 DEU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Windows Phone 8.0 (x32 Version: 3.0.30924.0 - Microsoft Corporation) Hidden
Blender (HKLM\...\Blender) (Version: 2.70a - Blender Foundation)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.11.3116 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{80194F84-21CE-44CF-A46E-38D8CE448856}) (Version: 0.8.11.3116 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build Tools - amd64 (Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Bus-Simulator 2008 Demo (HKLM-x32\...\Bus-Simulator 2008 Demo_is1) (Version:  - astragon Software GmbH)
Casio SMF Conveter (HKLM-x32\...\InstallShield_{4AF6FE63-53AB-4D03-A4D0-8D42AC0A7856}) (Version: 1.00.0000 - Your Company Name)
Casio SMF Conveter (x32 Version: 1.00.0000 - Your Company Name) Hidden
Citybus Simulator Munich Demo (HKLM-x32\...\{B5778FF8-CCE7-4C57-A8CE-C87D3E42D748}) (Version: 1.23 - aerosoft)
Clownfish for Skype (HKLM-x32\...\Clownfish) (Version:  - )
Complemento do Microsoft Report Viewer para Visual Studio 2013 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Complemento Microsoft Report Viewer para Visual Studio 2013 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Compon. agg. Microsoft Report Viewer per Visual Studio 2013 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Content Transfer (HKLM-x32\...\{CFADE4AF-C0CF-4A04-A776-741318F1658F}) (Version: 1.3.0.23190 - Sony Corporation)
CorsixTH 0.40 (HKLM-x32\...\CorsixTH) (Version: 0.40 - CorsixTH Team)
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.63 - Dell Inc.)
Dell Data Vault (Version: 4.1.9.0 - Dell Inc.) Hidden
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.52 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.1.56462 - Dell)
Dell System Detect - 1  (HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\73f463568823ebbe) (Version: 5.13.0.1 - Dell)
Dell System Detect (HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\9204f5692a8faf3b) (Version: 5.4.0.4 - Dell)
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 10.0 - Dell)
Deponia - The Complete Journey (HKLM-x32\...\Deponia The Complete Journey) (Version: 3.0 - Daedalic Entertainment)
Deponia – The Puzzle (HKLM-x32\...\Deponia – The Puzzle_is1) (Version: 1.0 - Daedalic Entertainment)
Devenv-Ressourcen für Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
devolo Cockpit (HKLM-x32\...\dlancockpit) (Version: 4.3.0.0 - devolo AG)
DIE SIEDLER - Das Erbe der Könige - Gold Edition (HKLM-x32\...\{E08DE897-B6AF-4DFF-9E90-131E80C876B4}) (Version: 1.00.0000 - Blue Byte)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.4.83.1010 - Electronic Arts Inc.)
Die Sims™ 4 Erstelle einen Sim-Demo (HKLM-x32\...\{6908ED99-F02B-4E99-A202-3FAC99C510ED}) (Version: 1.0.237.100 - Electronic Arts Inc.)
Dll-Files Fixer (HKLM-x32\...\Dll-Files Fixer_is1) (Version: 3.1.81 - Dll-Files.com)
Dojotech Spotify Recorder (HKLM-x32\...\{461179FC-E2AC-4CC8-AA95-82D35FB3E7EA}) (Version: 3.3 - Dojotech Software)
Edna & Harvey: Harvey's New Eyes Demo (HKLM-x32\...\Steam App 221660) (Version:  - Daedalic Entertainment)
Edna bricht aus Demo (HKLM-x32\...\{2F5B0382-8269-4A86-9568-05542CA0CC39}_is1) (Version:  - )
EINSATZWAGEN 20/20. Der Polizei-Simulator (HKLM-x32\...\EINSATZWAGEN 20/20. Der Polizei-Simulator_is1) (Version:  - )
Entity Framework 6.1.0 Tools  for Visual Studio 2013 (HKLM-x32\...\{D4635FB4-434D-4663-A4C8-CFC00FA9D24E}) (Version: 12.0.30228.0 - Microsoft Corporation)
Erforderliche Komponenten für SSDT  (HKLM-x32\...\{3FF082A7-A5DE-4BDA-B56A-1D2BEFD617A3}) (Version: 11.1.3000.0 - Microsoft Corporation)
Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.8.2.5 - SCS Software)
FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.47 - FileZilla Project)
Finale NotePad 2012 (HKLM-x32\...\Finale NotePad 2012) (Version: 2012..r1.5 - MakeMusic)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free M4a to MP3 Converter 8.1 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free Screen To Video V 2.0 (HKLM-x32\...\Free Screen To Video_is1) (Version: 2.0.0.0 - Koyote Soft)
Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.3.6.716 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.41.623 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.41.623 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.39.604 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.39.604 - DVDVideoSoft Ltd.)
ftp-uploader (HKLM-x32\...\ftp-uploader) (Version: 3.3.0.0 - Firma Gregor Schommer Systemberatung, Raderthaler Str. 31, D-50968 Köln)
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GDR 5520 für SQL Server 2008 (KB 2977321) (64-bit) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Cloud Print-Drucker (HKLM-x32\...\{74AA24E0-AC50-4B28-BA46-9CF05467C9B7}) (Version: 28.0.1489.0 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Grand Theft Flying Object (HKLM-x32\...\{34ACB5D6-D955-4E43-931C-7EB46B70F4E9}}_is1) (Version:  - DigiPen Institute of Technology)
Hammerwatch (HKLM-x32\...\Steam App 239070) (Version:  - Crackshell)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
HTML Studio (HKLM-x32\...\HTML Studio_is1) (Version:  - Michael Elsdörfer)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 7 Update 75 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417075FF}) (Version: 7.0.750 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 7 Update 71 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170710}) (Version: 1.7.0.710 - Oracle)
Karmaflow: The Rock Opera Videogame (HKLM-x32\...\Steam App 317940) (Version:  - Basecamp Games)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Landmark Beta (HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\SOE-Landmark Beta) (Version: 1.0.3.183 - Sony Online Entertainment)
Language Pack (DEU) für freigegebene Windows Azure-Komponenten für Microsoft Visual Studio 2013 - v1.1 (x32 Version: 1.1.20410.1601 - Microsoft Corporation) Hidden
Leap Motion Software (HKLM-x32\...\Leap Services) (Version: 2.2.3.25971 - Leap Motion)
LEGO® Star Wars™: Die Komplette Saga (HKLM-x32\...\InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}) (Version: 1.00.0000 - LucasArts)
LEGO® Star Wars™: The Complete Saga (x32 Version: 1.00.0000 - LucasArts) Hidden
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPCui for de-de (x32 Version: 8.59.29989 - Microsoft) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.319 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.319 - LogMeIn, Inc.) Hidden
Loksim3D (HKLM\...\Loksim3D_is1) (Version: 2.9.1 - Loksim3D)
MAGIX 3D Maker (embeded) (HKLM-x32\...\MAGIX 3D Maker D) (Version: 6.0.0.8 - MAGIX AG)
MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Goya burnR (MSI) (HKLM-x32\...\MX.{A1566920-701E-4DEC-B15F-CD3679E0D2E0}) (Version: 4.3.2.0 - MAGIX Software GmbH)
MAGIX Goya burnR (MSI) (Version: 4.3.2.0 - MAGIX Software GmbH) Hidden
MAGIX Goya burnR 1.3.1.3 (D) (HKLM-x32\...\MAGIX Goya burnR D) (Version: 1.3.1.3 - MAGIX AG)
MAGIX Music Maker 2015 (HKLM-x32\...\MX.{78E174AA-8527-48DF-97B5-E9038B4163DF}) (Version: 21.0.0.28 - MAGIX Software GmbH)
MAGIX Music Maker 2015 (Version: 21.0.0.28 - MAGIX Software GmbH) Hidden
MAGIX Music Maker 2015 Trial Soundpools (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Screenshare 4.3.6.1987 (D) (HKLM-x32\...\MAGIX Screenshare D) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{16884C3D-3512-486D-A2F9-39071551BFEF}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 (HKLM-x32\...\MX.{EA62B22F-AB0A-406B-80A9-8036D3CE3446}) (Version: 13.0.2.8 - MAGIX AG)
MAGIX Video deluxe 2014 (Version: 13.0.2.8 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 Update (Version: 13.0.5.4 - MAGIX AG) Hidden
MAGIX Video Pro X - Academic Suite 8.0.5.12 (D) (HKLM-x32\...\MAGIX Video Pro X - Academic Suite D) (Version: 8.0.5.12 - MAGIX AG)
MAGIX Xtreme Foto Designer 6 6.0.27.0 (D) (HKLM-x32\...\MAGIX Xtreme Foto Designer 6 D) (Version: 6.0.27.0 - MAGIX AG)
Memory Profiler (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK - DEU (HKLM-x32\...\{F351AA2C-723C-4CFE-A7CB-8E43AB164F7F}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{12FE6AA6-65D2-40EE-B925-62193128A0E6}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{393CA5BF-0362-42FD-ABC2-BA9D22EF925E}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{F09DEB00-9F41-4BC9-BA81-9F131B12B3D5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{D4E30517-FE6F-491E-942F-AE10E1B18F38}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{B4EDAE03-DB34-4DD0-BA7E-2ED80DEA50B1}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{269A8DF6-BBDA-441F-932B-233F9B746D72}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{EC75BD20-F9CA-4E77-825F-ABD77E95BE91}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{0BF65908-D137-4A9E-B7C9-78F32F74F6FD}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{93945D16-4C3D-433E-B7E4-3D0D86B284C8}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{6F173435-3F19-4043-BA3D-A46AA8472859}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL-Sprachdienst  (HKLM-x32\...\{1D812D86-D8EF-41AC-A518-BA12E1913747}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU  (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (12.0.30919.1) (HKLM-x32\...\{7CC03C58-3471-43D2-A251-EC9AE225E772}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (12.0.30919.1) (HKLM-x32\...\{BCB8A870-2B3D-4CC0-87D6-F931E065AC0C}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{519918B9-24E9-4227-B927-9DD4F0FDBD0E}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{D434E072-F482-4F52-AB97-7B19DD5DAEB5}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{485F4AC6-F79E-4482-A0D2-EDF0CCE1E124}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{28D06854-572C-4A65-83E5-F8CAF26B9FDC}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{6F29F195-B11C-3EAD-B883-997BB29DFA17}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{9634d50a-0c4d-4f52-8a9f-894a2baae370}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 für das Web - DEU (HKLM-x32\...\{c1430962-1638-4b8e-af71-36b5d16b9575}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 für Windows - DEU (HKLM-x32\...\{3c9117be-a5d9-4785-b194-f7a0ff657ed4}) (Version: 12.0.30501 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 für Windows Desktop - DEU (HKLM-x32\...\{31e4d2a5-b246-4c2d-a7fb-aee157c26b02}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Visual Studio Professional 2013 (HKLM-x32\...\{3ea69e8e-ae6e-445b-bc1d-809ecb789ec4}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Microsoft Windows Media Video 9 VCM (HKLM-x32\...\WMV9_VCM) (Version:  - )
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 (HKLM\...\{11EB1163-5761-4BC6-8F48-98DCF6A46BBF}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{43341417-7882-4F34-8390-53DFD00F6C0F}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{24440413-490E-41CA-BD33-0B30FD3EBE3A}) (Version: 11.1.3366.16 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.0 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Module Microsoft Report Viewer pour Visual Studio*2013 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
MSDN Library for Microsoft Visual Studio 2008 Express Editions (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden
MSDN Library für Microsoft Visual Studio 2008 Express Editions (HKLM-x32\...\MSDN Library for Microsoft Visual Studio 2008 Express Editions) (Version:  - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\MyFreeCodec) (Version:  - )
Need For Speed™ World (HKLM-x32\...\{3AF1B16A-7DC9-4C80-BAEC-70B088A7C5B8}) (Version: 1.0.0.0 - Electronic Arts)
Node.js (HKLM\...\{1BA2E8E7-7C3E-4D6C-9A8A-569A7918761A}) (Version: 0.10.29 - Joyent, Inc. and other Node contributors)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Open Rails Version pre-v1.0 (HKLM-x32\...\{94E15E08-869D-4B69-B8D7-8C82075CB51C} ; Generat~67F3DAC8_is1) (Version: pre-v1.0 - Open Rails)
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Oracle VM VirtualBox 4.3.24 (HKLM\...\{15E093DF-951E-46CB-B3EC-E1287E7A2319}) (Version: 4.3.24 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 RC für Windows Store-Apps (Deutsch) (x32 Version: 4.5.21005 - Microsoft Corporation) Hidden
Panda Antivirus Pro 2015 (Version: 7.23.00.0000 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0002 - Panda Security)
Panda Security Toolbar (HKLM-x32\...\pandasecuritytb) (Version: 4.2.1.7 - Panda Security and Visicom Media Inc.)
Panda Security URL Filtering (HKLM-x32\...\Panda Security URL Filtering) (Version: 2.0.2.0 - Panda Security)
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
Python 3.2 (HKLM-x32\...\{B2042D5E-986D-44EC-AEE3-AFE4108CCC93}) (Version: 3.2.150 - Python Software Foundation)
Python 3.3.3 (HKLM-x32\...\{39B6EB84-331C-3657-AD2E-837537DDF04F}) (Version: 3.3.3150 - Python Software Foundation)
Qt Creator (HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Qt Creator) (Version: 3.1.2 - Qt Project)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 r2290 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Remote Control Server (HKLM-x32\...\{755C6515-9FEA-490C-B15E-22BB6519E57E}) (Version: 3.0.1.50 - Steppschuh)
Remote Mouse version 2.56 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 2.56 - Remote Mouse)
Rettungswagen Simulator 2014 Demo (HKLM-x32\...\Rettungswagen Simulator 2014 Demo) (Version: 1.0 - Z-Software GmbH)
River-Simulator 2012 - Demo version 1.22 (HKLM-x32\...\{CECF7F36-36E7-4E52-982B-DBE0982B6A74}_is1) (Version: 1.22 - weltenbauer. Software Entwicklung GmbH)
RssReader (HKLM-x32\...\{D88857C8-B36B-42CE-AC26-9FFFEEDB181A}) (Version: 1.0.88 - Ykoon)
Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.)
Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.1500.0 - SAMSUNG Electronics Co., Ltd.)
Schwebebahn-Simulator 2013 Demo (HKLM-x32\...\{983E191D-6DE0-4E12-811B-61E4A514A665}_is1) (Version:  - rondomedia Marketing & Vertriebs GmbH)
Service Pack 3 für SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SharePoint Client Components (Version: 15.0.4481.1505 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
SimCity 4 Deluxe (HKLM-x32\...\{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}) (Version: 1.0.0.0 - Electronic Arts)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
simfy (HKLM-x32\...\Simfy) (Version: 1.7.5 - simfy AG)
simfy (x32 Version: 1.7.5 - simfy AG) Hidden
Skiller Pro Driver (HKLM-x32\...\{54C8FBB3-B992-43CB-8F0A-E26228013F88}) (Version: 1.0 - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
spotimote (HKLM-x32\...\spotimote) (Version:  - )
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Stellarium 0.12.4 (HKLM\...\Stellarium_is1) (Version: 0.12.4 - Stellarium team)
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
The Plan (HKLM-x32\...\Steam App 250600) (Version:  - Krillbite Studio)
TopStyle 5 (HKLM-x32\...\TopStyle5_is1) (Version: 5.0 - topstyle4.com)
Touchless For Windows (HKLM-x32\...\Touchless) (Version: 9111.0.0 - Leap Motion)
TweetDeck (HKLM-x32\...\{C4ADB67B-C908-4D94-B85E-585D2F3F9118}) (Version: 3.3.7 - Twitter)
TypeScript Power Tool (x32 Version: 1.0.1.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.1.0 - Microsoft Corporation) Hidden
Unified Remote (HKLM-x32\...\{D7930C67-5816-417B-BF28-54BB75EFDAF9}) (Version: 2.14.4.0 - Unified Remote)
Unity Web Player (HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM-x32\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.3042.00 - Microsoft Corporation)
Visual Studio 2013 Update 2 (KB2829760) (HKLM-x32\...\{3c348532-c3bd-4bae-a928-7b555f8c808f}) (Version: 12.0.30501 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VS Update core components (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Warsow 1.02 (HKLM-x32\...\{24508D50-EB8F-4FE6-B69D-B4935D8745EF}_is1) (Version: 1.02 - Chasseur de bots)
Waterfox 34.0.1 (x64 en-US) (HKLM\...\Waterfox 34.0.1 (x64 en-US)) (Version: 34.0.1 - Mozilla)
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Windows Driver Package - CASIO (CCUSBMIDI) MEDIA  (02/24/2012 1.00.00.0004) (HKLM\...\74347E8ACBB0CD4B3A12C89F2E2FAA6CEFBE40CA) (Version: 02/24/2012 1.00.00.0004 - CASIO)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Phone 8.1 Emulators - ENU (HKLM-x32\...\{940596e5-652a-4970-8a5a-492e73ed0fbb}) (Version: 12.0.30501.0 - Microsoft Corporation)
Windows Utils (HKLM-x32\...\Windows Utils) (Version:  - )
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wondershare Video Converter Ultimate(Build 7.3.1.1) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 7.3.1.1 - Wondershare Software)
XBMC (HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\XBMC) (Version:  - Team XBMC)
YTD Video Downloader 4.8.7 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.7 - GreenTree Applications SRL) <==== ATTENTION
Zello 1.43.0.0 (HKLM-x32\...\Zello) (Version: 1.43.0.0 - Zello Inc)
Zoo Tycoon 2 - Zoodirektor-Sammlung (HKLM-x32\...\InstallShield_{238DCFCD-70B3-46B2-B90B-2CDCC69A3D03}) (Version: 1.00.0000 - Microsoft Game Studios)
Zoo Tycoon 2 - Zoodirektor-Sammlung (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
�?ад�?тройка Microsoft Report Viewer дл�? Visual Studio 2013 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden
用于 Visual Studio 2013 的 Microsoft 报告查看器加载项 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1481936226-3761452550-2346937436-1002_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1481936226-3761452550-2346937436-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\******\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1481936226-3761452550-2346937436-1002_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1481936226-3761452550-2346937436-1002_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1481936226-3761452550-2346937436-1002_Classes\CLSID\{67F2A879-82D5-4A6D-8CC5-FFB3C114B69D}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\so_activex_x64.dll ()
CustomCLSID: HKU\S-1-5-21-1481936226-3761452550-2346937436-1002_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1481936226-3761452550-2346937436-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1481936226-3761452550-2346937436-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\******\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1481936226-3761452550-2346937436-1002_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1481936226-3761452550-2346937436-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\******\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1481936226-3761452550-2346937436-1002_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1481936226-3761452550-2346937436-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\******\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1481936226-3761452550-2346937436-1002_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-1481936226-3761452550-2346937436-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\******\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1481936226-3761452550-2346937436-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\******\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

05-03-2015 20:03:53 Installed Oracle VM VirtualBox 4.3.24
07-03-2015 11:39:36 Removed LogMeIn Hamachi
20-03-2015 19:29:15 Windows Modules Installer
21-03-2015 20:18:49 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
21-03-2015 20:19:50 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {10A458D8-7E24-4C86-895A-39CDCF2B5549} - \fsupdate No Task File <==== ATTENTION
Task: {14099271-CE60-4264-8AE5-3BA4E64ACA06} - \PrivacyDR_Popup No Task File <==== ATTENTION
Task: {21495103-B53D-41A7-84BD-3988BF564556} - \PrivacyDR_Start No Task File <==== ATTENTION
Task: {2ECBA8F8-73C8-4EAE-B9F2-664C227473A1} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-02-19] (Microsoft)
Task: {3C0D7C83-BC4D-4694-916B-CA26891AC669} - System32\Tasks\DLL-Files FixerASKUSER => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2014-06-10] (Dll-FIles.Com)
Task: {44447B85-02CE-4BBD-B5B7-F91856E19589} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {453F2BC7-CF45-4956-A12E-93F8C26DFA4B} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)
Task: {5703D37F-674D-42E0-AB49-208219AA3416} - \User_Feed_Synchronization-{6A2331D9-777A-4E3D-A95D-18FB72897615} No Task File <==== ATTENTION
Task: {731DBF05-C17B-4A60-A7B9-86F22C293296} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-08] (Adobe Systems Incorporated)
Task: {74EC9B1B-1013-4EFA-B192-332DDEA21712} - \PCDEventLauncherTask No Task File <==== ATTENTION
Task: {7C5AB125-DB4B-41BE-848A-ACE4CA2B91AF} - System32\Tasks\DLL-Files.Com Fixer_MONTHLY => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2014-06-10] (Dll-FIles.Com)
Task: {7D006103-8329-449A-A923-108D7416CE5B} - \AmiUpdXp No Task File <==== ATTENTION
Task: {847EC8F0-4B08-4C86-B2C3-D0A0DF0C0D5E} - \GoogleUpdateTaskUserS-1-5-21-1481936226-3761452550-2346937436-1002UA No Task File <==== ATTENTION
Task: {88729143-D39A-40A0-A969-4285B6C058A8} - \{E4175FC2-DAAC-4D63-8D2B-F2A64AA7BD2C} No Task File <==== ATTENTION
Task: {971AB198-12A5-442A-9397-149502C123EC} - \{EC70D4AA-B0EA-4C71-8DE2-7E6B78E515CC} No Task File <==== ATTENTION
Task: {99C5213D-8DAD-4496-9695-F9D5FCE89859} - \GoforFilesUpdate No Task File <==== ATTENTION
Task: {9D9B16F6-D157-417A-897A-4C3962676AFC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-20] (Microsoft Corporation)
Task: {9EA9C305-2878-4C3F-A0B5-5E33C9784E89} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {A41949C7-4B34-4041-A749-54968180D253} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {AEB16554-4CD0-448E-8389-8ABD3C4F480E} - \SystemToolsDailyTest No Task File <==== ATTENTION
Task: {B05D6C53-AE0F-4124-B974-687519D770A9} - \Re-markit Update No Task File <==== ATTENTION
Task: {B1F3D71D-E35B-43E5-BCD0-8E7A8C470048} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {B64A3BF7-8134-4983-9EBB-3105AF7DC899} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
Task: {B6756879-5A2C-4A36-B8B6-5E1E02D45A38} - System32\Tasks\DLL-Files.Com Fixer_Updates => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2014-06-10] (Dll-FIles.Com)
Task: {C34E52FB-03F6-42EC-9103-758355BB2B58} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {CD98BC50-5C90-403C-8EF1-204E36FE057C} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)
Task: {D4825EB2-5E07-4F95-B031-4C94D49CB38D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-02-10] (Microsoft Corporation)
Task: {D7A56AF5-7866-4ACC-8231-ED740B09F4F7} - \{F74C1D05-6BF3-4018-9FAD-C2BDA9C912E0} No Task File <==== ATTENTION
Task: {D7B34865-B49E-4E2E-A836-685B678CB8D7} - \SomotoUpdateCheckerAutoStart No Task File <==== ATTENTION
Task: {DF398351-01C4-4C35-969C-DD128298E1E5} - \GoogleUpdateTaskUserS-1-5-21-1481936226-3761452550-2346937436-1002Core No Task File <==== ATTENTION
Task: {EDFAE902-D5AA-4545-929C-20CB03B1DD25} - \{B94C0966-AA9C-467A-A4BC-A2F2BB51D858} No Task File <==== ATTENTION
Task: {F24E74A8-E95A-4BDD-9A4F-CD92543E94E1} - \Optimize Start Menu Cache Files-S-1-5-21-1481936226-3761452550-2346937436-500 No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Dell SupportAssistAgent AutoUpdate.job => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe
Task: C:\WINDOWS\Tasks\DLL-Files FixerASKUSER.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\WINDOWS\Tasks\DLL-Files.Com Fixer_MONTHLY.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\WINDOWS\Tasks\DLL-Files.Com Fixer_Updates.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1481936226-3761452550-2346937436-1002Core.job => C:\Users\******\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1481936226-3761452550-2346937436-1002UA.job => C:\Users\******\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\{E4175FC2-DAAC-4D63-8D2B-F2A64AA7BD2C}.job => C:\Program Files (x86)\Panda Security\Panda Security Protection\JobLauncher.exe

==================== Loaded Modules (whitelisted) ==============

2014-01-17 23:05 - 2015-03-13 17:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-20 19:46 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-09-26 13:41 - 2014-09-26 13:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2014-09-11 18:44 - 2013-08-23 12:36 - 00721263 _____ () C:\WINDOWS\SysWOW64\WSCM64.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-01-04 10:59 - 2014-02-26 14:45 - 00475136 _____ () C:\Program Files (x86)\Skiller Pro\Monitor.EXE
2014-09-18 20:37 - 2014-07-03 04:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2013-04-12 18:23 - 2013-04-12 18:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2015-03-21 15:20 - 2015-03-14 11:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-21 15:20 - 2015-03-14 11:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-01-04 10:59 - 2014-09-03 15:58 - 00057344 _____ () C:\Program Files (x86)\Skiller Pro\lan.dll
2015-01-04 10:59 - 2012-08-14 22:41 - 00061440 _____ () C:\Program Files (x86)\Skiller Pro\hiddriver.dll
2015-03-21 15:20 - 2015-03-14 11:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
2013-12-12 11:02 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 20:34 - 2012-06-08 20:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 01135616 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMSWrap.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00656896 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ContentDirectoryPresenter.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00105472 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMCDP.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00098816 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\FolderCDP.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00031232 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\Autobackup.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00054784 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RosettaAllShare.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00077312 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MetadataFramework.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00520234 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\sqlite3.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00450560 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MoodExtractor.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 05717504 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMImgExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00029184 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AutoChaptering.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00027648 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AudioExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ImageExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00013824 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\TextExtractor.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00147456 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexpat.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoThumb.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00063488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ID3Driver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00023040 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RichInfoDriver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ThumbnailMaker.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00133120 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoMetadataDriver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\SECMetaDriver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\photoDriver.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 04671488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avcodec-52.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00686080 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avformat-52.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00070656 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avutil-50.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00152064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\swscale-0.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00366592 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\tag.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00289792 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libThumbnail.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00290304 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libKeyFrame.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00399826 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexif-12.dll.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00044032 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\us.dll
2013-12-12 10:55 - 2012-07-18 20:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-09-18 20:37 - 2014-07-31 00:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2013-12-12 11:06 - 2012-11-26 08:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2014-09-18 20:37 - 2012-11-26 06:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Administrator\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\******\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\******\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Fotogalerie-Hintergrundbild.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Andy"
HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
HKLM\...\StartupApproved\Run32: => "IMSS"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "BingDesktop"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "ContentTransferWMDetector.exe"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "FileZilla Server Interface"
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\StartupApproved\StartupFolder: => "Identitaetsabfrage.bat"
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\StartupApproved\StartupFolder: => "Rainmeter.lnk"
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\StartupApproved\StartupFolder: => "MAGIX Video deluxe 2014.lnk"
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\StartupApproved\Run: => "Speech Recognition"
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\StartupApproved\Run: => "Advanced SystemCare 7"
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\StartupApproved\Run: => "RssReader"
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\StartupApproved\Run: => "Leap Control Panel"
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\StartupApproved\Run: => "Clownfish"
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\StartupApproved\Run: => "KiesPreload"
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\StartupApproved\Run: => "KiesAirMessage"
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\StartupApproved\Run: => "Remote Mouse"
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\StartupApproved\Run: => "spotimote"
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\StartupApproved\Run: => "Unified Remote v2"

==================== Accounts: =============================

Administrator (S-1-5-21-1481936226-3761452550-2346937436-500 - Administrator - Enabled) => C:\Users\Administrator
ASPNET (S-1-5-21-1481936226-3761452550-2346937436-1011 - Limited - Enabled)
Gast (S-1-5-21-1481936226-3761452550-2346937436-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-1481936226-3761452550-2346937436-1014 - Limited - Enabled)
****** (S-1-5-21-1481936226-3761452550-2346937436-1002 - Administrator - Enabled) => C:\Users\******

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/23/2015 10:02:23 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: ******S-PC)
Description: 19120CensoredUser.HyperforYouTube_c0tqyanwsgfn65

Error: (03/23/2015 10:02:23 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: ******S-PC)
Description: 19804SaschaElsner.LetsPlay_qw44hm8tnqbgj5

Error: (03/23/2015 10:02:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ERUNT.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17668, Zeitstempel: 0x54c846bb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0006db7c
ID des fehlerhaften Prozesses: 0x227c
Startzeit der fehlerhaften Anwendung: 0xERUNT.exe0
Pfad der fehlerhaften Anwendung: ERUNT.exe1
Pfad des fehlerhaften Moduls: ERUNT.exe2
Berichtskennung: ERUNT.exe3
Vollständiger Name des fehlerhaften Pakets: ERUNT.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ERUNT.exe5

Error: (03/23/2015 09:58:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ERUNT.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: user32.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54503d20
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000c76a
ID des fehlerhaften Prozesses: 0x2694
Startzeit der fehlerhaften Anwendung: 0xERUNT.exe0
Pfad der fehlerhaften Anwendung: ERUNT.exe1
Pfad des fehlerhaften Moduls: ERUNT.exe2
Berichtskennung: ERUNT.exe3
Vollständiger Name des fehlerhaften Pakets: ERUNT.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ERUNT.exe5

Error: (03/23/2015 09:51:20 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: ******S-PC)
Description: 19120CensoredUser.HyperforYouTube_c0tqyanwsgfn65

Error: (03/23/2015 09:51:19 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: ******S-PC)
Description: 19804SaschaElsner.LetsPlay_qw44hm8tnqbgj5

Error: (03/23/2015 09:49:14 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: ******S-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe5

Error: (03/23/2015 09:49:14 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: ******S-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe5

Error: (03/23/2015 09:49:14 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: ******S-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe5

Error: (03/23/2015 09:48:56 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: ******S-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe5


System errors:
=============
Error: (03/23/2015 05:48:14 PM) (Source: NetBT) (EventID: 4307) (User: )
Description: Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen der Anfangsadressen verweigerte.

Error: (03/23/2015 05:48:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (03/23/2015 05:47:56 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (03/23/2015 05:47:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Cyberlink RichVideo Service(CRVS)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (03/23/2015 05:47:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Cyberlink RichVideo Service(CRVS) erreicht.

Error: (03/23/2015 05:47:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee OOBE Service2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/23/2015 05:47:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bing Desktop Update service erreicht.

Error: (03/23/2015 05:47:26 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎23.‎03.‎2015 um 17:35:23 unerwartet heruntergefahren.

Error: (03/22/2015 02:07:46 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (03/22/2015 02:07:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Cyberlink RichVideo Service(CRVS)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


Microsoft Office Sessions:
=========================
Error: (03/23/2015 10:02:23 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: ******S-PC)
Description: 19120CensoredUser.HyperforYouTube_c0tqyanwsgfn65

Error: (03/23/2015 10:02:23 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: ******S-PC)
Description: 19804SaschaElsner.LetsPlay_qw44hm8tnqbgj5

Error: (03/23/2015 10:02:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ERUNT.exe0.0.0.02a425e19ntdll.dll6.3.9600.1766854c846bbc00000050006db7c227c01d065aca68f3a9dC:\WINDOWS\ERUNT.exeC:\WINDOWS\SYSTEM32\ntdll.dlle464216d-d19f-11e4-bee7-c81f661ceeb2

Error: (03/23/2015 09:58:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ERUNT.exe0.0.0.02a425e19user32.dll6.3.9600.1741554503d20c00000050000c76a269401d065ac0cebd794C:\WINDOWS\ERUNT.exeC:\WINDOWS\SYSTEM32\user32.dll4bbee398-d19f-11e4-bee7-c81f661ceeb2

Error: (03/23/2015 09:51:20 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: ******S-PC)
Description: 19120CensoredUser.HyperforYouTube_c0tqyanwsgfn65

Error: (03/23/2015 09:51:19 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: ******S-PC)
Description: 19804SaschaElsner.LetsPlay_qw44hm8tnqbgj5

Error: (03/23/2015 09:49:14 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: ******S-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe5

Error: (03/23/2015 09:49:14 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: ******S-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe5

Error: (03/23/2015 09:49:14 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: ******S-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe5

Error: (03/23/2015 09:48:56 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: ******S-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe5


CodeIntegrity Errors:
===================================
  Date: 2014-09-06 17:52:24.780
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-09-06 17:52:24.686
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-09-06 17:52:24.623
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-09-06 17:52:24.483
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-09-06 17:52:24.405
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-09-06 17:52:24.311
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-09-06 17:52:24.202
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-09-06 17:52:24.139
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-09-06 17:52:24.045
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-09-06 17:52:23.967
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-3240 CPU @ 3.40GHz
Percentage of memory in use: 62%
Total physical RAM: 3967.5 MB
Available physical RAM: 1495.41 MB
Total Pagefile: 7935.5 MB
Available Pagefile: 4173.46 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:914.94 GB) (Free:487.75 GB) NTFS
Drive x: () (Fixed) (Total:0.34 GB) (Free:0.06 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:13.57 GB) (Free:0.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6C61C271)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
-----
Und die GMER.txt, da bekam ich aber leider immer die Fehlermeldung
Code:
ATTFilter
C:\WINDOWS\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
         
Succesfull war es trotzdem also hier die GMER.txt:

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-23 22:13:38
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000035 ST1000DM003-1CH162 rev.CC47 931,51GB
Running: k501derz.exe; Driver: C:\Users\******\AppData\Local\Temp\pgtdifoc.sys


---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [596:6692]  fffff9600099b2d0

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                     unknown MBR code

---- EOF - GMER 2.1 ----
         
-----
Und noch der Panda-Security-Log

Code:
ATTFilter
Ereignisse                                                      Datum/Zeit                Status                    Weitere Details
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Scan                                                            23.03.2015 22:17          Gestartet                 Durchsuche: Kritische Bereiche
Scan                                                            23.03.2015 22:00          Abgebrochen               Kompletter Scan (Gesamten Arbeitsplatz)
Cookie erkannt Cookie/Adtech                                    23.03.2015 20:41          Gelöscht                  Speicherort: C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Cookies[.adtech.de/]
Cookie erkannt Cookie/Adtech                                    23.03.2015 18:32          Gelöscht                  Speicherort: C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Cookies[.adtech.de/]
Synchronisierung                                                23.03.2015 18:09          Synchronisiert            Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen.
Scan                                                            23.03.2015 18:06          Gestartet                 Kompletter Scan (Gesamten Arbeitsplatz)
Scan                                                            23.03.2015 18:06          Abgebrochen               Durchsuche: Kritische Bereiche
Scan                                                            23.03.2015 18:05          Gestartet                 Durchsuche: Kritische Bereiche
Computer geimpft                                                23.03.2015 18:01          Geimpft
Synchronisierung                                                20.03.2015 19:38          Synchronisiert            Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen.
Element entsperrt                                               19.03.2015 22:05                                    Speicherort: C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srpts.exe.vir
Element entsperrt                                               19.03.2015 22:05                                    Speicherort: C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Smartbar.Monetization.Proxy.ProxyRemover.exe.vir
Element entsperrt                                               19.03.2015 22:05                                    Speicherort: C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\linmsl.exe.vir
Element entsperrt                                               19.03.2015 22:05                                    Speicherort: C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\HtmlAgilityPack.dll.vir
Synchronisierung                                                16.03.2015 17:14          Synchronisiert            Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen.
Synchronisierung                                                12.03.2015 05:37          Synchronisiert            Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen.
Synchronisierung                                                11.03.2015 07:24          Synchronisiert            Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen.
Synchronisierung                                                08.03.2015 19:22          Synchronisiert            Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen.
Scan                                                            07.03.2015 13:05          Beendet                   Kompletter Scan (Gesamten Arbeitsplatz)
Synchronisierung                                                07.03.2015 11:39          Synchronisiert            Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen.
Cookie erkannt Cookie/Serving-sys                               07.03.2015 11:21          Gelöscht                  Speicherort: C:\Users\Steffen\AppData\Roaming\Spotify\Users\maksim.holly-user\Cookies\Cookies[.serving-sys.com/]
Cookie erkannt Cookie/Mediaplex                                 07.03.2015 11:21          Gelöscht                  Speicherort: C:\Users\Steffen\AppData\Roaming\Spotify\Users\maksim.holly-user\Cookies\Cookies[.mediaplex.com/]
Cookie erkannt Unbekannter Name                                 07.03.2015 11:21          Gelöscht                  Speicherort: C:\Users\Steffen\AppData\Roaming\Spotify\Users\maksim.holly-user\Cookies\Cookies[.doubleclick.net/]
Cookie erkannt Cookie/Serving-sys                               07.03.2015 11:21          Gelöscht                  Speicherort: C:\Users\Steffen\AppData\Roaming\Spotify\Users\maksim.holly-user\Cookies\Cookies[.bs.serving-sys.com/]
Cookie erkannt Unbekannter Name                                 07.03.2015 11:21          Gelöscht                  Speicherort: C:\Users\Steffen\AppData\Roaming\Spotify\Users\maksim.holly-user\Apps\discover\Cookies[.doubleclick.net/]
Cookie erkannt Unbekannter Name                                 07.03.2015 11:21          Gelöscht                  Speicherort: C:\Users\Steffen\AppData\Roaming\Spotify\Users\maksim.holly-user\Apps\browse\Cookies[.doubleclick.net/]
Cookie erkannt Unbekannter Name                                 07.03.2015 11:00          Gelöscht                  Speicherort: C:\Users\Steffen\AppData\Local\Packages\19804SaschaElsner.LetsPlay_qw44hm8tnqbgj\AC\INetCookies\5HOO2945.txt
Cookie erkannt Cookie/adultfriendfinder                         07.03.2015 10:53          Gelöscht                  Speicherort: C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCookies\Low\RIBUZD72.txt
Cookie erkannt Cookie/Xiti                                      07.03.2015 10:53          Gelöscht                  Speicherort: C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCookies\Low\J5WJCM73.txt
Cookie erkannt Cookie/Statcounter                               07.03.2015 10:53          Gelöscht                  Speicherort: C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCookies\Low\H09R7JG5.txt
Cookie erkannt Cookie/BurstNet                                  07.03.2015 10:53          Gelöscht                  Speicherort: C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCookies\Low\1ILD9F9A.txt
Cookie erkannt Cookie/BurstNet                                  07.03.2015 10:53          Gelöscht                  Speicherort: C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCookies\JYJSQZ4Q.txt
Cookie erkannt Cookie/Weborama                                  07.03.2015 10:53          Gelöscht                  Speicherort: C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCookies\91EVUM7B.txt
Cookie erkannt Cookie/WebtrendsLive                             07.03.2015 10:49          Gelöscht                  Speicherort: C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Cookies[statse.webtrendslive.com/]
Cookie erkannt Cookie/Yadro                                     07.03.2015 10:49          Gelöscht                  Speicherort: C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Cookies[.yadro.ru/]
Cookie erkannt Cookie/Xiti                                      07.03.2015 10:49          Gelöscht                  Speicherort: C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Cookies[.xiti.com/]
Cookie erkannt Cookie/Statcounter                               07.03.2015 10:49          Gelöscht                  Speicherort: C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Cookies[.statcounter.com/]
Cookie erkannt Unbekannter Name                                 07.03.2015 10:49          Gelöscht                  Speicherort: C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Cookies[.doubleclick.net/]
Cookie erkannt Cookie/Advertising                               07.03.2015 10:49          Gelöscht                  Speicherort: C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Cookies[.advertising.com/]
Cookie erkannt Unbekannter Name                                 07.03.2015 10:47          Gelöscht                  Speicherort: C:\Users\Steffen\AppData\Local\Airspace\cookies[.doubleclick.net/]
Cookie erkannt Cookie/Mediaplex                                 07.03.2015 10:35          Gelöscht                  Speicherort: C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Cookies[.mediaplex.com/]
Cookie erkannt Unbekannter Name                                 07.03.2015 10:35          Gelöscht                  Speicherort: C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Cookies[.doubleclick.net/]
Cookie erkannt Unbekannter Name                                 07.03.2015 10:34          Gelöscht                  Speicherort: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies[.doubleclick.net/]
Verdächtige Datei erkannt                                       06.03.2015 19:32          Neutralisiert             Speicherort: C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srpts.exe.vir
Verdächtige Datei erkannt                                       06.03.2015 19:32          Neutralisiert             Speicherort: C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Smartbar.Monetization.Proxy.ProxyRemover.exe.vir
Verdächtige Datei erkannt                                       06.03.2015 19:32          Neutralisiert             Speicherort: C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\linmsl.exe.vir
Verdächtige Datei erkannt                                       06.03.2015 19:32          Neutralisiert             Speicherort: C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\HtmlAgilityPack.dll.vir
Trojaner erkannt Trj/CI.A                                       06.03.2015 19:32          Gelöscht                  Speicherort: C:\$Recycle.Bin\S-1-5-21-1481936226-3761452550-2346937436-1002\$RSF5TQN.rar
Trojaner erkannt Trj/Genetic.gen                                06.03.2015 19:20          Gelöscht                  Speicherort: C:\$Recycle.Bin\S-1-5-21-1481936226-3761452550-2346937436-1002\$RGHWSQ6.exe
Trojaner erkannt Trj/Genetic.gen                                06.03.2015 19:02          Gelöscht                  Speicherort: C:\$Recycle.Bin\S-1-5-21-1481936226-3761452550-2346937436-1002\$R4AGBAR.exe
Potenziell unerwünschtes Programm erkannt Application/Brutus.A  06.03.2015 19:02          Gelöscht                  Speicherort: C:\$Recycle.Bin\S-1-5-21-1481936226-3761452550-2346937436-1002\$R38XYSK\BrutusA2.exe
Scan                                                            06.03.2015 18:30          Gestartet                 Kompletter Scan (Gesamten Arbeitsplatz)
Synchronisierung                                                06.03.2015 15:58          Synchronisiert            Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen.
Synchronisierung                                                05.03.2015 19:55          Synchronisiert            Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen.
Synchronisierung                                                04.03.2015 16:59          Synchronisiert            Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen.
Synchronisierung                                                04.03.2015 16:19          Synchronisiert            Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen.
Synchronisierung                                                03.03.2015 22:17          Synchronisiert            Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen.
Synchronisierung                                                02.03.2015 16:57          Synchronisiert            Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen.
Einbruchsversuch                                                01.03.2015 18:03          Blockiert                 Angriffstyp: Smart ARP
Synchronisierung                                                01.03.2015 12:02          Synchronisiert            Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen.
Einbruchsversuch                                                28.02.2015 13:32          Blockiert                 Angriffstyp: Smart ARP
Einbruchsversuch                                                28.02.2015 13:21          Blockiert                 Angriffstyp: Smart ARP
Synchronisierung                                                28.02.2015 11:54          Synchronisiert            Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen.
Einbruchsversuch                                                28.02.2015 09:50          Blockiert                 Angriffstyp: Smart ARP
Synchronisierung                                                28.02.2015 09:14          Synchronisiert            Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen.
Synchronisierung                                                25.02.2015 15:02          Synchronisiert            Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen.
Synchronisierung                                                24.02.2015 17:24          Synchronisiert            Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen.
Einbruchsversuch                                                23.02.2015 19:39          Blockiert                 Angriffstyp: Smart ARP
Synchronisierung                                                23.02.2015 17:16          Synchronisiert            Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen.
Synchronisierung                                                23.02.2015 16:17          Synchronisiert            Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen.
Einbruchsversuch                                                21.02.2015 11:33          Blockiert                 Angriffstyp: Smart ARP
Synchronisierung                                                20.02.2015 18:47          Synchronisiert            Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen.
Synchronisierung                                                19.02.2015 19:54          Synchronisiert            Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen.
Synchronisierung                                                17.02.2015 17:01          Synchronisiert            Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen.
Einbruchsversuch                                                16.02.2015 19:05          Blockiert                 Angriffstyp: Smart ARP
Synchronisierung                                                16.02.2015 18:58          Synchronisiert            Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen.
Einbruchsversuch                                                15.02.2015 19:48          Blockiert                 Angriffstyp: Smart ARP
Einbruchsversuch                                                15.02.2015 18:44          Blockiert                 Angriffstyp: Smart ARP
Einbruchsversuch                                                15.02.2015 18:27          Blockiert                 Angriffstyp: Smart ARP
Synchronisierung                                                15.02.2015 13:00          Synchronisiert            Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen.
Synchronisierung                                                14.02.2015 11:00          Synchronisiert            Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen.
Synchronisierung                                                14.02.2015 08:40          Synchronisiert            Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen.
Synchronisierung                                                12.02.2015 17:02          Synchronisiert            Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen.
Einbruchsversuch                                                11.02.2015 20:28          Blockiert                 Angriffstyp: Smart ARP
Synchronisierung                                                11.02.2015 15:23          Synchronisiert            Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen.
Synchronisierung                                                10.02.2015 18:17          Synchronisiert            Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen.
Scan                                                            09.02.2015 22:03          Abgebrochen               Durchsuche: Kritische Bereiche
Scan                                                            09.02.2015 22:02          Gestartet                 Durchsuche: Kritische Bereiche
Synchronisierung                                                09.02.2015 17:09          Synchronisiert            Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen.
Synchronisierung                                                09.02.2015 16:29          Synchronisiert            Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen.
Einbruchsversuch                                                09.02.2015 15:57          Blockiert                 Angriffstyp: Smart ARP
Einbruchsversuch                                                09.02.2015 15:49          Blockiert                 Angriffstyp: Smart ARP
Computer geimpft                                                08.02.2015 22:29          Geimpft
Computer geimpft                                                08.02.2015 22:21          Geimpft
Malware erkannt                                                 02.02.2015 22:51          Blockiert                 URL: hxxp://bamba.theplaora.com/FlashBeat/PCSChecker.exe
         
~~~~~~
Hoffe, da war jetzt alles richtig...
Es grüßt, Massenmensch
__________________


Alt 23.03.2015, 23:01   #3
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8: Zwei Trojaner im selben Ordner, alles sicher? - Standard

Windows 8: Zwei Trojaner im selben Ordner, alles sicher?



hi,

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    YTD Video Downloader 4.8.7



  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
__________________

Alt 24.03.2015, 10:47   #4
Massenmensch
 
Windows 8: Zwei Trojaner im selben Ordner, alles sicher? - Standard

Windows 8: Zwei Trojaner im selben Ordner, alles sicher?



So... Malwarebytes läuft bereits...
Aber die Ergebnisse gibt's dann erst morgen, das dauert alles noch ein bisschen...
Aber danke erst einmal für deine Hilfe!

Es wünscht eine Gute Nacht, Massenmensch

So... Jetzt die weiteren Logs... Nochmal für deine Hilfe bis jetzt!

~~~Logs~~~
MB-AM:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 23.03.2015
Suchlauf-Zeit: 23:35:21
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.03.23.08
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: ******

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 602772
Verstrichene Zeit: 25 Min, 17 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 24
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6CA2A4DE-483E-456B-8634-6445460D7097}, , [6e8699afcbbf65d12922b5754eb50cf4], 
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E3F1CA13-EA0E-4617-8D03-3EAA6A94A7E0}, , [6e8699afcbbf65d12922b5754eb50cf4], 
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C321541F-B22D-4593-AC1A-9634812A4E40}, , [6e8699afcbbf65d12922b5754eb50cf4], 
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A8018C54-B702-4D52-9ACC-8CA78911E633}, , [6e8699afcbbf65d12922b5754eb50cf4], 
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C6A846C5-D67F-48B4-8552-C22354E56966}, , [6e8699afcbbf65d12922b5754eb50cf4], 
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A8018C54-B702-4D52-9ACC-8CA78911E633}, , [6e8699afcbbf65d12922b5754eb50cf4], 
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C6A846C5-D67F-48B4-8552-C22354E56966}, , [6e8699afcbbf65d12922b5754eb50cf4], 
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A8018C54-B702-4D52-9ACC-8CA78911E633}, , [6e8699afcbbf65d12922b5754eb50cf4], 
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C6A846C5-D67F-48B4-8552-C22354E56966}, , [6e8699afcbbf65d12922b5754eb50cf4], 
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C321541F-B22D-4593-AC1A-9634812A4E40}, , [6e8699afcbbf65d12922b5754eb50cf4], 
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{C321541F-B22D-4593-AC1A-9634812A4E40}, , [6e8699afcbbf65d12922b5754eb50cf4], 
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E3F1CA13-EA0E-4617-8D03-3EAA6A94A7E0}, , [6e8699afcbbf65d12922b5754eb50cf4], 
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E3F1CA13-EA0E-4617-8D03-3EAA6A94A7E0}, , [6e8699afcbbf65d12922b5754eb50cf4], 
PUP.Optional.FlowSurf.A, HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E3F1CA13-EA0E-4617-8D03-3EAA6A94A7E0}, , [6e8699afcbbf65d12922b5754eb50cf4], 
PUP.Optional.FlowSurf.A, HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E3F1CA13-EA0E-4617-8D03-3EAA6A94A7E0}, , [6e8699afcbbf65d12922b5754eb50cf4], 
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6CA2A4DE-483E-456B-8634-6445460D7097}, , [6e8699afcbbf65d12922b5754eb50cf4], 
PUP.Optional.FlowSurf.A, HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6CA2A4DE-483E-456B-8634-6445460D7097}, , [6e8699afcbbf65d12922b5754eb50cf4], 
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\{6CA2A4DE-483E-456B-8634-6445460D7097}, , [6e8699afcbbf65d12922b5754eb50cf4], 
PUP.Optional.Snapdo.T, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, , [3db7b98f7a10340226064f1526dd43bd], 
PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\WOW6432NODE\awesomehpSoftware, , [03f1b98fbbcf53e3bdfd3dc48e76be42], 
PUP.Optional.FastSearchings, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, , [f4007eca404a91a515b1b9828a7bad53], 
PUP.Optional.FlowSurf.A, HKU\S-1-5-18\SOFTWARE\FLOWSURF, , [8a6a1e2aa7e385b14ea478bc0cf9bf41], 
PUP.Optional.ReMarkit.A, HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\SOFTWARE\APPDATALOW\SOFTWARE\Re_markit, , [38bc1533d5b5af8739e3ede33ec5639d], 
PUP.Optional.FlowSurf.A, HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\SOFTWARE\FLOWSURF, , [51a32c1ca1e9d6609e54fb39d1343ac6], 

Registrierungswerte: 3
PUP.Optional.WebSearchInfo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, , [ab496ddb01898babd115bf7ea1644fb1]
PUP.Optional.FlowSurf.A, HKU\S-1-5-18\SOFTWARE\FLOWSURF|chrid, oglkiljdmflopemijdadoiepkhcaodjn, , [8a6a1e2aa7e385b14ea478bc0cf9bf41]
PUP.Optional.FlowSurf.A, HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\SOFTWARE\FLOWSURF|chrid, oglkiljdmflopemijdadoiepkhcaodjn, , [51a32c1ca1e9d6609e54fb39d1343ac6]

Registrierungsdaten: 5
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[9a5a12365d2d2115af78f9fb51b44cb4]
PUP.Optional.SnapDo.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0ujSI71XNij6XDeVTlMzu3v1nTicPInFt8MMITDhEmuaulDXmT3GdVLsok__v0Xui2S9xghVYrToeEJNY46DtWQAXfvHO-wj9TlcLakOdU8n0vOrtf2_yGPF7pZaoJsw,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0ujSI71XNij6XDeVTlMzu3v1nTicPInFt8MMITDhEmuaulDXmT3GdVLsok__v0Xui2S9xghVYrToeEJNY46DtWQAXfvHO-wj9TlcLakOdU8n0vOrtf2_yGPF7pZaoJsw,,&q={searchTerms}),,[e90bfc4ccfbb5ed8d6c0f6f2c441cb35]
PUP.Optional.SnapDo.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0ujSI71XNij6XDeVTlMzu3v1nTicPInFt8MMITDhEmuaulDXmT3GdVLsok__v0Xui2S9xghVYrToeEJNY46DtWQAXfvHO-wj9TlcLakOdU8n0vOrtf2_yGPF7pZaoJsw,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0ujSI71XNij6XDeVTlMzu3v1nTicPInFt8MMITDhEmuaulDXmT3GdVLsok__v0Xui2S9xghVYrToeEJNY46DtWQAXfvHO-wj9TlcLakOdU8n0vOrtf2_yGPF7pZaoJsw,,&q={searchTerms}),,[e90beb5dff8b3ef87e1b12d6f015847c]
PUP.Optional.SnapDo.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0ujSI71XNij6XDeVTlMzu3v1nTicPInFt8MMITDhEmuaulDXmT3GdVLsok__v0Xui2S9xghVYrToeEJNY46DtWQAXfvHO-wj9TlcLakOdU8n0vOrtf2_yGPF7pZaoJsw,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0ujSI71XNij6XDeVTlMzu3v1nTicPInFt8MMITDhEmuaulDXmT3GdVLsok__v0Xui2S9xghVYrToeEJNY46DtWQAXfvHO-wj9TlcLakOdU8n0vOrtf2_yGPF7pZaoJsw,,&q={searchTerms}),,[5a9a1533adddb97d9bff9058a85d9070]
PUP.Optional.SnapDo.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0ujSI71XNij6XDeVTlMzu3v1nTicPInFt8MMITDhEmuaulDXmT3GdVLsok__v0Xui2S9xghVYrToeEJNY46DtWQAXfvHO-wj9TlcLakOdU8n0vOrtf2_yGPF7pZaoJsw,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0ujSI71XNij6XDeVTlMzu3v1nTicPInFt8MMITDhEmuaulDXmT3GdVLsok__v0Xui2S9xghVYrToeEJNY46DtWQAXfvHO-wj9TlcLakOdU8n0vOrtf2_yGPF7pZaoJsw,,&q={searchTerms}),,[c62eeb5d6a20d660484d9e4a72937090]

Ordner: 5
PUP.Optional.Multiplug, C:\Program Files (x86)\YoutubeAdblocker, , [b440d8707218cd6920bf7ef82dd6a759], 
PUP.Optional.YoutubeAdblocker.A, C:\ProgramData\YoutubeAdblocker, , [a252c5838cfe77bfb21ae197c241ba46], 
PUP.Optional.Extutil.A, C:\Users\******\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, , [7a7a4305c6c486b0696a6a21cf34c33d], 
PUP.Optional.Managera.A, C:\Users\******\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, , [a35121273d4ddf570bc91b709c67946c], 
PUP.Optional.FlowSurf.A, C:\Program Files (x86)\Flowsurf, , [18dcba8ed7b3f1458250267cb84bcc34], 

Dateien: 12
PUP.Optional.FlowSurf.A, C:\Program Files (x86)\Flowsurf\flowsurf.dll, , [6e8699afcbbf65d12922b5754eb50cf4], 
PUP.Optional.Downloader, C:\$Recycle.Bin\S-1-5-21-1481936226-3761452550-2346937436-1002\$RNZABIX.exe, , [9f5593b5b2d8979fecbfd398936db64a], 
Trojan.MSIL, C:\$Recycle.Bin\S-1-5-21-1481936226-3761452550-2346937436-1002\$R8D6G4I.crdownload, , [5c986cdc3b4ffe382cc607d89869c040], 
PUP.Optional.Spigot.A, C:\Users\******\AppData\Local\Temp\~sp2092.tmp, , [82720c3cf496b87ec6a182a78383ad53], 
PUP.Optional.Spigot.A, C:\Users\******\AppData\Local\Temp\~sp4C1.tmp, , [46ae2a1e682260d6fe69dc4d3bcb14ec], 
PUP.Optional.DownloadSponsor, C:\Users\******\AppData\Local\Temp\OCS\ocs_v71b.exe, , [93612a1e7a10fe382f6fe0f34bba4bb5], 
PUP.Optional.Eguide, C:\Users\******\Downloads\ispd-Downloader.exe, , [1ada2523325847efd967b7a79868d62a], 
PUP.Optional.Downloader, C:\Users\******\Downloads\DesktopOK 64 Bit - CHIP-Installer.exe, , [886c83c5eb9fa98d367555167a867888], 
PUP.Optional.FlowSurf.A, C:\Program Files (x86)\Flowsurf\atl110.dll, , [18dcba8ed7b3f1458250267cb84bcc34], 
PUP.Optional.FlowSurf.A, C:\Program Files (x86)\Flowsurf\fsupd.exe, , [18dcba8ed7b3f1458250267cb84bcc34], 
PUP.Optional.FlowSurf.A, C:\Program Files (x86)\Flowsurf\install.ico, , [18dcba8ed7b3f1458250267cb84bcc34], 
PUP.Optional.FlowSurf.A, C:\Program Files (x86)\Flowsurf\msvcr110.dll, , [18dcba8ed7b3f1458250267cb84bcc34], 

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
-----
und JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.6 (03.22.2015:1)
OS: Windows 8.1 x64
Ran by ****** on 24.03.2015 at  9:15:38,76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\******\AppData\Roaming\pcdr"
Successfully deleted: [Folder] "C:\Users\******\appdata\locallow\pcdr"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.03.2015 at  9:19:55,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
------

und FRST:


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by ****** (administrator) on ******S-PC on 24-03-2015 10:45:44
Running from C:\Users\******\Desktop
Loaded Profiles: ****** (Available profiles: ****** & Administrator & Gast)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Leap Motion, Inc.) C:\Program Files (x86)\Leap Motion\Core Services\LeapSvc64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
() C:\Program Files (x86)\Skiller Pro\Monitor.EXE
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Remote Control Server] => C:\Program Files (x86)\Remote Control Server\Remote Control Server.exe [5159424 2015-01-19] (Steppschuh)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-02] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-11-01] (Microsoft Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ContentTransferWMDetector.exe] => C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe [583016 2009-11-19] (Sony Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-06-23] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2020704 2014-08-05] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1960336 2014-09-02] ()
HKLM-x32\...\Run: [FileZilla Server Interface] => C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe [2448896 2014-09-19] (FileZilla Project)
HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Skiller Pro] => C:\Program Files (x86)\Skiller Pro\Monitor.exe [475136 2014-02-26] ()
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-02-17] (LogMeIn Inc.)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [Speech Recognition] => C:\WINDOWS\Speech\Common\sapisvr.exe [44032 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [RssReader] => C:\Program Files (x86)\RssReader\RssReader.exe [1077248 2004-04-04] (Ykoon)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [Leap Control Panel] => C:\Program Files (x86)\Leap Motion\Core Services\LeapControlPanel.exe [3609936 2015-03-21] (Leap Motion, Inc.)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [Spotify Web Helper] => C:\Users\******\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-11] (Spotify Ltd)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [Spotify] => C:\Users\******\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-11] (Spotify Ltd)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [Google Update] => C:\Users\******\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-05-09] (Google Inc.)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [Clownfish] => C:\Program Files (x86)\Clownfish\Clownfish.exe [1313536 2014-04-01] (Bogdan Sharkov)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-07] (Samsung)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [Remote Mouse] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [2042880 2014-08-25] (RemoteMouse.net)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [spotimote] => C:\Program Files (x86)\spotimote\spotimote.exe [2830248 2014-10-08] ()
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31346784 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [GoogleChromeAutoLaunch_D781C9BFB3A3BA37CC3EB8921F5CCF82] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-14] (Google Inc.)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [DellSystemDetect] => C:\Users\******\AppData\Local\Apps\2.0\LLG9VHQ8.GH9\KO4XLBTX.AGH\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe [276776 2015-01-11] (Dell)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-14] (Google Inc.)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\devolo Cockpit.lnk
ShortcutTarget: devolo Cockpit.lnk -> C:\Program Files (x86)\devolo\dlan\frontend\plcnetui.exe ( )
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Identitaetsabfrage.bat ()
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MAGIX Video deluxe 2014.lnk
ShortcutTarget: MAGIX Video deluxe 2014.lnk -> C:\Program Files (x86)\MAGIX\Video deluxe 2014\Videodeluxe.exe (MAGIX Software GmbH)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1481936226-3761452550-2346937436-1002 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3324427&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPAF1B23EF-781D-48EC-96E7-10E4407318A0&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1481936226-3761452550-2346937436-1002 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-1481936226-3761452550-2346937436-1002 -> {B4364FC7-BB80-4056-A87B-DBC5A26B5C36} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2014-10-17] ()
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-12-16] (Adblock Plus)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2014-09-02] (Wondershare)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-01-13] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll [2014-10-17] ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-13] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-12-16] (Adblock Plus)
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2014-10-17] ()
Toolbar: HKLM-x32 - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll [2014-10-17] ()
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File

FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ynwd5408.default
FF SearchEngineOrder.1: Google.at
FF Homepage: https://www.google.de/
FF Keyword.URL: https://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-08] ()
FF Plugin: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-01] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-13] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-02-20] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-01] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1481936226-3761452550-2346937436-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\******\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-1481936226-3761452550-2346937436-1002: @talk.google.com/O1DPlugin -> C:\Users\******\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-1481936226-3761452550-2346937436-1002: @tools.google.com/Google Update;version=3 -> C:\Users\******\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin HKU\S-1-5-21-1481936226-3761452550-2346937436-1002: @tools.google.com/Google Update;version=9 -> C:\Users\******\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin HKU\S-1-5-21-1481936226-3761452550-2346937436-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\******\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-06] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\******\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\******\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF SearchPlugin: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ynwd5408.default\searchplugins\youtube-videosuche.xml [2014-08-30]
FF Extension: Avira Browser Safety - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ynwd5408.default\Extensions\abs@avira.com [2015-03-02]
FF Extension: FireFTP - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ynwd5408.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-01-16]
FF Extension: Deutsch (DE) Language Pack - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ynwd5408.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2015-01-16]
FF Extension: Deutsch (DE) Language Pack - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ynwd5408.default\Extensions\langpack-de@Waterfox.mozilla.org.xpi [2014-08-30]
FF Extension: Session Manager - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ynwd5408.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-10-31]
FF Extension: Adblock Plus - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ynwd5408.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-16]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2014-09-11]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "https://www.google.de/", "hxxp://websearch.amaizingsearches.info/?pid=377&r=2014/04/07&hid=5936879317086436134&lg=EN&cc=DE&unqvl=51", "hxxp://google.com/", "hxxp://google.de/", "https://de.search.yahoo.com/?type=937811&fr=yo-yhp-ch"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\******\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-04-07]
CHR Extension: (YouTube) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-07]
CHR Extension: (Berlin Events) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopbgcbccpbkbficacifdijmlpdnddkf [2014-04-07]
CHR Extension: (Adblock Plus) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-17]
CHR Extension: (Google Search) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-07]
CHR Extension: (Session Buddy) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2014-04-07]
CHR Extension: (Floating YouTube Extension) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\egncdnniomonjgpjbapalkckojhkfddk [2014-11-12]
CHR Extension: (Yahoo!) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdhbkaahephniejapepaiggngjnedpci [2015-02-09]
CHR Extension: (Show Frame) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmgcfdnagjkihmgjhbiombjdcgckgnb [2015-01-18]
CHR Extension: (Google Keep - notes and lists) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-04-07]
CHR Extension: (ProxMate) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifalmiidchkjjmkkbkoaibpmoeichmki [2014-05-13]
CHR Extension: (Floating YouTube™) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjphmlaoffndcnecccgemfdaaoighkel [2014-11-12]
CHR Extension: (FullStream) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkchcbdilffpbpkknniliidiflhbagkl [2015-01-23]
CHR Extension: (Open Frame) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdhjgkkaacdhdioocfbpmhjidbinfajj [2015-01-18]
CHR Extension: (Wetter Berlin) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\klefihnmmfkcaoeebemdmeebbfdhlknm [2014-04-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-20]
CHR Extension: (Twitch Now) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk [2015-01-23]
CHR Extension: (Google Wallet) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-29]
CHR Extension: (Gmail) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-07]
CHR HKLM-x32\...\Chrome\Extension: [fdhbkaahephniejapepaiggngjnedpci] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-11-01] (Microsoft Corp.)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [406288 2014-06-23] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-06-23] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-06-23] (BlueStack Systems, Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2014-03-01] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2552528 2015-01-30] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201424 2015-01-30] (Dell Inc.)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3736520 2015-01-29] (devolo AG)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [772608 2014-09-19] (FileZilla Project) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
S3 GSService; C:\WINDOWS\SysWOW64\GSService.exe [444640 2014-07-28] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
R2 LeapService; C:\Program Files (x86)\Leap Motion\Core Services\LeapSvc64.exe [10166784 2015-03-21] (Leap Motion, Inc.) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-02-16] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-31] (Electronic Arts)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 panda_url_filtering; C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe [296760 2014-09-19] (Panda Security)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1924328 2014-09-18] (SoftThinks SAS)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-02-19] (Dell Inc.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87736 2014-04-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]
S3 McAWFwk; C:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [X]
S2 McOobeSv2; "C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-06-23] (BlueStack Systems)
S3 CCUSBMIDI; C:\Windows\System32\Drivers\ccusbmid.sys [26624 2012-02-24] (CASIO COMPUTER CO., LTD.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-02-17] (LogMeIn Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
S3 MP4ConverterAudio; C:\Windows\system32\drivers\MP4ConverterAudio.sys [36064 2014-07-28] (Windows (R) Win 7 DDK provider)
S3 NdisImPlatformMp; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [126464 2014-10-29] (Microsoft Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [47360 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2015-01-29] (CACE Technologies)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-24 10:45 - 2015-03-24 10:46 - 00040558 _____ () C:\Users\******\Desktop\FRST.txt
2015-03-24 09:19 - 2015-03-24 09:19 - 00000886 _____ () C:\Users\******\Desktop\JRT.txt
2015-03-24 09:15 - 2015-03-24 09:15 - 00006267 _____ () C:\Users\******\Desktop\AdwCleaner[S3].txt
2015-03-24 09:10 - 2014-03-25 14:15 - 00060400 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2015-03-24 09:08 - 2015-03-24 09:11 - 00001780 _____ () C:\Users\******\Desktop\Google Keep.lnk
2015-03-24 09:08 - 2015-03-24 09:08 - 00001049 _____ () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-24 00:02 - 2015-03-24 09:07 - 00009999 _____ () C:\Users\******\Desktop\mbam.txt
2015-03-23 23:33 - 2015-03-23 23:33 - 02168320 _____ () C:\Users\******\Desktop\AdwCleaner_4.113.exe
2015-03-23 23:33 - 2015-03-23 23:33 - 01388782 _____ (Thisisu) C:\Users\******\Desktop\JRT.exe
2015-03-23 23:31 - 2015-03-23 23:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leap Motion
2015-03-23 23:25 - 2015-03-23 23:25 - 00488088 _____ () C:\WINDOWS\Minidump\032315-26625-01.dmp
2015-03-23 23:11 - 2015-03-23 23:35 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-23 23:10 - 2015-03-23 23:10 - 00001172 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-23 23:10 - 2015-03-23 23:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-23 23:10 - 2015-03-23 23:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-23 23:10 - 2015-03-23 23:10 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-23 23:10 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-23 23:10 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-23 23:10 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-23 23:07 - 2015-03-23 23:07 - 00001340 _____ () C:\Users\******\Desktop\Revo Uninstaller.lnk
2015-03-23 23:07 - 2015-03-23 23:07 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-23 22:13 - 2015-03-23 22:56 - 00000493 _____ () C:\Users\******\Desktop\GMER.txt
2015-03-23 22:00 - 2015-03-23 22:02 - 00000476 _____ () C:\Users\******\Desktop\defogger_disable.log
2015-03-23 21:58 - 2015-03-24 10:45 - 00000000 ____D () C:\FRST
2015-03-23 21:58 - 2015-03-23 21:58 - 00000000 _____ () C:\Users\******\defogger_reenable
2015-03-23 21:57 - 2015-03-23 21:57 - 00050477 _____ () C:\Users\******\Desktop\Defogger.exe
2015-03-23 21:55 - 2015-03-23 21:55 - 02095616 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2015-03-23 21:54 - 2015-03-23 21:54 - 00380416 _____ () C:\Users\******\Desktop\k501derz.exe
2015-03-23 21:39 - 2015-03-23 21:40 - 01203488 _____ () C:\Users\******\Downloads\Regin Scanner - CHIP-Installer.exe
2015-03-23 18:14 - 2015-03-23 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\River-Simulator 2012 - Demo
2015-03-23 18:13 - 2015-03-23 18:13 - 00000000 ____D () C:\Program Files (x86)\River-Simulator 2012 - Demo
2015-03-23 18:06 - 2015-03-23 18:06 - 00000000 ____D () C:\Users\******\Tracing
2015-03-22 14:08 - 2015-03-04 22:24 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-22 14:08 - 2015-03-04 22:24 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-22 10:31 - 2015-03-22 10:55 - 00000000 ____D () C:\Users\******\AppData\Roaming\Rettungswagen Simulator 2014 Demo
2015-03-22 10:31 - 2015-03-22 10:32 - 00000000 ____D () C:\Users\******\Documents\Rettungswagen Simulator 2014 Demo
2015-03-22 10:31 - 2015-03-22 10:31 - 00000000 ____D () C:\ProgramData\RTWS2014DEMO
2015-03-22 10:28 - 2015-03-22 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rettungswagen Simulator 2014 Demo
2015-03-22 10:22 - 2015-03-22 10:28 - 00000000 ____D () C:\Program Files (x86)\Rettungswagen Simulator 2014 Demo
2015-03-22 10:21 - 2015-03-22 10:27 - 218461259 _____ () C:\Users\******\Downloads\Schiff-Simulator2012-Demo_Setup.zip
2015-03-22 10:01 - 2015-03-22 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Schwebebahn-Simulator 2013 Demo
2015-03-22 10:00 - 2015-03-22 10:00 - 00000000 ____D () C:\Program Files (x86)\rondomedia
2015-03-22 09:52 - 2015-03-22 09:55 - 179712052 _____ () C:\Users\******\Downloads\Schwebebahn-Simulator2013_simuwelt_Demo Setup.zip
2015-03-22 09:51 - 2015-03-22 10:11 - 1682428100 _____ () C:\Users\******\Downloads\rtws2014-demo-1.0a.zip
2015-03-22 09:19 - 2015-03-22 09:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Airport Simulator 2013 Demo
2015-03-22 09:19 - 2015-03-22 09:19 - 00000000 ____D () C:\Program Files (x86)\Airport Simulator 2013 Demo
2015-03-22 09:18 - 2015-03-22 09:18 - 50171380 _____ () C:\Users\******\Downloads\Airport-Simulator2013_simuwelt_Demo.zip
2015-03-21 21:19 - 2015-03-21 21:19 - 00000000 ____D () C:\Users\******\AppData\Roaming\Open Rails
2015-03-21 20:42 - 2015-03-21 20:42 - 00001082 _____ () C:\Users\Public\Desktop\Open Rails.lnk
2015-03-21 20:42 - 2015-03-21 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open Rails
2015-03-21 20:42 - 2015-03-21 20:42 - 00000000 ____D () C:\Program Files (x86)\Open Rails
2015-03-21 20:41 - 2015-03-21 20:41 - 23850158 _____ (Open Rails ) C:\Users\******\Downloads\setup_OR_pre-v1.0_from_download.exe
2015-03-21 20:20 - 2015-03-21 20:39 - 00000000 ____D () C:\Users\******\AppData\Local\Loksim3D
2015-03-21 20:20 - 2015-03-21 20:34 - 00000000 ____D () C:\Program Files (x86)\Loksim3D
2015-03-21 20:20 - 2015-03-21 20:25 - 00000000 ____D () C:\Users\Public\Documents\Loksim3D
2015-03-21 20:20 - 2015-03-21 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Loksim3D
2015-03-21 20:15 - 2015-03-21 20:17 - 120920998 _____ () C:\Users\******\Downloads\Setup-Loksim3D-2-9-1.zip
2015-03-21 20:14 - 2015-03-21 20:14 - 00373824 _____ () C:\Users\******\Downloads\Setup-Loksim3D-2-9-1_CB-DL-Manager.exe
2015-03-21 15:12 - 2015-03-21 15:24 - 436138144 _____ (MAGIX Software GmbH) C:\Users\******\Downloads\music_maker_2015_dlv_chip_de_20140827_13-38.exe
2015-03-20 20:25 - 2015-03-13 16:38 - 00622224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-03-20 20:22 - 2015-03-13 20:41 - 32114888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 25460880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 24775368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 20466376 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 18580512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 17258024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 16022016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 14121624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 13297144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 13210080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 10775080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 10715864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 10262160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-03-20 20:22 - 2015-03-13 20:41 - 03611792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 03303448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 03249352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 02906928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 01896136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434788.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434788.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 00997856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 00970384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 00944784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 00930448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 00909512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 00878328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 00354112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 00306208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 00178512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 00164568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 00032456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2015-03-20 20:22 - 2015-03-13 20:41 - 00027441 _____ () C:\WINDOWS\system32\nvinfo.pb
2015-03-11 07:39 - 2015-03-06 03:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-11 07:39 - 2015-03-06 03:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-03-11 07:39 - 2015-02-26 00:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-11 07:39 - 2015-02-04 00:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-11 07:39 - 2015-02-04 00:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-11 07:39 - 2015-02-04 00:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-11 07:39 - 2015-02-03 00:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-11 07:39 - 2015-02-03 00:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-03-11 07:39 - 2015-01-31 00:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-03-11 07:39 - 2015-01-31 00:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-03-11 07:39 - 2015-01-29 02:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-03-11 07:39 - 2015-01-29 02:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-03-11 07:39 - 2015-01-27 04:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-03-11 07:39 - 2015-01-24 02:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-03-11 07:39 - 2015-01-23 08:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-03-11 07:39 - 2015-01-23 06:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-03-11 07:38 - 2015-02-20 04:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-03-11 07:38 - 2015-02-20 03:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-03-11 07:38 - 2015-02-20 03:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-03-11 07:38 - 2015-02-20 03:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-03-11 07:38 - 2015-02-07 00:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-11 07:38 - 2015-02-06 02:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-03-11 07:38 - 2015-02-06 02:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-03-11 07:38 - 2015-02-05 21:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-03-11 07:38 - 2015-02-03 01:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-03-11 07:38 - 2015-02-03 01:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-03-11 07:38 - 2015-01-31 00:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-03-11 07:38 - 2015-01-30 04:01 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-03-11 07:38 - 2015-01-30 03:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-03-11 07:38 - 2015-01-30 03:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-03-11 07:38 - 2015-01-30 03:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-03-11 07:38 - 2015-01-30 02:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-03-11 07:38 - 2015-01-30 02:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-03-11 07:38 - 2015-01-30 02:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-03-11 07:38 - 2015-01-30 02:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-03-11 07:38 - 2015-01-30 02:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-03-11 07:38 - 2015-01-30 02:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-03-11 07:38 - 2015-01-30 02:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-03-11 07:38 - 2015-01-30 02:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-03-11 07:38 - 2015-01-30 02:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-03-11 07:38 - 2015-01-30 02:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-03-11 07:38 - 2015-01-29 02:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-11 07:38 - 2015-01-29 02:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-03-11 07:38 - 2015-01-29 02:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-03-11 07:38 - 2015-01-29 02:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-11 07:38 - 2015-01-29 01:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-03-11 07:38 - 2015-01-29 01:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-03-11 07:38 - 2015-01-29 01:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-03-11 07:38 - 2015-01-29 01:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-03-11 07:38 - 2015-01-28 16:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-11 07:38 - 2015-01-28 16:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-11 07:38 - 2015-01-28 16:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-03-11 07:38 - 2015-01-28 03:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-03-11 07:38 - 2015-01-28 02:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-03-11 07:38 - 2015-01-27 05:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-11 07:38 - 2015-01-27 03:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-11 07:37 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-11 07:37 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-11 07:37 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-11 07:37 - 2015-02-21 01:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-03-11 07:37 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-11 07:37 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-11 07:37 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-11 07:37 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-11 07:37 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-11 07:37 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-11 07:37 - 2015-02-20 03:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-11 07:37 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-11 07:37 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-11 07:37 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-11 07:37 - 2015-02-20 03:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-11 07:37 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-03-11 07:37 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-11 07:37 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-11 07:37 - 2015-02-20 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-11 07:37 - 2015-02-20 02:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-03-11 07:37 - 2015-02-20 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-11 07:37 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-11 07:37 - 2015-02-20 02:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-11 07:37 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-11 07:37 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-11 07:37 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-11 07:37 - 2015-02-20 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-03-11 07:37 - 2015-02-20 02:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-11 07:37 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-11 07:37 - 2015-02-20 02:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-03-11 07:37 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-11 07:37 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-11 07:37 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-11 07:37 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-11 07:37 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-03-11 07:37 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-11 07:37 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-03-11 07:37 - 2015-02-12 18:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-11 07:37 - 2015-02-12 18:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-11 07:37 - 2015-02-08 00:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-03-11 07:37 - 2015-02-08 00:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-03-11 07:37 - 2015-01-29 19:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-11 07:37 - 2015-01-29 19:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-11 07:37 - 2015-01-28 02:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-11 07:37 - 2015-01-28 02:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-11 07:37 - 2015-01-28 00:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-03-11 07:37 - 2015-01-28 00:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-03-11 07:37 - 2015-01-21 06:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-11 07:37 - 2015-01-21 06:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-03-11 07:37 - 2014-12-11 06:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-03-11 07:02 - 2015-03-11 07:02 - 01142192 _____ () C:\WINDOWS\Minidump\031115-35765-01.dmp
2015-03-11 07:01 - 2015-03-23 23:25 - 740588065 _____ () C:\WINDOWS\MEMORY.DMP
2015-03-10 18:31 - 2015-03-10 18:32 - 00166935 _____ () C:\Users\******\Downloads\xape.rar
2015-03-08 19:31 - 2015-03-08 19:38 - 00000000 ____D () C:\Users\******\Desktop\Chips
2015-03-07 12:04 - 2015-03-07 21:17 - 00000000 ____D () C:\Users\******\AppData\Local\LogMeIn Hamachi
2015-03-07 12:02 - 2015-03-07 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-03-07 12:02 - 2015-03-07 12:02 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-03-06 19:06 - 2015-03-24 09:31 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1481936226-3761452550-2346937436-1002
2015-03-06 18:55 - 2015-03-06 18:55 - 00000000 ___HD () C:\WINDOWS\AxInstSV
2015-03-06 16:00 - 2015-03-06 16:31 - 4225595392 _____ () C:\Users\******\Downloads\Windows10_TechnicalPreview_x64_DE-DE_9926 (1).iso
2015-03-05 20:04 - 2015-03-05 20:04 - 00001134 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2015-03-05 20:04 - 2015-03-05 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-03-05 20:04 - 2015-03-05 20:04 - 00000000 ____D () C:\Program Files\Oracle
2015-03-05 20:04 - 2015-03-02 15:20 - 00922168 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2015-03-05 20:04 - 2015-03-02 15:18 - 00128592 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2015-03-05 20:01 - 2015-03-05 20:01 - 01203488 _____ () C:\Users\******\Downloads\VirtualBox - CHIP-Installer.exe
2015-03-02 15:18 - 2015-03-02 15:18 - 00204264 _____ (Oracle Corporation) C:\WINDOWS\system32\VBoxNetFltNobj.dll
2015-03-02 15:18 - 2015-03-02 15:18 - 00156360 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetFlt.sys
2015-03-02 15:18 - 2015-03-02 15:18 - 00141440 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetAdp.sys
2015-03-01 19:12 - 2015-03-01 19:12 - 00063769 _____ () C:\Users\******\Desktop\Bigband Konzert.odt
2015-02-28 15:13 - 2015-02-28 20:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sigel
2015-02-28 15:11 - 2015-02-28 15:11 - 01203488 _____ () C:\Users\******\Downloads\Visitenkarten in 2 Minuten - CHIP-Installer.exe
2015-02-28 08:56 - 2015-03-23 23:31 - 00001312 _____ () C:\Users\Public\Desktop\Leap Motion App Home.lnk
2015-02-25 15:28 - 2013-09-30 16:26 - 00019152 ____N () C:\WINDOWS\system32\pwdrvio.sys
2015-02-25 15:28 - 2013-09-30 16:26 - 00012504 ____N () C:\WINDOWS\system32\pwdspio.sys
2015-02-25 15:14 - 2015-01-14 11:28 - 03066880 _____ () C:\WINDOWS\system32\pwNative.exe
2015-02-25 15:12 - 2015-02-25 15:14 - 00000000 ____D () C:\Program Files (x86)\MiniTool Partition Wizard Free 9.0
2015-02-25 15:12 - 2015-02-25 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Free 9.0
2015-02-25 15:10 - 2015-02-25 15:10 - 01203488 _____ () C:\Users\******\Downloads\Partition Wizard Home Edition - CHIP-Installer.exe
2015-02-25 14:49 - 2015-02-25 15:08 - 00000000 ____D () C:\Backup
2015-02-25 06:58 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-25 06:58 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-24 18:00 - 2015-02-24 18:05 - 239433883 _____ () C:\Users\******\Downloads\cm12.0_golden.nova.20150214.ODIN_TWRP.zip
2015-02-24 17:32 - 2015-02-24 17:32 - 11029139 _____ () C:\Users\******\Downloads\CWM_6.0.4.5_Spec-Assert_fixed.zip
2015-02-23 16:48 - 2015-02-23 16:48 - 01192075 _____ () C:\Users\******\Desktop\UPDATE-SuperSU-v1.51.zip
2015-02-23 16:39 - 2010-08-27 05:32 - 00069120 _____ (Nokia) C:\WINDOWS\system32\nmwcdclsx64.dll
2015-02-23 16:38 - 2015-02-23 16:38 - 00000000 ____D () C:\Program Files\SAMSUNG
2015-02-23 16:19 - 2015-02-23 16:20 - 01203488 _____ () C:\Users\******\Downloads\Odin3 - CHIP-Installer.exe
2015-02-23 16:15 - 2015-02-23 16:16 - 01203488 _____ () C:\Users\******\Downloads\I8190XXAMA1_I8190OXAAMA1_4.1.2_rooted_by_infected_V2 - CHIP-Installer.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-24 10:23 - 2015-02-08 22:18 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-24 10:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-24 09:57 - 2015-02-08 21:52 - 00001148 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1481936226-3761452550-2346937436-1002UA.job
2015-03-24 09:50 - 2014-10-12 15:15 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-24 09:28 - 2014-01-17 23:05 - 01094742 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-24 09:19 - 2013-12-12 11:05 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-03-24 09:17 - 2013-11-14 08:27 - 00006882 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-24 09:17 - 2013-11-14 08:11 - 00926930 _____ () C:\WINDOWS\system32\perfh007.dat
2015-03-24 09:17 - 2013-11-14 08:11 - 00220360 _____ () C:\WINDOWS\system32\perfc007.dat
2015-03-24 09:12 - 2014-03-06 20:28 - 00007830 _____ () C:\WINDOWS\system32\debug.log
2015-03-24 09:12 - 2014-01-18 07:24 - 00000000 ___DO () C:\Users\******\SkyDrive
2015-03-24 09:10 - 2015-02-08 22:18 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-24 09:10 - 2014-05-01 14:02 - 00041921 _____ () C:\WINDOWS\setupact.log
2015-03-24 09:09 - 2014-04-29 20:40 - 00708918 _____ () C:\WINDOWS\PFRO.log
2015-03-24 09:09 - 2014-01-17 23:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-24 09:09 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-24 09:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-03-24 09:08 - 2014-01-30 16:42 - 00000000 ____D () C:\AdwCleaner
2015-03-24 09:08 - 2014-01-17 23:09 - 00000000 ____D () C:\Users\******
2015-03-23 23:31 - 2014-04-29 20:42 - 00117848 _____ () C:\WINDOWS\DPINST.LOG
2015-03-23 23:31 - 2014-02-12 15:25 - 00000000 ____D () C:\ProgramData\Leap Motion
2015-03-23 23:30 - 2014-03-01 09:35 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-23 23:30 - 2014-02-12 15:24 - 00000000 ____D () C:\Program Files (x86)\Leap Motion
2015-03-23 23:25 - 2015-02-08 21:52 - 00001096 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1481936226-3761452550-2346937436-1002Core.job
2015-03-23 23:25 - 2014-02-06 23:08 - 00000000 ____D () C:\WINDOWS\Minidump
2015-03-23 23:10 - 2013-12-25 19:29 - 00000000 ____D () C:\Users\******\Desktop\Spiele
2015-03-23 22:08 - 2013-12-29 09:07 - 00000000 ____D () C:\Users\******\AppData\Roaming\Skype
2015-03-23 21:10 - 2014-09-13 18:10 - 00000308 _____ () C:\WINDOWS\Tasks\DLL-Files FixerASKUSER.job
2015-03-23 18:06 - 2013-12-29 09:07 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-23 18:06 - 2013-12-29 09:07 - 00000000 ____D () C:\ProgramData\Skype
2015-03-23 14:00 - 2015-02-08 22:22 - 00000000 ____D () C:\ProgramData\panda_url_filtering
2015-03-22 19:34 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-22 14:07 - 2013-08-22 15:44 - 05363216 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-22 14:04 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-22 14:01 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-22 14:01 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-22 14:01 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-22 14:01 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-22 14:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-22 14:01 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-22 14:01 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-22 10:27 - 2014-05-14 19:39 - 00134580 _____ () C:\WINDOWS\DirectX.log
2015-03-21 19:52 - 2014-03-18 15:09 - 00000000 ____D () C:\Users\Public\Documents\MAGIX
2015-03-21 19:51 - 2014-03-18 15:08 - 00000000 ____D () C:\ProgramData\MAGIX
2015-03-21 19:51 - 2014-03-17 19:39 - 00000000 ____D () C:\Users\******\AppData\Roaming\MAGIX
2015-03-21 19:50 - 2014-03-18 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2015-03-21 19:43 - 2014-03-18 15:08 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2015-03-21 19:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Help
2015-03-20 20:26 - 2014-03-18 20:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-20 20:26 - 2013-12-12 11:06 - 00000000 ____D () C:\Temp
2015-03-20 20:24 - 2014-01-17 23:05 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-20 20:12 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-20 20:03 - 2013-12-29 13:51 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-20 19:54 - 2014-02-20 16:01 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-20 19:46 - 2013-12-29 13:51 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-16 20:47 - 2014-02-20 17:21 - 00000000 ____D () C:\Users\******\Documents\Schule
2015-03-13 17:16 - 2015-01-23 16:27 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-03-13 17:16 - 2014-03-18 20:10 - 01099408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-03-13 17:16 - 2014-01-17 23:05 - 06861968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-03-13 17:16 - 2014-01-17 23:05 - 03526856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-03-13 17:16 - 2014-01-17 23:05 - 02559808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-03-13 17:16 - 2014-01-17 23:05 - 00935056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-03-13 17:16 - 2014-01-17 23:05 - 00386248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-03-13 17:16 - 2014-01-17 23:05 - 00075976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-03-11 14:10 - 2014-01-17 23:05 - 04246327 _____ () C:\WINDOWS\system32\nvcoproc.bin
2015-03-11 07:25 - 2015-01-31 22:57 - 00000000 ____D () C:\Users\******\Desktop\Musik Handy
2015-03-11 07:05 - 2014-04-03 19:49 - 00000000 ____D () C:\Users\******\AppData\Roaming\Spotify
2015-03-08 19:44 - 2014-03-16 19:45 - 00000000 ____D () C:\Users\******\AppData\Roaming\Audacity
2015-03-08 19:44 - 2013-12-31 15:22 - 00000000 ____D () C:\Users\******\AppData\Roaming\vlc
2015-03-07 12:19 - 2014-02-14 18:08 - 00000000 ____D () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-03-07 12:15 - 2014-02-14 17:59 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-07 11:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-03-07 10:47 - 2014-02-12 15:26 - 00000000 ____D () C:\Users\******\AppData\Local\Airspace
2015-03-07 10:35 - 2014-07-04 21:41 - 00000000 ____D () C:\Users\******\.VirtualBox
2015-03-06 18:30 - 2015-02-09 22:01 - 00000424 ____H () C:\WINDOWS\Tasks\{E4175FC2-DAAC-4D63-8D2B-F2A64AA7BD2C}.job
2015-03-06 18:10 - 2014-07-04 21:41 - 00000000 ____D () C:\Users\******\VirtualBox VMs
2015-03-06 16:23 - 2014-04-03 19:51 - 00000000 ____D () C:\Users\******\AppData\Local\Spotify
2015-02-28 10:01 - 2013-06-26 23:19 - 00000000 ____D () C:\dell
2015-02-25 18:29 - 2014-05-29 14:20 - 00000000 ____D () C:\ProgramData\Origin
2015-02-25 15:12 - 2014-05-29 14:20 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-24 17:31 - 2014-02-20 22:45 - 00000382 _____ () C:\Users\******\Desktop\MASSE STICK (D) - Verknüpfung.lnk
2015-02-23 16:39 - 2014-08-16 10:54 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-02-23 16:14 - 2015-02-21 10:56 - 00002248 _____ () C:\Users\******\Desktop\lückenbestücken.txt

==================== Files in the root of some directories =======

2014-05-16 17:14 - 2014-05-16 17:14 - 0000132 _____ () C:\Users\******\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen
2014-07-04 21:27 - 2014-07-04 22:43 - 1177208 _____ () C:\Users\******\AppData\Roaming\AndyCleanupTool.exe
2014-07-04 21:27 - 2014-07-04 22:43 - 1176696 _____ () C:\Users\******\AppData\Roaming\AndyCleanVM.exe
2014-09-13 18:19 - 2014-09-13 18:19 - 0000000 _____ () C:\Users\******\AppData\Roaming\gdfw.log
2014-09-13 18:19 - 2014-09-13 18:19 - 0000779 _____ () C:\Users\******\AppData\Roaming\gdscan.log
2014-01-07 20:56 - 2014-01-07 20:56 - 0000095 _____ () C:\Users\******\AppData\Local\fusioncache.dat
2014-05-04 12:47 - 2014-05-04 12:47 - 0001546 _____ () C:\Users\******\AppData\Local\RecConfig.xml
2014-09-02 15:37 - 2014-09-02 15:37 - 0000896 _____ () C:\Users\******\AppData\Local\recently-used.xbel
2014-04-06 06:20 - 2014-10-17 21:55 - 0007599 _____ () C:\Users\******\AppData\Local\resmon.resmoncfg
2013-12-12 11:05 - 2013-12-12 11:05 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-12-12 11:01 - 2013-12-12 11:02 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-12-12 11:03 - 2013-12-12 11:04 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-12-12 11:01 - 2013-12-12 11:01 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-12-12 11:04 - 2013-12-12 11:05 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Files to move or delete:
====================
C:\Windows\Tasks\{E4175FC2-DAAC-4D63-8D2B-F2A64AA7BD2C}.job


Some content of TEMP:
====================
C:\Users\******\AppData\Local\Temp\avgnt.exe
C:\Users\******\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\******\AppData\Local\Temp\CreativeCloudSet-Up.exe
C:\Users\******\AppData\Local\Temp\dateinj01.dll
C:\Users\******\AppData\Local\Temp\drm_dialogs.dll
C:\Users\******\AppData\Local\Temp\drm_dyndata_7400008.dll
C:\Users\******\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\******\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\******\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\******\AppData\Local\Temp\mgxoschk.dll
C:\Users\******\AppData\Local\Temp\MgxVistaTools.dll
C:\Users\******\AppData\Local\Temp\npp.6.7.4.Installer.exe
C:\Users\******\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\******\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\******\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\******\AppData\Local\Temp\nvStInst.exe
C:\Users\******\AppData\Local\Temp\sdanircmdc.exe
C:\Users\******\AppData\Local\Temp\sdapskill.exe
C:\Users\******\AppData\Local\Temp\sdaspwn.exe
C:\Users\******\AppData\Local\Temp\SkypeSetup.exe
C:\Users\******\AppData\Local\Temp\tmd_34015596.exe
C:\Users\******\AppData\Local\Temp\unwise.exe
C:\Users\******\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\******\AppData\Local\Temp\xmlUpdater.exe
C:\Users\******\AppData\Local\Temp\_is3400.exe
C:\Users\******\AppData\Local\Temp\{98FE302D-7ADF-468E-BD7F-C22045491D76}.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-30 14:19

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---


So, das müsste es gewesen sein...

Es grüßt, Massenmensch.

Geändert von Massenmensch (24.03.2015 um 11:16 Uhr)

Alt 24.03.2015, 17:43   #5
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8: Zwei Trojaner im selben Ordner, alles sicher? - Standard

Windows 8: Zwei Trojaner im selben Ordner, alles sicher?




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.03.2015, 18:21   #6
Massenmensch
 
Windows 8: Zwei Trojaner im selben Ordner, alles sicher? - Standard

ESET



So... ESET läuft, braucht aber noch ein bisschen (kein Wunder bei 0,5 TB Daten auf der Festplatte ). Melde mich dann später nochmal...

Bis dann,

Massenmensch

Alt 25.03.2015, 09:09   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8: Zwei Trojaner im selben Ordner, alles sicher? - Standard

Windows 8: Zwei Trojaner im selben Ordner, alles sicher?



ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.03.2015, 10:46   #8
Massenmensch
 
Windows 8: Zwei Trojaner im selben Ordner, alles sicher? - Standard

ESET erfolgreich, SecurityCheck nicht...



So...
ESET ist erfolgreich durchgelaufen, hat aber 30 Dateien gefunden.

~~~LOGS~~~

ESET:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=7c19386227ee8640b3a622f1e0509b6f
# engine=23058
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-24 11:41:46
# local_time=2015-03-25 12:41:46 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 214820 10222416 0 0
# scanned=920257
# found=30
# cleaned=0
# scan_time=23186
sh=F5860D75BE06C15152233BBBB10B4F9427AF24AF ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AppsGeyser.B evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1481936226-3761452550-2346937436-1002\$R62BJ5D.apk"
sh=4370E4F60FB96627C6AD4F4820A4FA8A61F8EC29 ft=1 fh=3b60eb1472d7e959 vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1481936226-3761452550-2346937436-1002\$R63I109.exe"
sh=E3DBE85EE28DAE87B82A12F472D2721BE7AF85F1 ft=1 fh=0747bc396f6aa6f9 vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1481936226-3761452550-2346937436-1002\$RAL1I1Q.exe"
sh=2D47123B8608D4818326B72C005E229E93FBC145 ft=1 fh=ac498f0af5877273 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1481936226-3761452550-2346937436-1002\$RMS7L4L.exe"
sh=4370E4F60FB96627C6AD4F4820A4FA8A61F8EC29 ft=1 fh=3b60eb1472d7e959 vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1481936226-3761452550-2346937436-1002\$RT8MT0I.exe"
sh=8B73E6CC95E14F6D2BC3F55C62A6FF9D7979B168 ft=1 fh=70f2756a00a72489 vn="Win32/BundleLoader.B evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1481936226-3761452550-2346937436-1002\$RWDGY7Q.exe"
sh=87F0C80D829248D28AF737B1F24671B860A5FE44 ft=1 fh=b73fba368dc1806f vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe.vir"
sh=91DC006B84C4F51ADCADC1BB498E3376FC40130E ft=1 fh=c3b5952672b90e6f vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir"
sh=43F30D297BD0E20FC2BEF7CF049B4D1C6D5C43AB ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.E evtl. unerwünschte Anwendung" ac=I fn="C:\Backup\download\getapk.co.1.6.93.apk"
sh=21EEE9DD961EC98171EA4D67FFE345D75BC989EC ft=1 fh=c71c0011480feaa6 vn="Variante von Win32/Toolbar.SearchSuite.P evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Free Screen To Video\Helper.dll"
sh=9279B4584121A5D0AE482A4011C8E1C7FCD2FAF3 ft=1 fh=309830e801f5ad07 vn="Variante von Win32/KoyoteLab.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Free Screen To Video\Uninstall.exe"
sh=15219C0F274C5C9956981C91ABEC5D4E3A1F6442 ft=1 fh=3fec66b3c1704bce vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe"
sh=41DE1AFF8AC7BF30EA7F952825E02FA6EC6A306D ft=1 fh=cfbb424d50a0cab5 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\pandasecuritytb\dtUser.exe"
sh=30E5E6B0B58E73CADC4D59EE657E07E5AE9F5813 ft=1 fh=f84afab4951a6e89 vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll"
sh=81374ADC5FD8E52504FA3E9A88C38EAA56058384 ft=1 fh=2c5c7dc7e05fe486 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\pandasecuritytb\pandasecuritytb.dll"
sh=B220378A5BF471164F89D187B202F3C87A1A0DEA ft=1 fh=9c19cdffb1d463ae vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\******\AppData\Local\Temp\Dn9pnvxB.exe.part"
sh=4552B652E80C8CAEC8B40FE72352FBD23F55E3F2 ft=1 fh=55912cd62853b6de vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\******\AppData\Local\Temp\{98FE302D-7ADF-468E-BD7F-C22045491D76}.exe"
sh=5002FD8CC026149119FB423A2AE4D8E7459FBE10 ft=1 fh=484528c6c0408215 vn="Win32/ClickAdvanced.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\******\AppData\Local\Temp\dlmCBCD.tmp\new_MVP_Downloader_Converter.exe"
sh=47B19AB97028D8925579BED54EFEE88C8107D6B6 ft=1 fh=34f71966959b3eb8 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\******\AppData\Local\Temp\DMR\dmr_72.exe"
sh=F5860D75BE06C15152233BBBB10B4F9427AF24AF ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AppsGeyser.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\******\Downloads\-Vertretungsplan_9.2.apk"
sh=6F4CC0CEE2881F282593EBF084448DA3B97E709A ft=1 fh=b2dfbd5d5e5a396f vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\******\Downloads\HTML Editor Phase - CHIP-Installer.exe"
sh=9DD70DD3D1772B194F52DD649A4CC27D3326478B ft=1 fh=774a203150c16457 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\******\Downloads\I8190XXAMA1_I8190OXAAMA1_4.1.2_rooted_by_infected_V2 - CHIP-Installer.exe"
sh=49B76E2F0C4440462CE7A245D00AFA52EB576C34 ft=1 fh=639caa2dff0ef4f0 vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\******\Downloads\ispd-Downloader (1).exe"
sh=4E1DA3E2F90B78C47E7E4AFC2E7180F3A3AF5EE4 ft=1 fh=1542f2cf79c170ee vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\******\Downloads\Odin3 - CHIP-Installer.exe"
sh=593946DD4BE9C7E0344EAAF2F60166F56EE21953 ft=1 fh=2f3a3b390ddaa4f4 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\******\Downloads\Partition Wizard Home Edition - CHIP-Installer.exe"
sh=8A8BDD3E14928E51DF0DCE6F95221A299C76000C ft=1 fh=6f83c187e5e5372c vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\******\Downloads\Regin Scanner - CHIP-Installer.exe"
sh=F80E5DF43655E17453B2B23D92FFDD65085C1BAE ft=1 fh=daa452cf77f1714b vn="Win32/DownloadGuide.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\******\Downloads\Setup-Loksim3D-2-9-1_CB-DL-Manager.exe"
sh=4D022A2B33AE943D8FA622271B3F4CAE744A1509 ft=1 fh=ca34b1f01670cd5e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\******\Downloads\TopStyle - CHIP-Installer.exe"
sh=3C800414F7F589EFC70F236F21E5F62C457A43D5 ft=1 fh=ea747b6b88b6bed7 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\******\Downloads\VirtualBox - CHIP-Installer.exe"
sh=EF2C785CA2AC5E3ED101A0D1A1A2E1C1E25BAC95 ft=1 fh=95245476dfe92772 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\******\Downloads\Visitenkarten in 2 Minuten - CHIP-Installer.exe"
         
------
SecurityCheck zeigte mir aber jedes mal folgenden Error an:
checkup.txt
Code:
ATTFilter
 UNSUPPORTED OPERATING SYSTEM! ABORTED!
         
------
und FRST:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by ****** (administrator) on ******S-PC on 25-03-2015 09:30:39
Running from C:\Users\******\Desktop
Loaded Profiles: ****** (Available profiles: ****** & Administrator & Gast)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Leap Motion, Inc.) C:\Program Files (x86)\Leap Motion\Core Services\LeapSvc64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
() C:\Program Files (x86)\Skiller Pro\Monitor.EXE
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Dell) C:\Users\******\AppData\Local\Apps\2.0\LLG9VHQ8.GH9\KO4XLBTX.AGH\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
( ) C:\Program Files (x86)\devolo\dlan\frontend\plcnetui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Users\******\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Remote Control Server] => C:\Program Files (x86)\Remote Control Server\Remote Control Server.exe [5159424 2015-01-19] (Steppschuh)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-02] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-11-01] (Microsoft Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ContentTransferWMDetector.exe] => C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe [583016 2009-11-19] (Sony Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-06-23] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2020704 2014-08-05] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1960336 2014-09-02] ()
HKLM-x32\...\Run: [FileZilla Server Interface] => C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe [2448896 2014-09-19] (FileZilla Project)
HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Skiller Pro] => C:\Program Files (x86)\Skiller Pro\Monitor.exe [475136 2014-02-26] ()
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-02-17] (LogMeIn Inc.)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [Speech Recognition] => C:\WINDOWS\Speech\Common\sapisvr.exe [44032 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [RssReader] => C:\Program Files (x86)\RssReader\RssReader.exe [1077248 2004-04-04] (Ykoon)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [Leap Control Panel] => C:\Program Files (x86)\Leap Motion\Core Services\LeapControlPanel.exe [3609936 2015-03-21] (Leap Motion, Inc.)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [Spotify Web Helper] => C:\Users\******\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-11] (Spotify Ltd)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [Spotify] => C:\Users\******\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-11] (Spotify Ltd)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [Google Update] => C:\Users\******\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-05-09] (Google Inc.)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [Clownfish] => C:\Program Files (x86)\Clownfish\Clownfish.exe [1313536 2014-04-01] (Bogdan Sharkov)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-07] (Samsung)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [Remote Mouse] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [2042880 2014-08-25] (RemoteMouse.net)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [spotimote] => C:\Program Files (x86)\spotimote\spotimote.exe [2830248 2014-10-08] ()
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31346784 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [GoogleChromeAutoLaunch_D781C9BFB3A3BA37CC3EB8921F5CCF82] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-14] (Google Inc.)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Run: [DellSystemDetect] => C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-14] (Google Inc.)
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\devolo Cockpit.lnk
ShortcutTarget: devolo Cockpit.lnk -> C:\Program Files (x86)\devolo\dlan\frontend\plcnetui.exe ( )
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Identitaetsabfrage.bat ()
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MAGIX Video deluxe 2014.lnk
ShortcutTarget: MAGIX Video deluxe 2014.lnk -> C:\Program Files (x86)\MAGIX\Video deluxe 2014\Videodeluxe.exe (MAGIX Software GmbH)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-1481936226-3761452550-2346937436-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1481936226-3761452550-2346937436-1002 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3324427&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPAF1B23EF-781D-48EC-96E7-10E4407318A0&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1481936226-3761452550-2346937436-1002 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-1481936226-3761452550-2346937436-1002 -> {B4364FC7-BB80-4056-A87B-DBC5A26B5C36} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2014-10-17] ()
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-12-16] (Adblock Plus)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2014-09-02] (Wondershare)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-24] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll [2014-10-17] ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-24] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-12-16] (Adblock Plus)
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2014-10-17] ()
Toolbar: HKLM-x32 - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll [2014-10-17] ()
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ynwd5408.default
FF SearchEngineOrder.1: Google.at
FF Homepage: https://www.google.de/
FF Keyword.URL: https://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-08] ()
FF Plugin: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-01] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-24] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-02-20] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-01] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1481936226-3761452550-2346937436-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\******\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-1481936226-3761452550-2346937436-1002: @talk.google.com/O1DPlugin -> C:\Users\******\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-1481936226-3761452550-2346937436-1002: @tools.google.com/Google Update;version=3 -> C:\Users\******\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin HKU\S-1-5-21-1481936226-3761452550-2346937436-1002: @tools.google.com/Google Update;version=9 -> C:\Users\******\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin HKU\S-1-5-21-1481936226-3761452550-2346937436-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\******\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-06] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\******\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\******\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF SearchPlugin: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ynwd5408.default\searchplugins\youtube-videosuche.xml [2014-08-30]
FF Extension: Avira Browser Safety - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ynwd5408.default\Extensions\abs@avira.com [2015-03-02]
FF Extension: FireFTP - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ynwd5408.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-01-16]
FF Extension: Deutsch (DE) Language Pack - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ynwd5408.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2015-01-16]
FF Extension: Deutsch (DE) Language Pack - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ynwd5408.default\Extensions\langpack-de@Waterfox.mozilla.org.xpi [2014-08-30]
FF Extension: Session Manager - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ynwd5408.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-10-31]
FF Extension: Adblock Plus - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ynwd5408.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-16]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2014-09-11]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "https://www.google.de/", "hxxp://websearch.amaizingsearches.info/?pid=377&r=2014/04/07&hid=5936879317086436134&lg=EN&cc=DE&unqvl=51", "hxxp://google.com/", "hxxp://google.de/", "https://de.search.yahoo.com/?type=937811&fr=yo-yhp-ch"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\******\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-04-07]
CHR Extension: (YouTube) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-07]
CHR Extension: (Berlin Events) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopbgcbccpbkbficacifdijmlpdnddkf [2014-04-07]
CHR Extension: (Adblock Plus) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-17]
CHR Extension: (Google Search) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-07]
CHR Extension: (Session Buddy) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2014-04-07]
CHR Extension: (Floating YouTube Extension) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\egncdnniomonjgpjbapalkckojhkfddk [2014-11-12]
CHR Extension: (Yahoo!) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdhbkaahephniejapepaiggngjnedpci [2015-02-09]
CHR Extension: (Show Frame) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmgcfdnagjkihmgjhbiombjdcgckgnb [2015-01-18]
CHR Extension: (Google Keep - notes and lists) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-04-07]
CHR Extension: (ProxMate) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifalmiidchkjjmkkbkoaibpmoeichmki [2014-05-13]
CHR Extension: (Floating YouTube™) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjphmlaoffndcnecccgemfdaaoighkel [2014-11-12]
CHR Extension: (FullStream) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkchcbdilffpbpkknniliidiflhbagkl [2015-01-23]
CHR Extension: (Open Frame) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdhjgkkaacdhdioocfbpmhjidbinfajj [2015-01-18]
CHR Extension: (Wetter Berlin) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\klefihnmmfkcaoeebemdmeebbfdhlknm [2014-04-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-20]
CHR Extension: (Twitch Now) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk [2015-01-23]
CHR Extension: (Google Wallet) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-29]
CHR Extension: (Gmail) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-07]
CHR HKLM-x32\...\Chrome\Extension: [fdhbkaahephniejapepaiggngjnedpci] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-11-01] (Microsoft Corp.)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [406288 2014-06-23] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-06-23] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-06-23] (BlueStack Systems, Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2014-03-01] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2552528 2015-01-30] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201424 2015-01-30] (Dell Inc.)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3736520 2015-01-29] (devolo AG)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [772608 2014-09-19] (FileZilla Project) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
S3 GSService; C:\WINDOWS\SysWOW64\GSService.exe [444640 2014-07-28] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
R2 LeapService; C:\Program Files (x86)\Leap Motion\Core Services\LeapSvc64.exe [10166784 2015-03-21] (Leap Motion, Inc.) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-02-16] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
S2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-31] (Electronic Arts)
S2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
S2 panda_url_filtering; C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe [296760 2014-09-19] (Panda Security)
S2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1924328 2014-09-18] (SoftThinks SAS)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-02-19] (Dell Inc.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87736 2014-04-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]
S3 McAWFwk; C:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [X]
S2 McOobeSv2; "C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-06-23] (BlueStack Systems)
S3 CCUSBMIDI; C:\Windows\System32\Drivers\ccusbmid.sys [26624 2012-02-24] (CASIO COMPUTER CO., LTD.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-02-17] (LogMeIn Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
S3 MP4ConverterAudio; C:\Windows\system32\drivers\MP4ConverterAudio.sys [36064 2014-07-28] (Windows (R) Win 7 DDK provider)
S3 NdisImPlatformMp; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [126464 2014-10-29] (Microsoft Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [47360 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2015-01-29] (CACE Technologies)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 09:30 - 2015-03-25 09:31 - 00040255 _____ () C:\Users\******\Desktop\FRST.txt
2015-03-25 09:26 - 2015-03-25 09:26 - 00000041 _____ () C:\Users\******\Desktop\checkup.txt
2015-03-24 23:23 - 2015-03-24 23:24 - 00000085 _____ () C:\Users\******\Desktop\todo.txt
2015-03-24 21:53 - 2015-03-24 21:53 - 00000000 ____H () C:\Users\******\Documents\A76269CE35ADACDF.dat
2015-03-24 21:49 - 2015-03-24 21:49 - 00000136 _____ () C:\WINDOWS\ODBC.INI
2015-03-24 21:49 - 2015-03-24 21:49 - 00000000 ____D () C:\Users\******\Documents\Profile1
2015-03-24 18:20 - 2015-03-24 18:21 - 00852604 _____ () C:\Users\******\Desktop\SecurityCheck.exe
2015-03-24 18:13 - 2015-03-24 18:13 - 02347384 _____ (ESET) C:\Users\******\Downloads\esetsmartinstaller_deu.exe
2015-03-24 11:27 - 2015-03-24 11:27 - 00000000 ____D () C:\WINDOWS\Sun
2015-03-24 11:26 - 2015-03-24 11:24 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-03-24 11:24 - 2015-03-24 11:24 - 00560552 _____ (Oracle Corporation) C:\Users\******\Downloads\jre-8u40-windows-i586-iftw.exe
2015-03-24 09:19 - 2015-03-24 10:47 - 00000884 _____ () C:\Users\******\Desktop\JRT.txt
2015-03-24 09:15 - 2015-03-24 09:15 - 00006267 _____ () C:\Users\******\Desktop\AdwCleaner[S3].txt
2015-03-24 09:10 - 2014-03-25 14:15 - 00060400 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2015-03-24 09:08 - 2015-03-24 09:11 - 00001780 _____ () C:\Users\******\Desktop\Google Keep.lnk
2015-03-24 09:08 - 2015-03-24 09:08 - 00001049 _____ () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-24 00:02 - 2015-03-24 09:07 - 00009999 _____ () C:\Users\******\Desktop\mbam.txt
2015-03-23 23:33 - 2015-03-23 23:33 - 02168320 _____ () C:\Users\******\Desktop\AdwCleaner_4.113.exe
2015-03-23 23:33 - 2015-03-23 23:33 - 01388782 _____ (Thisisu) C:\Users\******\Desktop\JRT.exe
2015-03-23 23:31 - 2015-03-23 23:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leap Motion
2015-03-23 23:25 - 2015-03-23 23:25 - 00488088 _____ () C:\WINDOWS\Minidump\032315-26625-01.dmp
2015-03-23 23:11 - 2015-03-23 23:35 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-23 23:10 - 2015-03-23 23:10 - 00001172 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-23 23:10 - 2015-03-23 23:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-23 23:10 - 2015-03-23 23:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-23 23:10 - 2015-03-23 23:10 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-23 23:10 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-23 23:10 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-23 23:10 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-23 23:07 - 2015-03-23 23:07 - 00001340 _____ () C:\Users\******\Desktop\Revo Uninstaller.lnk
2015-03-23 23:07 - 2015-03-23 23:07 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-23 22:13 - 2015-03-23 22:56 - 00000493 _____ () C:\Users\******\Desktop\GMER.txt
2015-03-23 22:00 - 2015-03-23 22:02 - 00000476 _____ () C:\Users\******\Desktop\defogger_disable.log
2015-03-23 21:58 - 2015-03-25 09:30 - 00000000 ____D () C:\FRST
2015-03-23 21:58 - 2015-03-23 21:58 - 00000000 _____ () C:\Users\******\defogger_reenable
2015-03-23 21:57 - 2015-03-23 21:57 - 00050477 _____ () C:\Users\******\Desktop\Defogger.exe
2015-03-23 21:55 - 2015-03-23 21:55 - 02095616 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2015-03-23 21:54 - 2015-03-23 21:54 - 00380416 _____ () C:\Users\******\Desktop\k501derz.exe
2015-03-23 21:39 - 2015-03-23 21:40 - 01203488 _____ () C:\Users\******\Downloads\Regin Scanner - CHIP-Installer.exe
2015-03-23 18:14 - 2015-03-23 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\River-Simulator 2012 - Demo
2015-03-23 18:13 - 2015-03-23 18:13 - 00000000 ____D () C:\Program Files (x86)\River-Simulator 2012 - Demo
2015-03-23 18:06 - 2015-03-23 18:06 - 00000000 ____D () C:\Users\******\Tracing
2015-03-22 14:08 - 2015-03-04 22:24 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-22 14:08 - 2015-03-04 22:24 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-22 10:31 - 2015-03-22 10:55 - 00000000 ____D () C:\Users\******\AppData\Roaming\Rettungswagen Simulator 2014 Demo
2015-03-22 10:31 - 2015-03-22 10:32 - 00000000 ____D () C:\Users\******\Documents\Rettungswagen Simulator 2014 Demo
2015-03-22 10:31 - 2015-03-22 10:31 - 00000000 ____D () C:\ProgramData\RTWS2014DEMO
2015-03-22 10:28 - 2015-03-22 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rettungswagen Simulator 2014 Demo
2015-03-22 10:22 - 2015-03-22 10:28 - 00000000 ____D () C:\Program Files (x86)\Rettungswagen Simulator 2014 Demo
2015-03-22 10:21 - 2015-03-22 10:27 - 218461259 _____ () C:\Users\******\Downloads\Schiff-Simulator2012-Demo_Setup.zip
2015-03-22 10:01 - 2015-03-22 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Schwebebahn-Simulator 2013 Demo
2015-03-22 10:00 - 2015-03-22 10:00 - 00000000 ____D () C:\Program Files (x86)\rondomedia
2015-03-22 09:52 - 2015-03-22 09:55 - 179712052 _____ () C:\Users\******\Downloads\Schwebebahn-Simulator2013_simuwelt_Demo Setup.zip
2015-03-22 09:51 - 2015-03-22 10:11 - 1682428100 _____ () C:\Users\******\Downloads\rtws2014-demo-1.0a.zip
2015-03-22 09:19 - 2015-03-22 09:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Airport Simulator 2013 Demo
2015-03-22 09:19 - 2015-03-22 09:19 - 00000000 ____D () C:\Program Files (x86)\Airport Simulator 2013 Demo
2015-03-22 09:18 - 2015-03-22 09:18 - 50171380 _____ () C:\Users\******\Downloads\Airport-Simulator2013_simuwelt_Demo.zip
2015-03-21 21:19 - 2015-03-21 21:19 - 00000000 ____D () C:\Users\******\AppData\Roaming\Open Rails
2015-03-21 20:42 - 2015-03-21 20:42 - 00001082 _____ () C:\Users\Public\Desktop\Open Rails.lnk
2015-03-21 20:42 - 2015-03-21 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open Rails
2015-03-21 20:42 - 2015-03-21 20:42 - 00000000 ____D () C:\Program Files (x86)\Open Rails
2015-03-21 20:41 - 2015-03-21 20:41 - 23850158 _____ (Open Rails ) C:\Users\******\Downloads\setup_OR_pre-v1.0_from_download.exe
2015-03-21 20:20 - 2015-03-21 20:39 - 00000000 ____D () C:\Users\******\AppData\Local\Loksim3D
2015-03-21 20:20 - 2015-03-21 20:34 - 00000000 ____D () C:\Program Files (x86)\Loksim3D
2015-03-21 20:20 - 2015-03-21 20:25 - 00000000 ____D () C:\Users\Public\Documents\Loksim3D
2015-03-21 20:20 - 2015-03-21 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Loksim3D
2015-03-21 20:15 - 2015-03-21 20:17 - 120920998 _____ () C:\Users\******\Downloads\Setup-Loksim3D-2-9-1.zip
2015-03-21 20:14 - 2015-03-21 20:14 - 00373824 _____ () C:\Users\******\Downloads\Setup-Loksim3D-2-9-1_CB-DL-Manager.exe
2015-03-21 15:12 - 2015-03-21 15:24 - 436138144 _____ (MAGIX Software GmbH) C:\Users\******\Downloads\music_maker_2015_dlv_chip_de_20140827_13-38.exe
2015-03-20 20:25 - 2015-03-13 16:38 - 00622224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-03-20 20:22 - 2015-03-13 20:41 - 32114888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 25460880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 24775368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 20466376 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 18580512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 17258024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 16022016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 14121624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 13297144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 13210080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 10775080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 10715864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 10262160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-03-20 20:22 - 2015-03-13 20:41 - 03611792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 03303448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 03249352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 02906928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 01896136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434788.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434788.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 00997856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 00970384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 00944784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 00930448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 00909512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 00878328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 00354112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 00306208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 00178512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 00164568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-03-20 20:22 - 2015-03-13 20:41 - 00032456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2015-03-20 20:22 - 2015-03-13 20:41 - 00027441 _____ () C:\WINDOWS\system32\nvinfo.pb
2015-03-11 07:39 - 2015-03-06 03:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-11 07:39 - 2015-03-06 03:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-03-11 07:39 - 2015-02-26 00:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-11 07:39 - 2015-02-04 00:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-11 07:39 - 2015-02-04 00:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-11 07:39 - 2015-02-04 00:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-11 07:39 - 2015-02-03 00:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-11 07:39 - 2015-02-03 00:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-03-11 07:39 - 2015-01-31 00:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-03-11 07:39 - 2015-01-31 00:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-03-11 07:39 - 2015-01-29 02:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-03-11 07:39 - 2015-01-29 02:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-03-11 07:39 - 2015-01-27 04:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-03-11 07:39 - 2015-01-24 02:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-03-11 07:39 - 2015-01-23 08:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-03-11 07:39 - 2015-01-23 06:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-03-11 07:38 - 2015-02-20 04:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-03-11 07:38 - 2015-02-20 03:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-03-11 07:38 - 2015-02-20 03:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-03-11 07:38 - 2015-02-20 03:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-03-11 07:38 - 2015-02-07 00:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-11 07:38 - 2015-02-06 02:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-03-11 07:38 - 2015-02-06 02:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-03-11 07:38 - 2015-02-05 21:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-03-11 07:38 - 2015-02-03 01:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-03-11 07:38 - 2015-02-03 01:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-03-11 07:38 - 2015-01-31 00:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-03-11 07:38 - 2015-01-30 04:01 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-03-11 07:38 - 2015-01-30 03:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-03-11 07:38 - 2015-01-30 03:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-03-11 07:38 - 2015-01-30 03:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-03-11 07:38 - 2015-01-30 02:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-03-11 07:38 - 2015-01-30 02:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-03-11 07:38 - 2015-01-30 02:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-03-11 07:38 - 2015-01-30 02:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-03-11 07:38 - 2015-01-30 02:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-03-11 07:38 - 2015-01-30 02:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-03-11 07:38 - 2015-01-30 02:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-03-11 07:38 - 2015-01-30 02:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-03-11 07:38 - 2015-01-30 02:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-03-11 07:38 - 2015-01-30 02:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-03-11 07:38 - 2015-01-29 02:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-11 07:38 - 2015-01-29 02:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-03-11 07:38 - 2015-01-29 02:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-03-11 07:38 - 2015-01-29 02:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-11 07:38 - 2015-01-29 01:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-03-11 07:38 - 2015-01-29 01:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-03-11 07:38 - 2015-01-29 01:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-03-11 07:38 - 2015-01-29 01:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-03-11 07:38 - 2015-01-28 16:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-11 07:38 - 2015-01-28 16:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-11 07:38 - 2015-01-28 16:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-03-11 07:38 - 2015-01-28 03:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-03-11 07:38 - 2015-01-28 02:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-03-11 07:38 - 2015-01-27 05:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-11 07:38 - 2015-01-27 03:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-11 07:37 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-11 07:37 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-11 07:37 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-11 07:37 - 2015-02-21 01:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-03-11 07:37 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-11 07:37 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-11 07:37 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-11 07:37 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-11 07:37 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-11 07:37 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-11 07:37 - 2015-02-20 03:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-11 07:37 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-11 07:37 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-11 07:37 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-11 07:37 - 2015-02-20 03:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-11 07:37 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-03-11 07:37 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-11 07:37 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-11 07:37 - 2015-02-20 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-11 07:37 - 2015-02-20 02:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-03-11 07:37 - 2015-02-20 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-11 07:37 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-11 07:37 - 2015-02-20 02:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-11 07:37 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-11 07:37 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-11 07:37 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-11 07:37 - 2015-02-20 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-03-11 07:37 - 2015-02-20 02:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-11 07:37 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-11 07:37 - 2015-02-20 02:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-03-11 07:37 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-11 07:37 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-11 07:37 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-11 07:37 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-11 07:37 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-03-11 07:37 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-11 07:37 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-03-11 07:37 - 2015-02-12 18:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-11 07:37 - 2015-02-12 18:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-11 07:37 - 2015-02-08 00:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-03-11 07:37 - 2015-02-08 00:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-03-11 07:37 - 2015-01-29 19:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-11 07:37 - 2015-01-29 19:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-11 07:37 - 2015-01-28 02:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-11 07:37 - 2015-01-28 02:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-11 07:37 - 2015-01-28 00:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-03-11 07:37 - 2015-01-28 00:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-03-11 07:37 - 2015-01-21 06:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-11 07:37 - 2015-01-21 06:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-03-11 07:37 - 2014-12-11 06:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-03-11 07:02 - 2015-03-11 07:02 - 01142192 _____ () C:\WINDOWS\Minidump\031115-35765-01.dmp
2015-03-11 07:01 - 2015-03-23 23:25 - 740588065 _____ () C:\WINDOWS\MEMORY.DMP
2015-03-10 18:31 - 2015-03-10 18:32 - 00166935 _____ () C:\Users\******\Downloads\xape.rar
2015-03-08 19:31 - 2015-03-08 19:38 - 00000000 ____D () C:\Users\******\Desktop\Chips
2015-03-07 12:04 - 2015-03-07 21:17 - 00000000 ____D () C:\Users\******\AppData\Local\LogMeIn Hamachi
2015-03-07 12:02 - 2015-03-07 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-03-07 12:02 - 2015-03-07 12:02 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-03-06 19:06 - 2015-03-24 14:14 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1481936226-3761452550-2346937436-1002
2015-03-06 18:55 - 2015-03-06 18:55 - 00000000 ___HD () C:\WINDOWS\AxInstSV
2015-03-06 16:00 - 2015-03-06 16:31 - 4225595392 _____ () C:\Users\******\Downloads\Windows10_TechnicalPreview_x64_DE-DE_9926 (1).iso
2015-03-05 20:04 - 2015-03-05 20:04 - 00001134 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2015-03-05 20:04 - 2015-03-05 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-03-05 20:04 - 2015-03-05 20:04 - 00000000 ____D () C:\Program Files\Oracle
2015-03-05 20:04 - 2015-03-02 15:20 - 00922168 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2015-03-05 20:04 - 2015-03-02 15:18 - 00128592 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2015-03-05 20:01 - 2015-03-05 20:01 - 01203488 _____ () C:\Users\******\Downloads\VirtualBox - CHIP-Installer.exe
2015-03-02 15:18 - 2015-03-02 15:18 - 00204264 _____ (Oracle Corporation) C:\WINDOWS\system32\VBoxNetFltNobj.dll
2015-03-02 15:18 - 2015-03-02 15:18 - 00156360 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetFlt.sys
2015-03-02 15:18 - 2015-03-02 15:18 - 00141440 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetAdp.sys
2015-03-01 19:12 - 2015-03-01 19:12 - 00063769 _____ () C:\Users\******\Desktop\Bigband Konzert.odt
2015-02-28 15:13 - 2015-02-28 20:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sigel
2015-02-28 15:11 - 2015-02-28 15:11 - 01203488 _____ () C:\Users\******\Downloads\Visitenkarten in 2 Minuten - CHIP-Installer.exe
2015-02-28 08:56 - 2015-03-23 23:31 - 00001312 _____ () C:\Users\Public\Desktop\Leap Motion App Home.lnk
2015-02-25 15:28 - 2013-09-30 16:26 - 00019152 ____N () C:\WINDOWS\system32\pwdrvio.sys
2015-02-25 15:28 - 2013-09-30 16:26 - 00012504 ____N () C:\WINDOWS\system32\pwdspio.sys
2015-02-25 15:14 - 2015-01-14 11:28 - 03066880 _____ () C:\WINDOWS\system32\pwNative.exe
2015-02-25 15:12 - 2015-02-25 15:14 - 00000000 ____D () C:\Program Files (x86)\MiniTool Partition Wizard Free 9.0
2015-02-25 15:12 - 2015-02-25 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Free 9.0
2015-02-25 15:10 - 2015-02-25 15:10 - 01203488 _____ () C:\Users\******\Downloads\Partition Wizard Home Edition - CHIP-Installer.exe
2015-02-25 14:49 - 2015-02-25 15:08 - 00000000 ____D () C:\Backup
2015-02-25 06:58 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-25 06:58 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-24 18:00 - 2015-02-24 18:05 - 239433883 _____ () C:\Users\******\Downloads\cm12.0_golden.nova.20150214.ODIN_TWRP.zip
2015-02-24 17:32 - 2015-02-24 17:32 - 11029139 _____ () C:\Users\******\Downloads\CWM_6.0.4.5_Spec-Assert_fixed.zip
2015-02-23 16:48 - 2015-02-23 16:48 - 01192075 _____ () C:\Users\******\Desktop\UPDATE-SuperSU-v1.51.zip
2015-02-23 16:39 - 2010-08-27 05:32 - 00069120 _____ (Nokia) C:\WINDOWS\system32\nmwcdclsx64.dll
2015-02-23 16:38 - 2015-02-23 16:38 - 00000000 ____D () C:\Program Files\SAMSUNG
2015-02-23 16:19 - 2015-02-23 16:20 - 01203488 _____ () C:\Users\******\Downloads\Odin3 - CHIP-Installer.exe
2015-02-23 16:15 - 2015-02-23 16:16 - 01203488 _____ () C:\Users\******\Downloads\I8190XXAMA1_I8190OXAAMA1_4.1.2_rooted_by_infected_V2 - CHIP-Installer.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 09:23 - 2015-02-08 22:18 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-25 09:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-25 08:57 - 2015-02-08 21:52 - 00001148 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1481936226-3761452550-2346937436-1002UA.job
2015-03-25 08:50 - 2014-10-12 15:15 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-25 06:36 - 2014-01-17 23:05 - 01525634 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-25 05:04 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-24 23:18 - 2013-12-29 09:07 - 00000000 ____D () C:\Users\******\AppData\Roaming\Skype
2015-03-24 23:00 - 2013-12-12 11:05 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-03-24 22:45 - 2014-05-01 14:02 - 00042075 _____ () C:\WINDOWS\setupact.log
2015-03-24 22:23 - 2015-02-08 22:18 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-24 22:14 - 2013-12-29 08:50 - 00000000 ____D () C:\ProgramData\softthinks
2015-03-24 21:57 - 2015-02-08 21:52 - 00001096 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1481936226-3761452550-2346937436-1002Core.job
2015-03-24 21:52 - 2014-01-18 07:23 - 00000000 ____D () C:\Users\******\AppData\Local\Deployment
2015-03-24 21:10 - 2014-09-13 18:10 - 00000308 _____ () C:\WINDOWS\Tasks\DLL-Files FixerASKUSER.job
2015-03-24 11:26 - 2014-01-04 11:25 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-24 11:25 - 2014-11-01 09:23 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-24 11:24 - 2015-01-19 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-03-24 09:17 - 2013-11-14 08:27 - 00006882 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-24 09:17 - 2013-11-14 08:11 - 00926930 _____ () C:\WINDOWS\system32\perfh007.dat
2015-03-24 09:17 - 2013-11-14 08:11 - 00220360 _____ () C:\WINDOWS\system32\perfc007.dat
2015-03-24 09:12 - 2014-03-06 20:28 - 00007830 _____ () C:\WINDOWS\system32\debug.log
2015-03-24 09:12 - 2014-01-18 07:24 - 00000000 ___DO () C:\Users\******\SkyDrive
2015-03-24 09:09 - 2014-04-29 20:40 - 00708918 _____ () C:\WINDOWS\PFRO.log
2015-03-24 09:09 - 2014-01-17 23:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-24 09:09 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-24 09:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-03-24 09:08 - 2014-01-30 16:42 - 00000000 ____D () C:\AdwCleaner
2015-03-24 09:08 - 2014-01-17 23:09 - 00000000 ____D () C:\Users\******
2015-03-23 23:31 - 2014-04-29 20:42 - 00117848 _____ () C:\WINDOWS\DPINST.LOG
2015-03-23 23:31 - 2014-02-12 15:25 - 00000000 ____D () C:\ProgramData\Leap Motion
2015-03-23 23:30 - 2014-03-01 09:35 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-23 23:30 - 2014-02-12 15:24 - 00000000 ____D () C:\Program Files (x86)\Leap Motion
2015-03-23 23:25 - 2014-02-06 23:08 - 00000000 ____D () C:\WINDOWS\Minidump
2015-03-23 23:10 - 2013-12-25 19:29 - 00000000 ____D () C:\Users\******\Desktop\Spiele
2015-03-23 18:06 - 2013-12-29 09:07 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-23 18:06 - 2013-12-29 09:07 - 00000000 ____D () C:\ProgramData\Skype
2015-03-23 14:00 - 2015-02-08 22:22 - 00000000 ____D () C:\ProgramData\panda_url_filtering
2015-03-22 14:07 - 2013-08-22 15:44 - 05363216 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-22 14:04 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-22 14:01 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-22 14:01 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-22 14:01 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-22 14:01 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-22 14:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-22 14:01 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-22 14:01 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-22 10:27 - 2014-05-14 19:39 - 00134580 _____ () C:\WINDOWS\DirectX.log
2015-03-21 19:52 - 2014-03-18 15:09 - 00000000 ____D () C:\Users\Public\Documents\MAGIX
2015-03-21 19:51 - 2014-03-18 15:08 - 00000000 ____D () C:\ProgramData\MAGIX
2015-03-21 19:51 - 2014-03-17 19:39 - 00000000 ____D () C:\Users\******\AppData\Roaming\MAGIX
2015-03-21 19:50 - 2014-03-18 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2015-03-21 19:43 - 2014-03-18 15:08 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2015-03-21 19:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Help
2015-03-20 20:26 - 2014-03-18 20:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-20 20:26 - 2013-12-12 11:06 - 00000000 ____D () C:\Temp
2015-03-20 20:24 - 2014-01-17 23:05 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-20 20:12 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-20 20:03 - 2013-12-29 13:51 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-20 19:54 - 2014-02-20 16:01 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-20 19:46 - 2013-12-29 13:51 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-16 20:47 - 2014-02-20 17:21 - 00000000 ____D () C:\Users\******\Documents\Schule
2015-03-13 17:16 - 2015-01-23 16:27 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-03-13 17:16 - 2014-03-18 20:10 - 01099408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-03-13 17:16 - 2014-01-17 23:05 - 06861968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-03-13 17:16 - 2014-01-17 23:05 - 03526856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-03-13 17:16 - 2014-01-17 23:05 - 02559808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-03-13 17:16 - 2014-01-17 23:05 - 00935056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-03-13 17:16 - 2014-01-17 23:05 - 00386248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-03-13 17:16 - 2014-01-17 23:05 - 00075976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-03-11 14:10 - 2014-01-17 23:05 - 04246327 _____ () C:\WINDOWS\system32\nvcoproc.bin
2015-03-11 07:25 - 2015-01-31 22:57 - 00000000 ____D () C:\Users\******\Desktop\Musik Handy
2015-03-11 07:05 - 2014-04-03 19:49 - 00000000 ____D () C:\Users\******\AppData\Roaming\Spotify
2015-03-08 19:44 - 2014-03-16 19:45 - 00000000 ____D () C:\Users\******\AppData\Roaming\Audacity
2015-03-08 19:44 - 2013-12-31 15:22 - 00000000 ____D () C:\Users\******\AppData\Roaming\vlc
2015-03-07 12:19 - 2014-02-14 18:08 - 00000000 ____D () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-03-07 12:15 - 2014-02-14 17:59 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-07 11:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-03-07 10:47 - 2014-02-12 15:26 - 00000000 ____D () C:\Users\******\AppData\Local\Airspace
2015-03-07 10:35 - 2014-07-04 21:41 - 00000000 ____D () C:\Users\******\.VirtualBox
2015-03-06 18:30 - 2015-02-09 22:01 - 00000424 ____H () C:\WINDOWS\Tasks\{E4175FC2-DAAC-4D63-8D2B-F2A64AA7BD2C}.job
2015-03-06 18:10 - 2014-07-04 21:41 - 00000000 ____D () C:\Users\******\VirtualBox VMs
2015-03-06 16:23 - 2014-04-03 19:51 - 00000000 ____D () C:\Users\******\AppData\Local\Spotify
2015-02-28 10:01 - 2013-06-26 23:19 - 00000000 ____D () C:\dell
2015-02-25 18:29 - 2014-05-29 14:20 - 00000000 ____D () C:\ProgramData\Origin
2015-02-25 15:12 - 2014-05-29 14:20 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-24 17:31 - 2014-02-20 22:45 - 00000382 _____ () C:\Users\******\Desktop\MASSE STICK (D) - Verknüpfung.lnk
2015-02-23 16:39 - 2014-08-16 10:54 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-02-23 16:14 - 2015-02-21 10:56 - 00002248 _____ () C:\Users\******\Desktop\lückenbestücken.txt

==================== Files in the root of some directories =======

2014-05-16 17:14 - 2014-05-16 17:14 - 0000132 _____ () C:\Users\******\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen
2014-07-04 21:27 - 2014-07-04 22:43 - 1177208 _____ () C:\Users\******\AppData\Roaming\AndyCleanupTool.exe
2014-07-04 21:27 - 2014-07-04 22:43 - 1176696 _____ () C:\Users\******\AppData\Roaming\AndyCleanVM.exe
2014-09-13 18:19 - 2014-09-13 18:19 - 0000000 _____ () C:\Users\******\AppData\Roaming\gdfw.log
2014-09-13 18:19 - 2014-09-13 18:19 - 0000779 _____ () C:\Users\******\AppData\Roaming\gdscan.log
2014-01-07 20:56 - 2014-01-07 20:56 - 0000095 _____ () C:\Users\******\AppData\Local\fusioncache.dat
2014-05-04 12:47 - 2014-05-04 12:47 - 0001546 _____ () C:\Users\******\AppData\Local\RecConfig.xml
2014-09-02 15:37 - 2014-09-02 15:37 - 0000896 _____ () C:\Users\******\AppData\Local\recently-used.xbel
2014-04-06 06:20 - 2014-10-17 21:55 - 0007599 _____ () C:\Users\******\AppData\Local\resmon.resmoncfg
2013-12-12 11:05 - 2013-12-12 11:05 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-12-12 11:01 - 2013-12-12 11:02 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-12-12 11:03 - 2013-12-12 11:04 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-12-12 11:01 - 2013-12-12 11:01 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-12-12 11:04 - 2013-12-12 11:05 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Files to move or delete:
====================
C:\Windows\Tasks\{E4175FC2-DAAC-4D63-8D2B-F2A64AA7BD2C}.job


Some content of TEMP:
====================
C:\Users\******\AppData\Local\Temp\avgnt.exe
C:\Users\******\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\******\AppData\Local\Temp\CreativeCloudSet-Up.exe
C:\Users\******\AppData\Local\Temp\dateinj01.dll
C:\Users\******\AppData\Local\Temp\drm_dialogs.dll
C:\Users\******\AppData\Local\Temp\drm_dyndata_7400008.dll
C:\Users\******\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\******\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\******\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\******\AppData\Local\Temp\mgxoschk.dll
C:\Users\******\AppData\Local\Temp\MgxVistaTools.dll
C:\Users\******\AppData\Local\Temp\npp.6.7.4.Installer.exe
C:\Users\******\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\******\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\******\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\******\AppData\Local\Temp\nvStInst.exe
C:\Users\******\AppData\Local\Temp\sdanircmdc.exe
C:\Users\******\AppData\Local\Temp\sdapskill.exe
C:\Users\******\AppData\Local\Temp\sdaspwn.exe
C:\Users\******\AppData\Local\Temp\SkypeSetup.exe
C:\Users\******\AppData\Local\Temp\tmd_34015596.exe
C:\Users\******\AppData\Local\Temp\unwise.exe
C:\Users\******\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\******\AppData\Local\Temp\xmlUpdater.exe
C:\Users\******\AppData\Local\Temp\_is3400.exe
C:\Users\******\AppData\Local\Temp\{98FE302D-7ADF-468E-BD7F-C22045491D76}.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-30 14:19

==================== End Of Log ============================
         
--- --- ---

--- --- ---



------
Das war's dann erstmal, ich hoffe da ist jetzt alles in Ordnung...

Grüße, Massenmensch

EDIT: Moment... Jetzt spuckt SecurityCheck doch was aus... Die Behauptung "Java not up to date" kann eigentlich nicht stimmen, hab gestern erst alles geupdatet...

~~~LOGS~~~
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.97  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Panda Free Antivirus   
Windows Defender       
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 40  
 Visual Studio Extensions for Windows Library for JavaScript 
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 	16.0.0.305  
 Adobe Reader XI  
 Google Chrome (41.0.2272.101) 
 Google Chrome (41.0.2272.89) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
------
keine Ahnung was da mein Fehler war...

Grüße, Massenmensch

Geändert von Massenmensch (25.03.2015 um 10:54 Uhr)

Alt 25.03.2015, 19:31   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8: Zwei Trojaner im selben Ordner, alles sicher? - Standard

Windows 8: Zwei Trojaner im selben Ordner, alles sicher?



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\$Recycle.Bin

C:\Backup\download\getapk.co.1.6.93.apk

C:\Program Files (x86)\Free Screen To Video\Helper.dll

C:\Program Files (x86)\Free Screen To Video\Uninstall.exe

C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe

C:\Program Files (x86)\pandasecuritytb\dtUser.exe

C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll

C:\Program Files (x86)\pandasecuritytb\pandasecuritytb.dll

C:\Users\******\AppData\Local\Temp\Dn9pnvxB.exe.part

C:\Users\******\AppData\Local\Temp\{98FE302D-7ADF-468E-BD7F-C22045491D76}.exe

C:\Users\******\AppData\Local\Temp\dlmCBCD.tmp\new_MVP_Downloader_Converter.exe

C:\Users\******\AppData\Local\Temp\DMR\dmr_72.exe

C:\Users\******\Downloads\-Vertretungsplan_9.2.apk

C:\Users\******\Downloads\HTML Editor Phase - CHIP-Installer.exe

C:\Users\******\Downloads\I8190XXAMA1_I8190OXAAMA1_4.1.2_rooted_by_infected_V2 - CHIP-Installer.exe

C:\Users\******\Downloads\ispd-Downloader (1).exe

C:\Users\******\Downloads\Odin3 - CHIP-Installer.exe

C:\Users\******\Downloads\Partition Wizard Home Edition - CHIP-Installer.exe

C:\Users\******\Downloads\Regin Scanner - CHIP-Installer.exe

C:\Users\******\Downloads\Setup-Loksim3D-2-9-1_CB-DL-Manager.exe

C:\Users\******\Downloads\TopStyle - CHIP-Installer.exe

C:\Users\******\Downloads\VirtualBox - CHIP-Installer.exe

C:\Users\******\Downloads\Visitenkarten in 2 Minuten - CHIP-Installer.exe
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Noch was zu lesen:

CHIP-Installer - was ist das? - Anleitungen





Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren .
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.03.2015, 22:24   #10
Massenmensch
 
Windows 8: Zwei Trojaner im selben Ordner, alles sicher? - Standard

Windows 8: Zwei Trojaner im selben Ordner, alles sicher?



So... Den Fix musste ich 2 mal laufen lassen, beim ersten mal habe ich vergessen, das ****** durch meinen Benutzernamen zu ersetzen ... Die Fehlermeldungen im folgenden Log wurden im vorherigen Fix schon beseitigt, den Log finde ich aber nicht mehr

~~~Fixlog~~~

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by ****** at 2015-03-25 20:41:55 Run:2
Running from C:\Users\******\Desktop
Loaded Profiles: ****** (Available profiles: ****** & Administrator & Gast)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\$Recycle.Bin

C:\Backup\download\getapk.co.1.6.93.apk

C:\Program Files (x86)\Free Screen To Video\Helper.dll

C:\Program Files (x86)\Free Screen To Video\Uninstall.exe

C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe

C:\Program Files (x86)\pandasecuritytb\dtUser.exe

C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll

C:\Program Files (x86)\pandasecuritytb\pandasecuritytb.dll

C:\Users\******\AppData\Local\Temp\Dn9pnvxB.exe.part

C:\Users\******\AppData\Local\Temp\{98FE302D-7ADF-468E-BD7F-C22045491D76}.exe

C:\Users\******\AppData\Local\Temp\dlmCBCD.tmp\new_MVP_Downloader_Converter.exe

C:\Users\******\AppData\Local\Temp\DMR\dmr_72.exe

C:\Users\******\Downloads\-Vertretungsplan_9.2.apk

C:\Users\******\Downloads\HTML Editor Phase - CHIP-Installer.exe

C:\Users\******\Downloads\I8190XXAMA1_I8190OXAAMA1_4.1.2_rooted_by_infected_V2 - CHIP-Installer.exe

C:\Users\******\Downloads\ispd-Downloader (1).exe

C:\Users\******\Downloads\Odin3 - CHIP-Installer.exe

C:\Users\******\Downloads\Partition Wizard Home Edition - CHIP-Installer.exe

C:\Users\******\Downloads\Regin Scanner - CHIP-Installer.exe

C:\Users\******\Downloads\Setup-Loksim3D-2-9-1_CB-DL-Manager.exe

C:\Users\******\Downloads\TopStyle - CHIP-Installer.exe

C:\Users\******\Downloads\VirtualBox - CHIP-Installer.exe

C:\Users\******\Downloads\Visitenkarten in 2 Minuten - CHIP-Installer.exe
Emptytemp:
*****************

C:\$Recycle.Bin => Moved successfully.
"C:\Backup\download\getapk.co.1.6.93.apk" => File/Directory not found.
"C:\Program Files (x86)\Free Screen To Video\Helper.dll" => File/Directory not found.
"C:\Program Files (x86)\Free Screen To Video\Uninstall.exe" => File/Directory not found.
"C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe" => File/Directory not found.
"C:\Program Files (x86)\pandasecuritytb\dtUser.exe" => File/Directory not found.
"C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll" => File/Directory not found.
"C:\Program Files (x86)\pandasecuritytb\pandasecuritytb.dll" => File/Directory not found.
"C:\Users\******\AppData\Local\Temp\Dn9pnvxB.exe.part" => File/Directory not found.
"C:\Users\******\AppData\Local\Temp\{98FE302D-7ADF-468E-BD7F-C22045491D76}.exe" => File/Directory not found.
"C:\Users\******\AppData\Local\Temp\dlmCBCD.tmp\new_MVP_Downloader_Converter.exe" => File/Directory not found.
"C:\Users\******\AppData\Local\Temp\DMR\dmr_72.exe" => File/Directory not found.
C:\Users\******\Downloads\-Vertretungsplan_9.2.apk => Moved successfully.
C:\Users\******\Downloads\HTML Editor Phase - CHIP-Installer.exe => Moved successfully.
C:\Users\******\Downloads\I8190XXAMA1_I8190OXAAMA1_4.1.2_rooted_by_infected_V2 - CHIP-Installer.exe => Moved successfully.
C:\Users\******\Downloads\ispd-Downloader (1).exe => Moved successfully.
C:\Users\******\Downloads\Odin3 - CHIP-Installer.exe => Moved successfully.
C:\Users\******\Downloads\Partition Wizard Home Edition - CHIP-Installer.exe => Moved successfully.
C:\Users\******\Downloads\Regin Scanner - CHIP-Installer.exe => Moved successfully.
C:\Users\******\Downloads\Setup-Loksim3D-2-9-1_CB-DL-Manager.exe => Moved successfully.
C:\Users\******\Downloads\TopStyle - CHIP-Installer.exe => Moved successfully.
C:\Users\******\Downloads\VirtualBox - CHIP-Installer.exe => Moved successfully.
C:\Users\******\Downloads\Visitenkarten in 2 Minuten - CHIP-Installer.exe => Moved successfully.
EmptyTemp: => Removed 35 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 20:42:22 ====
         
Alles sauber? Dann fange ich jetzt mal mit aufräumen an...

Es grüßt, Massenmensch

Alt 26.03.2015, 17:00   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8: Zwei Trojaner im selben Ordner, alles sicher? - Standard

Windows 8: Zwei Trojaner im selben Ordner, alles sicher?



jap
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 8: Zwei Trojaner im selben Ordner, alles sicher?
android/addisplay.appsgeyser.b, application/brutus.a, bluestacks, pup.optional.awesomehp.a, pup.optional.downloader, pup.optional.downloadsponsor, pup.optional.eguide, pup.optional.extutil.a, pup.optional.fastsearchings, pup.optional.flowsurf.a, pup.optional.managera.a, pup.optional.multiplug, pup.optional.qone8, pup.optional.remarkit.a, pup.optional.snapdo.a, pup.optional.snapdo.t, pup.optional.spigot.a, pup.optional.websearchinfo, pup.optional.youtubeadblocker.a, trj/ci.a, trj/genetic.gen, trojan.msil, win32/bundleloader.b, win32/cnetinstaller.b, win32/downloadguide.d, win64/systweak.a, windows10



Ähnliche Themen: Windows 8: Zwei Trojaner im selben Ordner, alles sicher?


  1. Saving Bull Filter - ich bin nicht sicher, ob ich schon alles losgeworden bin!
    Log-Analyse und Auswertung - 25.02.2014 (2)
  2. Windows 7: USB-Stick erstellt verknüpfungen zu jedem File/Ordner und versteckt die echten Files/Ordner
    Log-Analyse und Auswertung - 14.01.2014 (23)
  3. Firefox schlug wegen Spy und Adware Alarm Bin nicht sicher ob alles weg ist
    Plagegeister aller Art und deren Bekämpfung - 07.01.2014 (13)
  4. HILFE!!! Vor zwei Tagen einen GFU Trojaner auf Windows 8 sony vaio eingefangen. nichts geht mehr!!!
    Log-Analyse und Auswertung - 03.08.2013 (9)
  5. GVU Trojaner unter Windows 7 - nach Entfernen sicher gehen?
    Plagegeister aller Art und deren Bekämpfung - 27.02.2013 (15)
  6. BSI trojaner in windows7, zwei benutzerkonten ist kein reinkommen mehr c:\windows\virus.exe
    Log-Analyse und Auswertung - 24.01.2013 (1)
  7. GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab...
    Plagegeister aller Art und deren Bekämpfung - 22.12.2012 (17)
  8. svchost.exe zwei mal, komischer Ordner öffnet sich beim Start
    Plagegeister aller Art und deren Bekämpfung - 30.01.2012 (1)
  9. Problem mit TR/fakesysdef.b - nicht sicher ob alles beseitigt wurde
    Plagegeister aller Art und deren Bekämpfung - 02.02.2011 (2)
  10. System nach Malware Angriff neu aufgesetzt, jetzt alles sicher ?
    Plagegeister aller Art und deren Bekämpfung - 15.12.2010 (3)
  11. Antivir Meldung TR/PSW.LdPinch.L etc. - ist alles entfernt/wieder sicher?
    Plagegeister aller Art und deren Bekämpfung - 03.12.2010 (34)
  12. Setup.exe generiert sich immer in den selben Ordner zurück.
    Plagegeister aller Art und deren Bekämpfung - 23.07.2010 (5)
  13. Rootkit.Win32.TDSS und andere Trojaner desinfiziert, ist jetzt wieder alles sicher?
    Plagegeister aller Art und deren Bekämpfung - 14.06.2010 (1)
  14. Alles sicher?
    Log-Analyse und Auswertung - 26.01.2010 (1)
  15. Spyrware und Viren auf meinem PC - bin nicht sicher, ob ich nun alles entfernt habe.
    Plagegeister aller Art und deren Bekämpfung - 29.11.2009 (3)
  16. Logfile prüfen - bin mir nicht sicher ob alles ok ist?
    Log-Analyse und Auswertung - 06.08.2006 (3)
  17. Wie siehts jetzt mit meiner File aus? Bin nicht sicher ob alles bereinigt wurde
    Log-Analyse und Auswertung - 03.12.2005 (2)

Zum Thema Windows 8: Zwei Trojaner im selben Ordner, alles sicher? - Guten Abend, Nacht, wie auch immer! Also mein Problem: Ich bin mir nicht sicher, ob Panda meine Trojaner richtig entfernt hat. Es werden mir 2 Generic.gen und ein C.IA Trojaner - Windows 8: Zwei Trojaner im selben Ordner, alles sicher?...
Archiv
Du betrachtest: Windows 8: Zwei Trojaner im selben Ordner, alles sicher? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.